I am pulling my hair out - I have a need to expose the Web GUI via the WAN interface on a remote instance/install (holiday home). I know this isn't recommended, so please don't give me the lecture :D
I have a filter rule created to allow said access via HTTPS, and restricted it to a single IP (the WAN IP on my home connection), and have had no joy accessing it. I have enabled logging on the rule - the access requests don't even show up on the "Live logs" view for the firewall.
As a test, I even allowed source from "any" and still had no luck. To further test I created and VM to emulate the need, and set up exactly the same rule and it worked flawlessly.
The only thing I can think of that might be relevant is that I have a bridge WAN connection to the ONT fibre router which is provisioned in L2 (PPP/PPoE) and I have read (but now cannot find) something about disabling reply-to under this configuration.
I am running the latest version of OPNSense on bare-metal - and it works perfectly on everything else.
I am also currently checking if my ISP does any kind of filtering upstream just in case, will hear about that overnight.
Any insights / suggestions are very welcome - I have searched the forums, and tried most if not all the suggestions on here I could find.
Why not just configure a VPN?
That's the ultimate goal. But I need access to the unit before I can do that and the unit is remote to me.
How are you planning on getting WAN UI access then if you can't configure it?
I have a friend helping me out who has very little tech knowledge hence the approach of enabling the Web UI so I can do the rest.
Why not have them just run a remote screen share and let you do the configuration yourself? There's plenty of free options available, but you could even do it over a meeting app as several of those allow you to take control of the screen.
That is, unfortunately not an option - I have arrived at this juncture having considered many options on how best to resolve it, and am looking for advice on how best to diagnose the actual issue. I do appreciate your continued interest though, so thanks for your responses so far.