If the Web GUI ist set to listen to an ZeroTier Interface, it's no longer listening to that interface after a reboot. This did work prior to 23.1.6 so I suppose it's somewhat related.
Here's how to reproduce:
- Connect OPNsense to a ZeroTier network
- Add the ZT interface to the listen interface for the Web GUI (I don't know if it will fail if set to all, but just use something like LAN and the ZT interface to simplify things)
- Create a Firewall rule for the ZT interface to allow connections from the ZT network to this firewall for port 443
- Connect a second device to the ZT network and check if the Web GUI is accessible via its ZT IP
If everything works, reboot the firewall.
Try to reconnect after everything is back up and running.
The connection will fail and results in syn closed.
Now do the following:
- Go to System->Settings->Administration and remove the ZT interface from the listen interfaces
- Save the settings and wait for the UI to reload
- Add the ZT interfacce back to the listen interfaces, save and wait for the reload
The Web GUI is accessible again using the ZT IP.
This weird behaviour did show up after updating to 23.1.6. Rebooting did not cause the system to fail in the previous firmware release.
Dynamic interface listening WILL fail you eventually, better leave as "all (recommended)" setting if you have issues with it. It works out of the box...
Also see:
https://docs.opnsense.org/manual/settingsmenu.html#listen-interfaces
Cheers,
Franco
Well... That's a classic Layer-8-error then...
Didn't check the manual, it worked for months and made two updates without any issues.
Thanks.
To be fair, the manual was only recently improved regarding this situation as more and more people run into it.
Cheers,
Franco