Cannot login to pfsense

wintok

Hello there.

My pfsense (XG-7100) is running perfectly fine until today, when I was adding my fourth Internet connection. I did exactly same steps as I did with my other 3 Internet connections There were no issues with 3 ISP connections for almost 2 weeks now. The DHCP stop working and the whole network shut down. I connect to pfsense through console and managed restore my previous backup config (pfsense did automatically backup configuration) the network was back online again but I noticed that I could not login to pfsense GUI. I was stuck on pfsense login . see below

Appreciate assistance

Gertjan

That browser message is the same one as the one you saw when you logged in the first time over https://
pfSense creates a self signed certificate when it's installed.
pfSense (Or Netgate for that matter) isn't known to you browser as a known certificate authority. So your browser won't trust the certificate. Which is a good thing.
You have to override it by clicking "I Understand ..." as you can see in the URL bar that there is the
htttps://192.168.1.1 which is your pfSense local device. It's would be better if you could/should trusted your own firewall router pfSense ;)

Btw : See tip 2 here : https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
If you have a domain name, and your registrar is supports by acme, you could put in place a certificate that is signed by a trusted authority.

Btw : this "browser error page" is one of the most know browser messages on the planet. Strange that you didn't understand why it's showing, as it is part of the basics of what's behind https.
Ordinary users are "allowed" to ask questions at this point, as it's meant be be a warning.
You, as a pfSense admin, should know already why it shows.
So, do something about the "I understand .." : see the Netgate pfSense videos on Youtube. I'm pretty sure the one of the 'initial videos' shows the same message with a good explanation - and what to do / why to do.

wintok

@gertjan
Thank you very much for your reply. Clicking "I understand ….. " was what I always did and would take me to enter my username and password on pfsense (xg-7100). But today it would not allow me to. It stuck on that page as I mentioned after trying to add the fourth Internet connection to my pfsense.

Gertjan

@wintok said in Cannot to pfsense:

But today it would not allow me to.

Use a browser that works. Firefox, for example, would do the job. It will warn, and you can override.

wintok

@gertjan
I've tried your suggestion and still no success. I even tried to restore from another backup config that pfsense automatically did backup on 22/1/21 and rebooted pfsense with no success. My last resort would be to reset to factory defaults but I will probably do this on week-ends in the evening when no one is using the network. But since I can still access pfsense from putty is there another way to undo the changes I did on the 25/1/21 ?

stephenw10

What certificate error is firefox showing? Why can you not just accept it and connect?

You can roll-back changes from the console menu if required. Abount the only thing you could have done to generate that error is set the webgui to use a different certificate. Perhaps one that is wholly unsuitable for a webserver so it cannot be accepted.

Steve

wintok

@stephenw10
Hi Steve

Appreciate your response.

When I clicked " I understand the risk ….." it just would not go any further .. I was on stuck on that page.

I would appreciate if you can show me how to roll back changes via ssh

stephenw10

Looks like you have some security software helpfully blocking your access. That's not Firefox showing that.

Steve

Gertjan

@wintok

Your problem is here :

wintok

@stephenw10

You're right Steve. I loaded Manjaro
in VirtualBox and successfully login to pfsense GUI. Glad I'm back.

Back to my physical machine I temporary disabled Kaspersky security network and login successfully.

One thing I did not understand why this did not happen before ? I installed Kaspersky several months ago and no issues login to pfsense. This just happened yesterday.

Thank you very much time to assist. Appreciate

stephenw10

Kaspersky update I would guess. Seems broken though if you can't agree to accept the self-signed cert and continue.

wintok

@gertjan
Thank you very much that spotted the problem and my problem is now solved.

I cannot thank you enough for your time to look into my issue.

I just have to find why this did not happened before while kaspersky was installed

wintok

@stephenw10

I have now enabled Kaspersky Security Network and it seemed to have no issue login to pfsense

Thanks again