Web interface unresponsive



  • I have installed the latest 2.x version, single core i386 (P4 2.4 ghz) 2 gigs of ram and a 40 gig hard drive.  The system runs fine for between 2 and 6 hours.  I can access the web interface, then, randomly, I click on something and the web interface stops responding.  Has anyone else seen this?  The system still passes traffic as normal, but if I try to restart the web interface from the console, the console is frozen as well.

    I let it set for about 2 hours after I hit the restart web configurator menu choice, but it was still frozen.  If I hard reset it, it will come up and run fsck and then start and run normal again.  I have looked all through the logs but find nothing relating to a hardware failure or interface issues.


  • Rebel Alliance Developer Netgate

    We have had some very rare reports that certain hardware will flake out like that while watching the traffic graph like that.

    Next time it happens, try this:

    killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui
    


  • We also have this in 2.0.1 i386 on a HP DL380 G4 8GB ram 2x3.4GHz. Haven't found the pattern yet, but webGUI hangs more and more and finally becomes useless. Fine again after kill/restart for a while…



  • Just some thoughts: In many cases the WebConfigurator Lockout Rules get in the way, especially for repeated inquiries to the firewall over the WAN interface.

    So, are you trying to do this over the WAN interface or the LAN interface?

    If LAN, do you have your WebConfigurator Anti-Lockout option UNchecked in System -> Advanced?
    If LAN, can you access the console via the console itself, or via SSH?

    If WAN, you might try this, which just fixed the issues for me:

    The unresponsive web interface for the backup turned out to be the WebConfigurator Lockout rule getting in my way.
    I found this by access the WebGUI on the LAN and going to Status -> System Logs -> Firewall.
    I looked at the blocked log entry coming from my source IP to the firewall's destination IP.
    I click on the Red Block symbol on the left, and it tells you what rule blocked it (@12: WebConfigurator Lockout Rule, in my case).

    To solve the issue, I removed all of my allow rules from the NAT and Rules tables allowing my external IP in to this firewall, and then I rebooted the firewall under Diagnostics -> Reboot -> Yes.

    Once the firewall rebooted, I went into the rules table, created a new rule:
    Protocol: TCP
    Source: {MyExternalSourceIP} (I used an alias)
    SourcePort: Any
    Destination: WAN Address
    DestinationPort: {MyAdminPort}
    Gateway: Any
    Queue: None
    Schedule: None

    And voila, I can access the firewall Admin port again from my remote office.

    Good luck, and I hope this helps!



  • @anomaly0617 Using LAN interface,  Disable webConfigurator anti-lockout rule UNchecked. Not the same problem as you I think. This is more of a UI bug that slows the UI down. If I wait for 1-2 minutes I get a response back. Next request can be fast, and then wait antoher minute for the next. No understandable pattern. Load on the server i LOW.



  • Same problem with amd64 version on amd opteron server with 6 intel network cards igb. With 32 bit version of pfsense - no problems. What kind of network driver you have? (em, igb?). I think its network driver problem for 8.1 freebsd 64+igb.



  • see if u hv incorrect settings on the ldap auth.
    I got mine fixed after removing the inactive ldap server entries from the user auth. setting.



  • Same thing here on 2.0.1-RELEASE-pfSense (amd64) on Dell R610 with:
    4 Intel and 4 Broadcom NIC (on 2 X E5620 and 8GB RAM). When the GUI became unresponsive, the SSH daemon answer and the connection gets stuck after entering the password or immediately logs me out.
    Very frustrating as it happens randomly in a time frame between 5mn to 20mn and I'm trying to create a huge amount of rules for router/firewall migration

    Edit: putting the nic in promiscuous mode dont help

    Edit2: The recover time is also random (2mn to TimeOut)

    Edit3: nothing is suspect in the logs, at least those in /var/log



  • hi
    We've got the same here, with 2.0.1 amd64 / intel gigabit + intel quad port gigabit nics (all em driver)
    In the cases, all services seems OK but webinterface no

    The jimp's workaround work, but it's a quite frustrating issue



  • Hi,

    I had the same problem with 4 bce and 2 em interfaces on HP DL380 G7 server. I also had boot messages about em interfaces like;

    em0 Could not setup receive structures
    

    I fixed that issue after some workaround.

    With my installation /boot/loader.conf file comes with that line;

    kern.ipc.nmbclusters="0"
    

    I replaced that 0 with 655356 and issue solved…

    You can get more information about that parameter and use proper value for your system.



  • I have the same issue and I can't make changes using the GUI because it's so unresponsive. I generally get a login prompt after a long wait when trying to connect but when I put in my username and password it usually comes back with a 503 - Service Not Available error. I'm a Linux newbie (but a CCNA so I know my way around a network) so I don't have a clue how to make the changes recommended in this thread by editing the config files. Any help would be greatly appreciated. I'm running a Dell T110 server with 500GB disk drive. I have three LANs along with the WAN all using the Dell bce ports on the two installed NIC cards.



  • Hello people,
    same problem here: 2.0.2, AMD 64 on a Della 2950 server 1 Opteron dual core CPU, 8 GB ram, 2 broadcom + 4 intel Eth Adapter.
    I'm running Squid a revrse proxy, multiple OPENVPN tunnels, FreeRADIUS 2, IPSEC VPN as server.
    Bye

    A.T.



  • @computermad:

    see if u hv incorrect settings on the ldap auth.
    I got mine fixed after removing the inactive ldap server entries from the user auth. setting.

    Also happens when there is DNS resolving issues with the LDAP(s) server(s) FQDN :

    Sep 12 14:27:39 pfsense php: /status_services.php: ERROR! ldap_get_groups() could not bind to server MyCompany. : Can't contact LDAP server

    One advice is to set an IP address in "Authentication Servers" config page (or to have complete faith into it's DNS server to respond).


  • Rebel Alliance Developer Netgate

    @CDuv:

    One advice is to set an IP address in "Authentication Servers" config page (or to have complete faith into it's DNS server to respond).

    That would work with plain LDAP, but with LDAP+SSL, a hostname is required (and it must match the hostname of the LDAP server's certificate CN also)



  • Thought I bring this old post up as it happens still with 2.2.5 i386. After initial start the system runs just fine for weeks/a few month. Traffic is still going as supposed. Happened a lot lately and I fixed every time with a "cold start". Now I know a smoother way.

    I was used to have the system running without a keyboard. Wanted to edit some rules and no response. Searched and found this thread. Attached a keyboard, and entered from jimp mentioned commands into the shell.

    killall -9 php
    killall -9 lighttpd
    /etc/rc.restart_webgui
    

    or just enter Option 11 (Restart webconfigurator)

    Problem solved.  :D
    Guess have to keep the keyboard attached now.  :(



  • Still seems an issue with 2.3.2-RELEASE (amd64)
    built on Tue Jul 19 12:44:43 CDT 2016
    FreeBSD 10.3-RELEASE-p3
    Webgui not really responsive, I can wait up to 1min just to get the login screen and then things work.
    Hardware APU or AMD G-T40E Processor



  • I'm not sure if this is related to your issue but I was having trouble with php-fpm / web console crashes a few weeks back while running on 2.3.2, I also read somewhere that people on 2.3.1 were having similar problems.

    If you're using them, try removing the IPSec and/or OpenVPN widgets from the web console home page.

    I don't know which widget was causing the problem for me but I haven't had any issues for almost 3 weeks now, previously was having an incident (web console crashing and dial in OpenVPN connections breaking and 1 incident of IPSec VPN becoming unresponsive) weekly.



  • I only have the following widgets:
    System Information, Interfaces, Services Status, NTP Status, Installed packages, Thermal Sensors
    For now I removed Installed packages
    will see if there is any improvment on the next logon



  • @hollister:

    I only have the following widgets:
    System Information, Interfaces, Services Status, NTP Status, Installed packages, Thermal Sensors
    For now I removed Installed packages
    will see if there is any improvment on the next logon

    If you are using a PC engines board disable hardware TCP Seg and large receive offloading and see if this helps. I noticed a huge difference.



  • This morning the web GUI wouldn't load. I'm running 2.3.2. Tried it in IE & Chrome on 2 computers in different subnets with same result. Tried using IP address & FQDN, same result. I got a warning about an invalid https certificate, which I shouldn't & don't usually get, and when I told the browser to proceed anyway it just sat trying to load. There were no messages on the console since when I successfully logged in yesterday.

    Console options 16, then 11 fixed it.


Log in to reply