Netgate SG-1000 microFirewall

Author Topic: lighttpd[]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted  (Read 3400 times)

0 Members and 1 Guest are viewing this topic.

Offline laapsaap

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hi,

I run multiple pfsense(vms) at every remote sites we have, mainly for tunneling and as a gateway.  Always been a bliss to work with, never really had any problems. I consider myself quite familiar with pfsense and networking.

But for awhile at our latest site, everytime I save a setting in the WebGUI. The WebGUi gets unresponsive for 10-40seconds. When I look at the system logs I see this.

May 3 09:48:40   pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted
May 3 09:48:40   pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted
May 3 09:48:41   pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted
May 3 09:48:41   pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted


We are using the pfSense 2.0.3 OVA deploy in VMware, so it shouldnt be a hardware problem. I even tried reinstalling it on different host but everytime I get the same unresponsive web interface.  Our other sites with pfSense works fine.  We had this problem in 2.0.2 too.

The thing is, I just tried to do a new install with no settings except WAN IP/GW   and if I save something (e.g. firewall rule). My log gets flooded with "pfSense lighttpd[25983]: (connections.c.1721) SSL (error): 5 -1 1 Operation not permitted".

I have no more ideas how to debug this, been trying for two weeks.  And I am wondering is this a bug/problem in the OVA deploy?  To be honest I cant remember if I used .ova or did a clean installs at my other sites :)

Any ideas?

Thank you.
« Last Edit: May 03, 2013, 05:15:51 am by laapsaap »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21565
  • Karma: +1471/-26
    • View Profile
If it happens when you save, it probably means that your gateway is down (Check Status > Gateways) or non-responsive and the states get killed when you trigger a filter reload, which makes lighty fail to send packets (because the state is gone).

Either fix the gateway monitor IP, or disable state killing for down gateways under System > Advanced on the Miscellaneous tab.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline laapsaap

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Golden!

Indeed the gateway is working but somehow always offline in Status Gateway tab. I assume uplink provider blocks out pings.

But after disable state killing, it works for the time being until I fixed the gateway check.


Thank you very much for your time, make much more sense now! Really like PFsense.