lighttpd[]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted
-
Hi,
I run multiple pfsense(vms) at every remote sites we have, mainly for tunneling and as a gateway. Always been a bliss to work with, never really had any problems. I consider myself quite familiar with pfsense and networking.
But for awhile at our latest site, everytime I save a setting in the WebGUI. The WebGUi gets unresponsive for 10-40seconds. When I look at the system logs I see this.
May 3 09:48:40 pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted
May 3 09:48:40 pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted
May 3 09:48:41 pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted
May 3 09:48:41 pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permittedWe are using the pfSense 2.0.3 OVA deploy in VMware, so it shouldnt be a hardware problem. I even tried reinstalling it on different host but everytime I get the same unresponsive web interface. Our other sites with pfSense works fine. We had this problem in 2.0.2 too.
The thing is, I just tried to do a new install with no settings except WAN IP/GW and if I save something (e.g. firewall rule). My log gets flooded with "pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted".
I have no more ideas how to debug this, been trying for two weeks. And I am wondering is this a bug/problem in the OVA deploy? To be honest I cant remember if I used .ova or did a clean installs at my other sites :)
Any ideas?
Thank you.
-
If it happens when you save, it probably means that your gateway is down (Check Status > Gateways) or non-responsive and the states get killed when you trigger a filter reload, which makes lighty fail to send packets (because the state is gone).
Either fix the gateway monitor IP, or disable state killing for down gateways under System > Advanced on the Miscellaneous tab.
-
Golden!
Indeed the gateway is working but somehow always offline in Status Gateway tab. I assume uplink provider blocks out pings.
But after disable state killing, it works for the time being until I fixed the gateway check.
Thank you very much for your time, make much more sense now! Really like PFsense.