OPNsense Forum

English Forums => General Discussion => Topic started by: nmiller0113 on May 02, 2023, 02:58:33 am

Title: WebUI load connection stalled in Chrome (only when entering WebUI by name)
Post by: nmiller0113 on May 02, 2023, 02:58:33 am

I'm running OPNsense 23.1.6-amd64. I used the ACME Client to create a certificate for my administration/webui. I applied it, and it works for the most part...just this strange issue in Chrome on a Mac.

99.999% of the time, when I try to access the webui by name using Chrome on a Mac it will sit there and hang the connection start (See attached screenshot from DevTools). You can see the screenshot shows 1.5 min, but I've had it last up to 3.5 mins and sometimes 39 seconds. Now if I run this same test by IP, I don't have a single problem and can run the test over and over and over by IP and name and the results are consistent relative to the way I'm trying it. If I connect from Firefox or Safari by name it works perfectly every, single, time...no hang or delay. I've tried clearing the Chrome cache, starting a new profile, incognito mode...nothing helps. I even tried from my kids Macbooks...still the same result with chrome.

I'm at a loss

Title: Re: WebUI load connection stalled in Chrome (only when entering WebUI by name)
Post by: nmiller0113 on May 02, 2023, 03:49:17 am

Ok, after more digging, I found something interesting. I ran tcpdump on the opnsense instance and found that when I browse by name from Chrome for some reason it initially tries to hit the firewall on an interface which isn't local. For this example let's just say that 1.1.1.1 is local and 1.1.2.1 is another interface on the firewall. When I ping the firewall by name it gives me 1.1.1.1, but when Chrome tries to browse to it by name it initially goes to 1.1.2.1 and then later after the timeout mentioned above goes 1.1.1.1. Where Firefox goes to browses by name to 1.1.1.1 every single time.

Title: Re: WebUI load connection stalled in Chrome (only when entering WebUI by name)
Post by: nmiller0113 on May 02, 2023, 06:01:57 am

I learned a few more things.

1) Unbound will return the IP address for all local interfaces - https://forum.opnsense.org/index.php?topic=19658.0

2) and Chrome handles DNS resolution a bit differently.

This all contributed to what I experienced. I ended up re-enabling the WebUI listener on all of my interfaces and controlled access via firewall policies. This is resolved...thank you all for letting me air out my troubleshooting here :)