OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Nnyan on May 16, 2017, 07:25:45 pm

Title: Unable to browse HTTPS sites via Wifi
Post by: Nnyan on May 16, 2017, 07:25:45 pm
I'm not exactly sure when this started but sometime recently I have been unable to access HTTPS websites if I browse using Wifi on my home network.  They work fine if I'm on a wired PC and I know for sure that about a month ago this was working fine.  Other then updating the FW I haven't made any changes (and I typically log those changes in my log book so I can revert them if needed).

Just thought I would post here to see if anyone had any advice.  Thank you
Title: Re: Unable to browse HTTPS sites via Wifi
Post by: Nnyan on May 17, 2017, 11:47:55 pm
Has no one experienced this?  I'll try playing around with my network this weekend.
Title: Re: Unable to browse HTTPS sites via Wifi
Post by: bartjsmit on May 18, 2017, 11:59:08 am
WiFi is layer 1 of the network stack, http/s is layer 7. There are other factors at play here and I'd say you need to do more troubleshooting and/or provide more details before the forum can help you.

Bart...
Title: Re: Unable to browse HTTPS sites via Wifi
Post by: Nnyan on December 14, 2017, 09:31:53 pm
I don't want to necro this but I never did get back here and update so in case anyone runs into this.

Turns out that the Adtran controller software had been auto-updated and this changed one of its options.  It started looking into HTTPS (SSL) traffic and in doing so triggered the certs to be invalid.  I no longer use the adtran wifi system but I did recently run into something similar with another firewall and it's self-signed certs and HSTS.
Title: Re: Unable to browse HTTPS sites via Wifi
Post by: franco on December 15, 2017, 05:53:34 am
Thanks for the follow-up, Nnyan! I've been bitten by HSTS a couple of times too, but the WiFi controller issue is something else entirely to look out for. :o


Cheers,
Franco
Title: Re: Unable to browse HTTPS sites via Wifi
Post by: Nnyan on December 15, 2017, 08:08:11 am
Ditto for me, at least 2-3 times on PFSense and once on OPNsense.  I was helping a friend with Sophos XG and immediately after the install, they were getting "the webpage is not secure" type messages in chrome and IE.  They could not hit most of their sites.  Turns out that XG is decrypting SSL and inserting their own cert in there. The only way around this was to disable their micro-app discovery scanning.

I never did figure out why this happened to me in OPNSense but hopefully, it doesn't happen again.