OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: bobbythomas on November 26, 2017, 09:55:16 am
-
Hi All,
I recently upgraded from 17.7.7 to 17.7.8, since then I am facing issues accessing web gui(both http and https). I can access it using the dynamic dns, but not using the LAN ip(default login method). It's even accessible over the zerotier tunnel interface IP but not over lan. It gives me website not responding message.
Any help is highly appreciated.
Thanks in advance,
Regards,
Bobby Thomas
-
To add, I tried clearing cache and browser history, even tried with a new one, still it didn't work.
-
Today, I installed opnsense for the first time. Logged into the gui and did the wizard configuration.
Installed the newest update, 17.7.8, and rebooted. I can no longer login either from the console or web gui.
Using the defaults (root/opnsense) returns 'Wrong username or password.' from the gui. I've flushed caches, deleted cookies and tried 2 different browsers.
Help!
-
@bobbythomas
aslong as you still have access to the GUI you can check the Firewall Log to see if any traffic gets blocked. Maybe the rule order is not correct. Are you using VLANs by any chance? On your local LAN you should be able to ping your local gateway otherwise you would not be able to use the internet. Are you directly connected to the Firewall Interface or are there Switches/Routers between your LAN connection? Any active Switch-ACL or local Windows Firewall blocking the traffic by any chance?
Did you tried different browsers? I heard there are maybe some problems with the newest Firefox.
Are you using Intel or Realtek NICs and is your OPNsense virtualized or physical?
Just guessing here... ::)
@analyst783
At first that makes no sense... ;D
Can you login with the credentials (installer/opnsense) and just re-reinstall over your current installation or is it impossible aswell?
Never tried it myself but is this working for you?
https://www.mxwiki.com/password/opnsense/factory-reset-opnsense-firewall
-
From the console, neither root nor installer userids work with the default password.
I reviewed the article at mxwiki and tried the password reset idea.
From the single user login, I entered 'passwd' and got the prompt to enter a new password. I then get an error message: "passwd: pam_chauthtok(): error in service module". The password is not changed :/
At this point, I'll boot off the USB stick, reinstall and wait for the next release :(
Between this login mess the upgrade made and the difficulty in getting a bootable USB from windows (which I couldn't -- had to go find a linux box to use 'dd' on b/c rufus kept sending my PC to a bsod), I'm not feeling real comfortable with this project.
-
My install also seems to have been crippled somewhat after upgrading from 17.7.7 to 17.7.8.
After the upgrade and reboot the web GUI was completely inaccessible. I scanned the IP of the management interface and found that the web ports were not open so this lead to believe that services didn't start, or at least tried to but crashed. The firewall itself though was up and I could get internet access through it without issue.
Failing with the web GUI, I went to look at the console. That wasn't pretty either. I found it to be completely stuck just after the part where it says "Booting..." No combination of key presses seemed to recover it but again traffic was passing through it just fine.
The scan I performed earlier did show that port 22 was open though and I managed to get SSH to it. This is disabled by default but luckily I'd enabled it prior to the upgrade. After SSH'ing to the firewall, I selected option 11 to reload all services. Sure enough, that brought the web GUI to life again but no joy with the physical console, which is still stuck. I have to do this after every reboot now to get the GUI to run but once it's running it's fine. If you don't have SSH already on though you'd probably have to reinstall.
There's a bug somewhere in the upgrade. I've yet to do a detailed check of logs but will report back if I find anything useful.
-
@bobbythomas
aslong as you still have access to the GUI you can check the Firewall Log to see if any traffic gets blocked. Maybe the rule order is not correct. Are you using VLANs by any chance? On your local LAN you should be able to ping your local gateway otherwise you would not be able to use the internet. Are you directly connected to the Firewall Interface or are there Switches/Routers between your LAN connection? Any active Switch-ACL or local Windows Firewall blocking the traffic by any chance?
Did you tried different browsers? I heard there are maybe some problems with the newest Firefox.
Are you using Intel or Realtek NICs and is your OPNsense virtualized or physical?
Just guessing here... ::)
@Oxygen61
Thank you for your suggestions. Actually I haven't made any changes in the access rules recently. It was all working till 17.7.7 but when I upgraded that to 17.7.8 this started happening. If I am connected to LAN I have to use the public interface ip or dynamic dns to access the Webgui(I can access CLI over ssh), if I am connected over VPN, I cannot access the Webgui, but can login to CLI. But if I am connected to Zerotier VPN I can access the web gui over Zerotier tunnel interface on the firewall. The firewall is a virtual firewall running in proxmox and is connected to a Openwrt AP, there are no access rules in the AP to block the traffic. Besides it has anti-lockout policy in place, so I doubt it will block any traffic destined to firewall interface. I don't have any VLANs configured on the firewall, but on the Proxmox I have Vlans. This looks like somekind of bug in 17.7.8. Unfortunately I didn't take a snapshot of my Firewall VM before upgrade and I believe the latest snapshot is 3 months old, so didn't want to take a chance by reverting to old config, but I will need to roll back to it if it's inevitable.
-
Looks like the firewall is resetting the connection. Don't know why it resets the connection to inside interface. I will perform a wireshark capture from my pc to the forewall and enable packet capture on the firewall.