• I know this question has been posted numerous times, but I wanted to start one for myself since I am new to Pfsense.  We are running Pfsense v1.2.3 and we can no longer VPN into the office remotely.  I was going to check the web GUI settings and even do an upgrade, but wanted to do a backup of the config first.  Problem is the GUI does not load.  It doesn't matter if I use http, or https.  I have restarted the system and webconfigurator (from Pfsense console options 5 and 11).

    Can anyone offer suggestions on how I can resolve this.  I know I could probably just upgrade to a newer version, but I am hesitant to do that when I cannot get a backup.

    Any suggestions would be appreciated

  • I have looked at documentation, however, because I am new to Pfsense I am hoping someone who is familiar can give me a couple of ideas outside of what is documented

  • I'm a bit new here too, are you able to get any response from the pfSense box at a lower level than your browser?
    You are connecting from the LAN port?

    Substitute your system name or if that fails IP address in these commands:

    t310:~ # ping pfsense.home
    PING pfsense.home ( 56(84) bytes of data.
    64 bytes from pfsense.home ( icmp_seq=1 ttl=64 time=0.208 ms
    64 bytes from pfsense.home ( icmp_seq=2 ttl=64 time=0.175 ms
    64 bytes from pfsense.home ( icmp_seq=3 ttl=64 time=0.163 ms
    64 bytes from pfsense.home ( icmp_seq=4 ttl=64 time=0.243 ms
    t310:~ # wget pfsense.home
    --2013-03-02 18:51:52--  http://pfsense.home/
    Resolving pfsense.home (pfsense.home)...
    Connecting to pfsense.home (pfsense.home)||:80... connected.
    HTTP request sent, awaiting response... 301 Moved Permanently
    Location: https://pfsense.home/ [following]
    --2013-03-02 18:51:52--  https://pfsense.home/
    Connecting to pfsense.home (pfsense.home)||:443... connected.
    ERROR: cannot verify pfsense.home's certificate, issued by `/C=US/ST=Arizona/L=Gilbert/O=stanmiller-inf/emailAddress=ca@stanmiller.inf/CN=internal-ca':
      Self-signed certificate encountered.
        ERROR: certificate common name `pfsense-internal-cert' doesn't match requested host name `pfsense.home'.
    To connect to pfsense.home insecurely, use `--no-check-certificate'.

  • Yea, I can ping the gateway no problem.  Any idea the commands to run a backup of the config from the Pfsense Console to USB drive?

  • I just tried sticking a USB stick into my much newer pfSense box and it wasn't auto-mounted, I don't know enough to go poking beyond that.

    You could try scp (secure file copy) and see if that works for you: (don't overlook the . at the end of the scp command or use a local directory)

    stan@t3400-1:~> ls
    bin  Desktop  Documents
    stan@t3400-1:~> scp root@pfsense.home:/conf/config.xml .
    config.xml                                                                                                                                100%   33KB  32.8KB/s   00:00 
    stan@t3400-1:~> ls
    bin  config.xml  Desktop  Documents

  • Thanks.  Is it also possible to connect with an application like winscp to the pfSense node and copy the XML from there?  I am curious if the web GUI is setup with a custom port (other than 80 or 443) and maybe that is why it is not loading.  I can ping the default gateway from the LAN with no issues and the firewall itself seems to be running fine.  If I could get a copy of the XML I could open it and view the webGUI settings.

  • I've seen mention of folks using Windows programs to do file transfers so you might search here and see if they have posted what you need. I don't do Windows since I retired so I'm no help there.

    Unless they changed something pfSense is just using 80 and 443 as you can see in the wget clip above and snip here:

    Connecting to pfsense.home (pfsense.home)||:80... connected.
    Connecting to pfsense.home (pfsense.home)||:443... connected.

    You can of course look at the config file from the pfSense console, escape to shell (option 8) and enter:

    less /conf/config.xml

  • Guys,

    Thanks for the help on this.  The problem was indeed due to a custom port setup for https access.  I was able to login via Shell  and open config.xml to confirm the port.  Web GUI loading fine once the custom report is specified in the browser