19.1.7 update successful but no GUI

[dreamerman]

Anyone can't get access to GUI after 19.1.7 update? I can use putty and get to console and verified that the LAN (igb0) v4 192.168.x.x is as before the update. I rebooted it via console but still could not access the GUI. My local network can access the internet and other devices in the local network so there is no issue there. Just can't get to GUI.

I tried option 11 in console (reload all services) thinking GUI might be a service that got stuck during booting but the script stalled at "configuring LAN interface" or similar. At this point there is no access to internet until I force reboot the opnsense box. At the end still no GUI.

[dreamerman]

Anyone that is kind enough to help?

[franco]

What happens when you run this?

# /usr/local/etc/rc.restart_webgui


Cheers,
Franco

[dreamerman]

Hi Franco, thanks for replying. I got this reply:
root@OPNsense:~ # /usr/local/etc/rc.restart_webgui
Starting web GUI...failed.
Generating RRD graphs...done.
root@OPNsense:~ #

By the way, I updated via console to 19.1.8 hoping this will fix my problem but no joy.

[franco]

You need to delete the strict interface binding for the GUI in your config.xml ...

system -> webgui -> interfaces (delete this line)

Restart GUI again using the same command.


Cheers,
Franco

[dreamerman]

Thanks franco but I have no idea how to do it. I get the following after executing edit /conf/config.xml but I don't know what to do next.

root@OPNsense:~ # edit /conf/config.xml
help : get help info  |file  : print file name         |line : print line #
read : read a file    |char  : ascii code of char      |0-9 : go to line "#"
write: write a file   |case  : case sensitive search   |exit : leave and save
!cmd : shell "cmd"    |nocase: ignore case in search   |quit : leave, no save
expand: expand tabs   |noexpand: do not expand tabs
===============================================================================
<?xml version="1.0"?>
<opnsense>
  <theme>opnsense</theme>
  <sysctl>
    <item>
      <descr>Disable the pf ftp proxy handler.</descr>
      <tunable>debug.pfftpproxy</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
      <tunable>vfs.read_max</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Set the ephemeral port range to be lower.</descr>
      <tunable>net.inet.ip.portrange.first</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Drop packets to closed TCP ports without returning a RST</descr>
      <tunable>net.inet.tcp.blackhole</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
      <tunable>net.inet.udp.blackhole</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
      <tunable>net.inet.ip.random_id</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
        It can also be used to probe for information about your internal networks. These functions come enabled
        as part of the standard FreeBSD core system.
      </descr>
      <tunable>net.inet.ip.sourceroute</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
        It can also be used to probe for information about your internal networks. These functions come enabled
        as part of the standard FreeBSD core system.
      </descr>
      <tunable>net.inet.ip.accept_sourceroute</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
        to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
        packets without returning a response.
      </descr>
      <tunable>net.inet.icmp.drop_redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        This option turns off the logging of redirect packets because there is no limit and this could fill
        up your logs consuming your whole hard drive.
      </descr>
      <tunable>net.inet.icmp.log_redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
      <tunable>net.inet.tcp.drop_synfin</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Enable sending IPv4 redirects</descr>
      <tunable>net.inet.ip.redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Enable sending IPv6 redirects</descr>
      <tunable>net.inet6.ip6.redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
      <tunable>net.inet6.ip6.use_tempaddr</tunable>
command:

[franco]

# pkg add vim-console
# vim /config/config.xml
(go to the <interfaces>...</interfaces> line inside <system>...<webgui>... block)
Press ":" and type "d" and hit enter
Press "Esc"
Press ":" and type "wq" and hit enter
# /usr/local/etc/rc.restart_webgui

Cheers,
Franco

[dreamerman]

Hi franco, I had no luck with # pkg add vim-console which gave me the following feedback:

root@OPNsense:~ # pkg add vim-console
pkg: vim-console: No such file or directory
pkg: Was 'pkg install vim-console' meant?
Failed to install the following 1 package(s): vim-console
root@OPNsense:~ #

So I looked around and tried # pkg install vim-console and successfully installed vim-console: 8.1.1248 so all good.

However I got an almost blank screen after executing # vim /config/config.xml like below. Does this mean I don't have an existing file called config.xml?

root@OPNsense:~ # vim /config/config.xml
  1
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/config/config.xml" [New DIRECTORY]                                                                                            0,0-1         All
  1
~
~
~
~
~
~
~
~
~
~
~

[dreamerman]

Hi franco, I had another thought so ran putty as admin. I re-execute the command and got this:

root@OPNsense:~ # vim /config/config.xml
E325: ATTENTION
Found a swap file by the name "/var/tmp/config.xml.swp"
          owned by: root   dated: Sat May 25 09:58:06 2019
         file name: /config/config.xml
          modified: YES
         user name: root   host name: OPNsense.localdomain
        process ID: 54565
While opening file "/config/config.xml"
      CANNOT BE FOUND
(1) Another program may be editing the same file.  If this is the case,
    be careful not to end up with two different instances of the same
    file when making changes.  Quit, or continue with caution.
(2) An edit session for this file crashed.
    If this is the case, use ":recover" or "vim -r /config/config.xml"
    to recover the changes (see ":help recovery").
    If you did this already, delete the swap file "/var/tmp/config.xml.swp"
    to avoid this message.

Swap file "/var/tmp/config.xml.swp" already exists!

• pen Read-Only, (E)dit anyway, (R)ecover, (D)elete it, (Q)uit, (A)bort:
  

[dreamerman]

Help please?

[dreamerman]

Given up