Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GUI not accessible and/or slow when missing WAN

    webGUI
    1
    1
    125
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fireix
      last edited by fireix

      I have had a situation where I needed to understand how pfSense's worked to avoid downtime, so I setup a local powerful fullblown server to test with my backup from the data center. Before doing the backup, I made sure to setup a fw rule that allowed all web (80/https) traffic on the interface I would use to connect locally from.

      I could ping that interface, but still no web-GUI. This happened over and over. I still have no clue why this happens. I thought that just having a computer - with an IP in same range - connect it to the port and that would be it. I would be on the LAN. I could actually ping the laptop without problems and I could ping the pfSense. But no web GUI. When I disconnected cable, ping stopped from both sides. So no issue with wrong port.

      I finally managed to set up a new dedicated interface I didn't use, new range, put on DHCP setting for it and at least now I managed to get into the GUI. But it took like 10-20 minutes for every page load. It seemed to help to type pfctr -d.. I found out it is probably because the backup-script tries to connect to upload config changes and also since I have many pfBlocker rules (like I have country-only-list), it tries to refresh all aliases I assume. I saw this because there were 100 or even 1000 errors in the notification box about not beeing able to do something with the alias-list. Isn't it supposed to just do that once a while, not on every page load? I was in a situation where I needed to work fast to change the config and here I spent hours waiting for timeout in pfSense so that the GUI would let me continue. I worked with the WAN-port disconnected because I didn't want to disturb traffic (I had second unit up running, but this one disconnected). Is there anyway to disable all this online requirement?

      All I planned to do was to change bridge to LACP LAG. It takes like 2-3 minute on a fresh pfSense install, here it took maybe 2 hours just to all the steps around disabling the interfaces and setting up the LAG. Just because it wanted that online connection I couldn't give it.

      Now everything is working 100%, as it has online connection and the LAG is up. But that was painful and it happened both at my home test unit and in the data center (different hardware).

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.