Messages

You can give "OPNsense doc: WebGui access reset" a go, it should create new certs.

solved my problem!

Code Select Expand

configctl webgui restart renew
was the solution. Thanks for your time!

best regards,
thomas

my reply above was before your answer. that´s why I assumed the wrong directory. I removed it from my answer #3 and will use the "reply" button :-)

Code Select Expand

root@OPNsense:~ # lighttpd -tt -f /usr/local/etc/lighttpd_webgui/lighttpd.conf
2025-03-26 09:15:28: (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/mod_openssl.c.2112) SSL: inactive/expired X509 certificate '/usr/local/etc/lighttpd_webgui/cert.pem'
2025-03-26 09:15:28: (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/mod_openssl.c.2144) SSL: couldn't read private key from '/usr/local/etc/lighttpd_webgui/key.pem'
2025-03-26 09:15:28: (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1659) Initialization of plugins failed. Going down.

That is not ideal, is something else running on port 80 and/or 443?

Code Select Expand

sockstat -P tcp | egrep '(80|443)'
And to check the lighttpd config used the for OPNsense GUI

Code Select Expand

lighttpd -tt -f /usr/local/etc/lighttpd_webgui/lighttpd.conf

inserted all my findings in answer #3

[lighttpd log-file:]

Hello and thanks for your reply,

it seems that lighttdp is not running:

Code Select Expand

root@OPNsense:/ # sockstat -P tcp | grep light
root@OPNsense:/ # service lighttpd status
lighttpd is not running.
root@OPNsense:/ #

My browser shows me "ERR_CONNECTION_TIMED_OUT"

lighttpd log-file:

Code Select Expand

root@OPNsense:/usr/local/etc/lighttpd # cat /var/log/lighttpd/latest.log
<29>1 2025-03-26T06:51:24+00:00 OPNsense.localdomain lighttpd 5246 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:52:34+00:00 OPNsense.localdomain lighttpd 5246 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1234) [note] graceful shutdown started
<29>1 2025-03-26T06:52:34+00:00 OPNsense.localdomain lighttpd 5246 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 74476
<29>1 2025-03-26T06:52:34+00:00 OPNsense.localdomain lighttpd 75703 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:53:01+00:00 OPNsense.localdomain lighttpd 75703 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1234) [note] graceful shutdown started
<29>1 2025-03-26T06:53:01+00:00 OPNsense.localdomain lighttpd 75703 - [meta sequenceId="5"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 50852
<29>1 2025-03-26T06:53:01+00:00 OPNsense.localdomain lighttpd 51629 - [meta sequenceId="6"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:54:29+00:00 OPNsense.localdomain lighttpd 51629 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1234) [note] graceful shutdown started
<29>1 2025-03-26T06:54:29+00:00 OPNsense.localdomain lighttpd 51629 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 771
<29>1 2025-03-26T06:54:29+00:00 OPNsense.localdomain lighttpd 2645 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:55:09+00:00 OPNsense.localdomain lighttpd 2645 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 29005
<29>1 2025-03-26T06:56:23+00:00 OPNsense.localdomain lighttpd 60502 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:57:50+00:00 OPNsense.localdomain lighttpd 60502 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 6999

removed...see reply below / next answers

troubbleshooting so far:

-fresh installation of OPNSense again on the new host
-updated the new installation to the latest version (same version as the "old/source" system)
-restored OPNSense config (modified with replaced/new interface names)
-shutting off the old machine
-started new host

--> same situation: the new OPNSense host seems to be working fine except WebGUI

Hello community,

I have been running OPNsense in my home environment for a while now, and everything has always worked without any issues. Recently, I replaced the hardware, which also changed all interface names.

On the old hardware, I created a backup, modified the XML file by replacing the old interface names (re0 and re1) with the new ones, and then restored the backup.

As far as I can tell, everything seemed to work right away. However, I have one significant issue:

I can no longer access the WebGUI. The firewall appears to be working, the VLAN configuration seems to be functioning correctly, and SSH access is working—but unfortunately, the WebGUI is not.

Does anyone have any hints or suggestions for me?

Thank you very much and best regards!

Hi Community,

First of all: I am not so experienced in this topic, so please appologize my (maybe) beginner question :-)

Following situation:

I would like to use a SBC with two 2.5gb NIC's as my new OPNSense FW. In OPNSense I would like to define my vlans.
The SBC is connected to my network (I would like to use 2 MikroTik CSS610-8G-2S+IN switches). The link between my switches will be a 10gbe fibre (sfp+ modules).

Does the opnsense connection to my network (1gbit or 2,5bgit)  possibly effect the 10gbe connection between my switches? Or in other words: is the opnsense —> switch connection a bottleneck which will effect the 10gbe switch-to-switch uplink?

Thanks in advance and best regards,
Thomas

After reviewing my configuration I found a setting, which I tought I has activated it (maybe I forgott to save it...)

My bad!


VPN > OpenVPN > Server > Edit > Client Settings > DNS Server > ------> insert your (local) DNS Server.

Afterwards I was able to resolve the hostname of my target Server from my VPN Client.

Cheers
Thomas

Hi Community,

I am using OPNSense a couple of years in my home environment without any problems. Last year I created a VPN Server with OpenVPN on my OPNSense, which is running also without problems untill now.

Untill now, I have used VPN from my iPhone to contact a single service at my network. Therefore I had to insert the IP (on my VPN Client/Phone), add a relevant rule in my firewall and everything is working fine.


Now I want to access a second service in my network and I tried to access it with it´s internal DNS name and not the internal IP adress. Unfortunately the dns of the target host can not be resolved from my VPN-Client (iphone). When I access it via the internal IP, I can establish an connection, but the goal should be to access it via the internal hostname.

Did u have an idea, what I have done wrong in my configuration, or where should I start my troubbleshooting?

Many thanks in advance and best regards,

Thomas

[hardware related problem]

Hey Folks,

thanks for the support - indeed it was an hardware related problem!

I am using a ASUS J1800I-C Mainboard which was obvoisly not supported in my BIOS Version (0808).
After implementing the latest BIOS Version, the 19.1.4 live-CD came up.

I was suprised because the last BIOS Update for this board (which I was using since today) provided by ASUS was published in 2015... I was suprised to see a new BIOS (release Feb 2019).

Its running now and I am happy af :)

Thanks and best regards,
Thomas

Hi Franco,

I have logged in to the webinterface and started the update. Unfortunately OPNSence stuck at the same point as above mentioned (in February).

I used the option 5 (old kernel) at the boot menu and 18.7 cames up. After logging in to the webinterface I checked again for updates. Now only 19.1.4 was shown. I clicked on "apply update" and the system was loading one file (21 MB) and restarted the firewall.

After that I assume that 19.1.4 came up, but it was not the case. 18.7.10 came up.

Thats strange for me. Does someone has any idea?

thanks and regards
Thomas

Hello,

short question: when I am upgrading via UI now from 18.7.10 to 19.1 - which release would be installed?

Hi bitwolf,

thanks for this information - I am online again since some hours, as I was able to find a 18.7 iso here (https://opnsense.c0urier.net/releases/18.7/) after a fresh installation I restored my backup and anything was working fine again *puh* :-)

I am back in business with 18.7.10, now and will check for updates next week again :)

many thanks and best regards!

Thomas

Hi Support,

today I tried upgrading my Firwall (I guess it was 18.7.10 ...latest release) to release 19.

The upgrade was started by gui and hangs after some minutes at the boot screen on:

/boot/kernel/ng_tcpmss.ko text=0xe64 data=0x128 syms=[0x4+0x420+0x4+0x465]
Booting...
/

(see photo#1)

nothing happend...for a couple of minutes.
Hmmm... OK ... I read that I should try install the whole OPNSense again, so I downloaded the 19.2 img and burned it to my usb key (on OSX) and started the machine.

While booting the 19.1 img from usb It hangs now 5 step after ng_tcpmss.ko at:

/boot/kernel/ng_vlan.ko text=0x16e0 data=0x128 syms=[0x4+0x4f0+0x4+0x50e].


At the moment my network is death and nothing is working :(

Does anobody has an idea what can I do?

Thanks and best regards,

Thomas

Problem fixed:

I determined, that the certificate on my management host were expired. Fortunately I was able to connet to my firewall via ipad.

From there I was able to create a new internal root and sub ca as well as a new internal certificate. After creating these 3 things I have imported the root and sub ca certificates into my windows computer - and it works.

This guide/video helps me to solve the problem:
https://www.youtube.com/watch?v=SmSAvVYYP_s