Project

General

Profile

Actions

Bug #6376

closed

Settings can't be saved

Added by Sags Sags over 6 years ago. Updated over 6 years ago.

Status:
Not a Bug
Priority:
High
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
05/20/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

When configuration has to be updated using web gui, nothing is saved.

Actions #1

Updated by Anonymous over 6 years ago

  • Status changed from New to Feedback
  • Assignee set to Sags Sags
  • Priority changed from Urgent to Low

This is not reproducible and there are no other report of this from the field, which of course there would be were it a problem with pfSense.

Suggest you try a different browser, look in the pfSense logs for any error messages or make a new, clean installation.

Actions #2

Updated by Yasin Is over 6 years ago

Same Problem here.
i just added new ethernet-interfaces in vmware and tried to configure them.

GUI did not save the changes!
changes via commandline are working.

Please change this back to urgent.

EDIT:
Just checked the System-Logs for this - telling send() failed!
Tried Browsers: IE11 and Firefox 46.0.1

Actions #3

Updated by Anonymous over 6 years ago

  • Priority changed from Low to High
Actions #4

Updated by Yasin Is over 6 years ago

Thank you Steve.

Problem occured after updating from 2.3u1 --> 2.3.1
May this is important to now. if i can do some debugs for you guys, just tell what is interesting for you.

Actions #5

Updated by Sags Sags over 6 years ago

Thank you Steve and Yasin ls for feedback.
Same thing here: Problem occured after updating from 2.3u1 --> 2.3.1

Actions #6

Updated by Ph. T over 6 years ago

Same issue here:
- Basically the apply-settings does not appear.
Started from a clean install and imported parts
of the configuration. It seems to be connected with adding the rules.
- After importing firewall-Rules the editing of rules breaks.
- also: adding widgets is not possible in dashboard.

Actions #7

Updated by Jim Pingle over 6 years ago

Was the old configuration you restored from 2.3.x? You cannot restore parts of an older configuration to a new system, it must be restored whole. You can only restore parts if the configuration came from the same version, otherwise upgrade code cannot run to upgrade the format when parts change, which can lead to unpredictable behavior.

Actions #8

Updated by Yasin Is over 6 years ago

just did some more tests...

i have 2 environments
a) VMware vSphere 6: Update from pfSense 2.3u1 --> 2.3.1 without problems

b) VMware vSphere 5.1:Update caused Problems.

both are amd64 architecture - until now no more similar parts..

Actions #9

Updated by Jim Pingle over 6 years ago

That's not a good test. FreeBSD 10.x is not supported on ESX 5.1, only 5.5U3 or later. See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software (pick FreeBSD 10 for the OS Family Name). So behavior on anything less than 5.5U3 is undefined/unpredictable.

Actions #10

Updated by Yasin Is over 6 years ago

Jim Pingle wrote:

That's not a good test. FreeBSD 10.x is not supported on ESX 5.1, only 5.5U3 or later. See http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software (pick FreeBSD 10 for the OS Family Name). So behavior on anything less than 5.5U3 is undefined/unpredictable.

May this is going to be the problem? ;-)
the misfunctional one is @VMware 5.1... could sb. join this?

Actions #11

Updated by Ph. T over 6 years ago

HA-Pair, i restored parts of configuration from the active system (2.3. -> 2.3.0_1 -> 2.3.1) which does no longer allow changes of the rules. (e.g. Aliases)

Actions #12

Updated by Sags Sags over 6 years ago

I think the problem is not comming from VM, I am using two physical servers with two different hardware (amd 64 both)
After upgrade (2.3u1 to 2.3.1) both had the same issue

Actions #13

Updated by Ph. T over 6 years ago

I found out, that i can trigger problem if i
import the system section of the active system.
- importing aliases (no effect) (cfg: 1)
- importing rules (no effect) (cfg: 2)
- importing system (+reboot) (breaks) (cfg: 3)

If i go back to cfg2, rule changing and aliases changing works fine again.

Actions #14

Updated by Jim Pingle over 6 years ago

What is different in the system section between those two configuration files? Can you provide us with both system sections (or at least a diff) to see if we can replicate? I still can't replicate any problem here.

Actions #15

Updated by Santiago Clavijo over 6 years ago

After upgrade pfsense amd64 2.3u1 to 2.3.1. I have the same problem, I using ESXI 5.5U3. For example the rules don't save.

Actions #16

Updated by Sags Sags over 6 years ago

My configuration (hope it help):

Two pfsense on physical hardware (master and backup using HA)
(since version 2.3.0, pfsync make a kernel panic on backup for me, not bug #4310, got no limiter)
If pfsync is disabled, CARP working well (backup become master if needed, but no data replication)

I tried a fresh new install (2.3.1) on my backup pfsense.
After a configuration restore (all) from xml file(with all network cable unpluged and directly plugged to LAN interface with my laptop), all was working well (saving too).
After plug the differents network cables and put backup on production (see CARP status in BACKUP instead of INIT), it has been impossible to save anything.

Since 2.3.0 I have many bug with HA (xmlrpc/pfsync). I don't know if there is a link but maybe it can help.

Actions #17

Updated by Jim Pingle over 6 years ago

  • Assignee deleted (Sags Sags)

Please do not mix and mention other bugs on this ticket, as they are unlikely to be relevant.

The only way I could see it failing is if:
1. The user somehow has the deny config write privilege
2. write_config cannot get a lock on the config file to write because something else is holding it open

I still do not see a diff or config before/after to attempt to replicate -- since we cannot reproduce this issue, we need the configuration files that appear to bring out the issue.

Do your configuration changes appear in the configuration history under Diagnostics > Backup/Restore on the Configuration History tab?

Any relevant log entries may also be useful to see, if any reference writing/saving the config

Actions #18

Updated by Ph. T over 6 years ago

I think i can now clarify what causes the issue in my case:

Setup: vm (esxi-setup) with HA activated.
different users on pfsense

-  we have a usergroup which uses LDAP for authentification. This group has a set of  priviliges (no admin, but all selectable options)
Between 2.3.0 and 2.3.1 the privilige-set has changed.

In 2.3.0 and also 2.3.0_1 the privilige-set worked fine for the ldap-authentificated user (change of rules, aliases etc.), within 2.3.1 the rule reload does no longer appear.

- if i use the local admin-user everything works fine.

So basically this problem arises with the non local admin-user.

Steps to reproduce:

Login as admin
Create a user testuser, password as you want
Add all privileges to this user, no groups
Logout
Login as testuser
Try to add rules, add aliases,add dashboard widgets. Non of this works for this user.

I will try with 2.3.0 and check back.

Actions #19

Updated by Ph. T over 6 years ago

Ok, i solved my problem:
within every new version of priviliges
my reflex is to add them to the user/usergroup.
Now deny config-write has been introduced, which works as expected.

If this option is in place, no change made by this user is taken to config.
So all options except deny config-write works fine.

Actions #20

Updated by Sags Sags over 6 years ago

Same thing.
Admin work well but not LDAP user.
Modify group rights to resolve this issue. So no issue with HA as Jim said.

Thanks all for help !

Actions #21

Updated by Jim Pingle over 6 years ago

  • Status changed from Feedback to Not a Bug
  • Affected Version deleted (2.3.1)
Actions #22

Updated by Anders Jelnes over 6 years ago

I can confirm Ph. T's finding.

Removing deny config-write solves the problem.

Actions

Also available in: Atom PDF