WebGUI page - no response / unable to configure pfSense
-
@patient0, thank you so much for your help today! I asked my ISP and they told me I can use any modem, they won't provide one, so I will have to research. If you have any recommendations for brands/types, those are welcome.
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
I asked my ISP and they told me I can use any modem
What kind of modem you need? ADSL or VDSL or something else, what is the ISP & Country?
-
I did some googling around...I am not sure regarding VDSL/ADSL but since I have a fiber optic provider (BT, UK), then it seems I need GPON ONT modem or something like that? Basically to be compatible with the fiber network. There is just an ethernet cable coming out of the wall, no coaxial cables.
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
I have a fiber optic provider (BT, UK), then it seems I need GPON ONT modem
I see, I never worked with GPON ONT and can't give any recommendations (it is fiber, ADSL/VDSL is used with copper lines).
-
Noted. Going back to the webGUI access, I went to Systems -> Admin and chose https access, then the site kicked me out saying it was applying the new protocol. However, when I tried to log back on, the address still uses the http not https. With https, it does not load up anything. How can I enable the https?
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
With https, it does not load up anything. How can I enable the https?
You did it correct way it seems, with an unexpected result.
Edit: typo -> "expected" should being "unexpected"
If you go to System / Advanced / Admin Access, does it look like the below?
.What version of pfSense have you installed, btw? 2.7.2?
-
Thank you. Yes, version 2.7.2.
My screen is like your screenshot, except under Protocol it says: "No Certificates have been defined. A certificate is required before SSL/TSL can be enabled. Create or Import a Certificate".
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
My screen is like your screenshot, except under Protocol it says: "No Certificates have been defined. A certificate is required before SSL/TSL can be enabled. Create or Import a Certificate".
Is there a certificate you can select in the 'SSL/TLS Certificate' drop-down list? If yes, select it and switch the protocol to HTTPS.
It's unlucky that the settings page accepts switching to https without having selected a certificate. I'll check tomorrow if that is still an issue on 2.8.0-BETA. And if yes if there is an existing bug report for it.It automatically selected the one available cert, GUI default. Is that true for you too? -
You saw this ;
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
My screen is like your screenshot, except under Protocol it says: "No Certificates have been defined. A certificate is required before SSL/TSL can be enabled. Create or Import a Certificate".
and I presume that you installed pfSense a couple of day ago :
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
I got a Protectli Vault, on which I installed pfSense.
One of the things that happens when you install : a cert like :
is created so you can use it for the https access.
Its a self signed certificate, which means it isn't signed by the big "trusted" (by your browser) companies, so your browser should through a message on the screen that it can't trust the cert. Just tell it to go ahead and accept.If there are no certificates listed here :
then that's a real issue / not normal.
Some one deleted something ^^
That said, you can create a new one with the click of a mouse button. -
I now had a chance to check.
There is a certificate in the dropdown list and it was already selected when I initially switched to HTTPS. I believe this is the self-generated default certificate.
I also see that same certificate in System - > Certificates. It is valid, and it also reads "CA: No" & "Server: Yes"
-
@Gertjan The self-generated certificate is there (in "Certificates"). It says: "CA: No" & "Server: Yes" & "In Use: webConfigurator"
The same certificate is also in the dropdown menu in Systems->Advanced and the HTTPS box is selected. I am still not able to access the webGUI via https though...
-
Time to use the most important interface on your pfSense : the console.
This could be a serial connection, or if you have a VGA/HDMI interface, use that (and a usb keyboard)
You'll see the menu, selection 8)Use this command :
ps aux | grep '\/nginx'What did you see ?
sockstat -4 | grep 'nginx'What did you see ?
-
@Gertjan hey, thanks for following up and sorry for the delayed response. First typed the ps aux command and I see writings about two roots: "root 12345 Is ...." & "root 3456 v0 S+....."
Then I typed the sockstat -4 command but it did not bring up anything.
Please let me know what I should do next? Or if there is helpful read for me to do?
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
ps aux command and I see writings about two roots: "root 12345 Is ...." & "root 3456 v0 S+....."
Like this :
[25.03-BETA][root@pfSense.bhf.tld]/root: ps aux | grep '\/nginx' root 85586 0.0 0.3 32960 10756 - Is Mon03 0:00.00 nginx: master process /usr/local/sbin/nginx root 86898 0.0 0.3 32960 10656 - Is Mon03 0:00.00 nginx: master process /usr/local/sbin/nginx root 88506 0.0 0.3 43200 10828 - Is Mon03 0:00.00 nginx: master process /usr/local/sbin/nginx root 83606 0.0 0.1 14076 2692 0 S+ 07:54 0:00.00 grep \\/nginI've 3 nginx processes, as I'm also using the captive portal, which is also a web server serving a web page, the login page.
Default, the GUI of pfSense uses itself two nginx processes.
So, for me, that make 3. You should see two lines like this.@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
Then I typed the sockstat -4 command but it did not bring up anythin
Impossible.
"sockstat -4 " by itself lists dozens of lines.
sockstat -4 | grep 'nginx' :[25.03-BETA][root@pfSense.bhf.tld]/root: sockstat -4 | grep 'nginx' ..... root nginx 85884 5 tcp4 *:443 *:* root nginx 85884 10 tcp4 *:80 *:* root nginx 85586 5 tcp4 *:443 *:* root nginx 85586 10 tcp4 *:80 *:*this shows the two pfSEnse GUI processes listing to the web server default ports, the very known "808" for http and 443 for https.
If these line don't show up : don't look any further : if the web server isn't using these ports, then it can do it's job : serve the GUI, which exactly matches your issue : "no reponse".Why ? I can't tell. Give us the details, and we'll try to give the answers.
-
@Gertjan thank you.
I went to the console again and this time I typed first the sockstat command, and this time it did bring up something. It looks exactly like your screenshot, except that I see 6 roots. Not sure if it makes a difference but my numbers are in the 6000s range, and instead of 5 and 10, I get 5 and 7. The tcp4 and the *443 and *80 are just like in your screenshot.
As to the ps aux command, I have only 2 nginx processes and what shows up is like in your screenshot, except I get for the for the first one (the - Is):
0:00.00 ngninx: master process /usr/local/sbin/nginx -c/var/etc/nginx-w
For the S+, the text is exactly like in your screenshot.
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
I went to the console again and this time I typed first the sockstat command, and this time it did bring up something. It looks exactly like your screenshot, except that I see 6 roots. Not sure if it makes a difference but my numbers are in the 6000s range, and instead of 5 and 10, I get 5 and 7. The tcp4 and the *443 and *80 are just like in your screenshot.
The process ID numbers, also called PIDs are random, something between 2 and 65535. That's ok.
The good news is : the GUI web server is listeing on the http and http ports. So, that's not the issue.
Now, next question : what is/are the firewall rules on the LAN interface ?
When you install pfSense, there is one pas-all rule, so any device connected on LAN can access the pfSense GUI.Use option 4 on the console menu, this will reset everything and the pfSense GUI access will work for sure.
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
As to the ps aux command, I have only 2 nginx processes
I have use also the captive portal that needs a web server (nginx) process. That's why I have 3 of them.
-
@Gertjan, thanks. Option 4 is a factory reset, right? Will that also reset absolutely everything, including the IP address for the WebGUI access I had to set up, admin access passwords etc? I have not played with any firewall rules and setting yet (only tried to set up Quad9 for the DNS settings).
My Protectli Vault is not connected to anything and I have not incorporated it my network yet (still struggling to put my router in Bridge Mode...and dealing with my ISP).
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
Will that also reset absolutely everything, including the IP address for the WebGUI access
Not only the network "IP" assignment, but also the list with known NICs, which means that the initial setup has to be done using the 'serial' console access.
( Or USB keyboard and HDMI screen, if that's your boot option )Normally, after assigning the interfaces 'WAN' and 'LAN', you should keep for WAN the dhcp (client) and assign a static IP for your LAN, which, in your case, can't be 192.168.1.1/24 as this one is already used by your upstream ISP router.
So, chose, for example 192.168.10.1/24
The LAN DHCP server has to set set up with a DHCP pool like 192.168.10.2 (start) to 192.168.10.50 (end) mask 24 or "255.255.255.0".
And done.Btw : if possible, change your ISP's router LAN setup, and change it's LAN 192.168.1.1/24 and DHCP server seting, set it up to use, for example 192.168.50.1/24 and change the DHCP accordingly.
From that point on, you can keep pfSense 100 % with the default settings with only one exception :
The password.** so it will always work.
-
@Gertjan Is not there any other way/step to fix the https issue? It sounds like the factory reset will bring me to square one and it was already such a challenge to even set things up to this point....as you can probably tell, I am a complete beginner...
I could be wrong but if I try to create a new static LAN address and this time choose 'Yes' for https (instead of 'No' as I did initially), would that be an alternative? Or learn how to create and import a self-signed certificate?
-
@newbieuser1 said in WebGUI page - no response / unable to configure pfSense:
Is not there any other way/step to fix the https issue? It sounds like the factory reset will bring me to square one and it was already such a challenge to even set things up to this point....as you can probably tell, I am a complete beginner...
If the "http" access works, but not the "https" access, then there is a solution, its documented in the pfSense documentation.
There is a console menu option for that (afaik).If, after a GUI setting change, the GUI becomes inaccessible : no panic, there is a console menu option that lets you pick the config file you had just before the GUI edit. This will undo what you did, and you have the GUI access back again.
And I know, all these options, you want to try and use the all. But there is a major 'but' : in case of emergency, when the drive fails, and you have to re install, and you 'forgot' to make a recent backup, you have to rebuld 'from scratch' anyway. That's why you should keep it simple (KIS).
Btw : Have a look here : /cf/conf/backup : you'll find the latest 100 config files.
Accessing pfSense over http isn't really an issue, as traffic flows over your own network, and doesn't contain private info, neither mail or credit card info ^^