Bind web interface & SSH to Loopback interface (lo0)?

[jailbird]

I'm sure I have a somewhat weird setup for home/SMB, but it's probably fairly common in large environments..

I don't have machines directly attached on the 'internal'/'trust'/whatever side of OPNsense.  I have multiple interfaces, each one attached to a different L3 switch, which static routes set for each one.  Everything works great, but obviously since each interface has its own IP, it would be nice to use a loopback address for administration/management.  This is pretty common even for routing protocols in larger environments.

So I used Firewall: Virtual IPs: Settings to add a Virtual IP to the Loopback interface.  That loopback now works correctly everywhere, yay!  The only problem is in System: Settings: Administration, under HTTPS & SSH, Loopback isn't available as an interface to bind to.  I'm sure it's fairly easy to fix and I'm going to look at the code, but I'm curious if there's a reason not to other than "nobody has ever done it before"?

This is how I access all of my other networking gear (Extreme switch, HPe/H3C switch, Juniper SRX, etc), so I'm just trying to make it similar.

[franco]

It's not my favourite setup, but let me add it for you.


Cheers,
Franco

[franco]

Although I need to think of a cleaner way, this reminds of me of code that we are trying to get rid of... to be continued...

[jailbird]

Hah, no rush.  Is there a better/more preferred way to handle this then?

[franco]

Not really. It was always uneasy. Sometimes "Loopback" options are advertised, but mostly they are not.

What we really need is an optional loopback interface that can be assigned in the GUI so it magically works with the SSH and web GUI interface selection. Let's create a ticket to see if we can come up with something down the line:

https://github.com/opnsense/core/issues/2406



Cheers,
Franco