pfSense - Default gateway issue after changing WAN IP address.

Again and again I hit this annoying issue with default gateway and changing WAN IP on pfSense 2.2.4. At a glance it looks like a bug, but it’s not - NO kidding! After changing WAN IP make sure you clean old default gateway(s) in “System” > “Routing” > “Gateways” tab.

pfSense - How to download a file from pfSense box. [SOLVED]

It’s pretty simple things, but I got stuck at my first attempt. I usually use WinSCP to upload/download files to/from UNIX like boxes, and I tried to use the same approach with pfSense and got failed during login process.

The solution is - You have to use root/pfsense instead of admin/pfsense. That’s it!

pfSense - iperf package.

That is pretty good to have a tiny linux box on remote location to perform bandwidth test and pfSense does provide that possibility. There’s a package called “Iperf” is available for pfSense - https://doc.pfsense.org/index.php/Iperf_package. Based on this info it’s fully supportable by pfSense support team, but not sure. Anyways it does work from the box on pfSense 2.2.4-RELEASE (amd64).

[2.2.4-RELEASE][root@pfSense.localdomain]/root: perf -v
iperf version 2.0.5 (08 Jul 2010) pthreads
[2.2.4-RELEASE][root@pfSense.localdomain]/root:

One thing needs to be done if you’d like to connect to WAN interface - Firewall Rule to allow incoming TCP/5001 traffic (default port for iperf).

pfSense - WebGUI stopped working after applying “wrong” SSL certificate. [SOLVED]

This day I got stuck AGAIN with pfSense after applying SSL certificate for WebGUI. It stopped working AGAIN. Boot logs collected via Console connection looked like this:

Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...failed!
Configuring CRON...done.
Starting DNS Resolver...done.
Starting NTP time client...done.

SSH connection worked, so it’s possible to see what’s wrong wit webConfigurator:

clog -f /var/log/system.log

Aug 25 12:25:27 pfSense-01 php-fpm[40798]: /system_advanced_admin.php: webConfigurator configuration has changed. Restarting webConfigurator.
Aug 25 12:25:27 pfSense-01 check_reload_status: webConfigurator restart in progress
Aug 25 12:25:29 pfSense-01 php-fpm[41498]: /rc.restart_webgui: The command '/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf' returned exit code '255', the output was '2015-08-25 12:25:29: (network.c.609) SSL: Private key does not match the certificate public key, reason: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch /var/etc/cert.pem'

To solve the problem remotely you have to change (change to the same) IP address on LAN interface using “Set interface(s) IP address” menu option AND enable HTTP when wizard will ask you. Then temporarily disable firewall on WAN interface (if you connected via WAN interface):

pfctl -d

Then log in to WebGUI using HTTP, delete bad certificate, switch pfSense back to HTTPS.

pfSense - Potential DNS Rebind attack detected. [SOLVED]

I tried to get access to WebGUI of pfSense using hostname in URL like this http://pfSense.example.com. The system response was:

Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
Try accessing the router by IP address instead of by hostname.

That’s fine to use IP address, but I was needed to test SSL certificate, so it wasn’t an option. I had no choice, but disable “DNS Rebind Check” feature under “System” > “Advanced” menu.

After that system response changed to:

An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://pfSense.example.com/index.php). You can disable this check if needed in System -> Advanced -> Admin.

To skip that you have to Disable “HTTP_REFERER enforcement check” under “System” > “Advanced”.

After that WebGUI should work.

Admin area