OPNsense Forum

English Forums => Virtual private networks => Topic started by: VITAS on March 31, 2023, 10:17:54 am

Title: WebUI via VPN
Post by: VITAS on March 31, 2023, 10:17:54 am

Hi,
im trying to make the WebUI available via Wireguard. (Wireguard on opnsense is acting as a client connecting to a server) After adding the Firewall rules, makign sure wg1 is made into a new Interface called WG and that in turn is included into the listening interfaces for the WebUI i could see that apckets for port 443 indedd pass trough the firewall.
I however found out that i needed to restart both SSH and the webserver after the Wireguard interface came up. This is ofc a bit problematic when you dont have lan access to the device and it for whatever reason needs to reboot.

Could you add a solution to this problem in a patch or is it just me doing things wrong?

Grettings
VITAS

Title: Re: WebUI via VPN
Post by: zan on March 31, 2023, 11:28:25 am

Are listen interfaces set to "All" for both Webgui and sshd? It should not need restarting for both services if they are.

Title: Re: WebUI via VPN
Post by: VITAS on March 31, 2023, 01:06:39 pm

yes

I found that i can access the WebUI via the lan ip trough the vpn. My guess is that the webserver somehow still doesnt recognizes a new interface to listen on without restart but if you have your routing in order you can circle in on its excisiting listen lan ip.

Title: Re: WebUI via VPN
Post by: zan on April 01, 2023, 04:42:50 am

That is weird. Can you check the output of "sockstat -l | grep lighttpd"? if it shows "*:443" then it is bound to all addresses (INADDR_ANY) you should be able to access it from any interface.
Also check your WG & floating firewall rules in case you got something blocking it.