Messages

So, i managed to install technitium with this guide, with a few hiccups.
The start job is not working, i need to start it manually.

I can't figure out how to make DHCP work with this too.. anyone?

Fair warning ⚠️

Make package is a long process. 5 hours in with a C3758 and still running.

Done

https://github.com/opnsense/core/issues/8870

Exactly.

Under Hosts tab, i changed the ip address to reflect the changed ranged/subnet, but it seems to have created new ones and did not delete the old ones.

Therefore, under /var/etc/dnsmasq-hosts, both entry exist for the same host. I'm trying to delete the old one.

Since I'm not using those reservation anymore, is there anyway i can remove them ? They don't appear in the gui anymore since I changed them.

Hi,

I recently re-ordered my network to remove a few vlans and make it simpler. However, dnsmasq is throwing a few warnings like this :

not giving name hostname.local.tld to the DHCP lease of 192.168.1.5 because the name exists in /var/etc/dnsmasq-hosts with address 192.168.3.3

I cannot remove them manually from /var/etc/dnsmasq-hosts, they always come back after restarting the service.

Any ideas ?

Yes, 192.168.1.0/24 , 192.168.2.0/24 , 192.168.3.0/24 , 192.168.4.0/24 , 192.168.50.0/24 are in caddy access list

Here's the topology:

Lan Networks
- 192.168.1.0/24
- 192.168.2.0/24
- 192.168.3.0/24
- 192.168.4.0/24

VPN Network
- 192.168.50.0/24

myapplication.mydomain.com and caddy are on the local network, 192.168.1.0/24

OpenVPN Routing option has all lan networks added in local network tab

Hi everyone,

I'm trying to make Caddy access list work thru the openvpn instance but having difficulties.

OpenVPN instance works, I can access local ip's within local network. However, caddy does not recognize the openvpn connection as a local network connection but rather as the WAN connection of the user, so it is block by the access list.

I tried setting the openvpn instance with different redirect gateway option but it still does not work. The connection either gets timeout and nothing appears on the caddy log file, or the connection is blocked because it's being recognized as an outside ip instead of a local network one.

Anyone can help? 

You were right, even tho VPN traffic is routed and i can access local ip's and all, caddy is still getting a WAN ip from http log instead of local id.

Any way to change that?

Hi,

I've been using caddy plugin for a little while. Recently, http access started acting up and not allowing ip's included in the addresses, specifically opnvpn subnet.

VPN subnet is on 192.168.50.1/24
Local Subnet is on 192.168.0.0/16

Tried adding 192.168.0.0/16 and the 192.168.50.2 ip (the vpn user address) and it still doesn't work.

As soon as I remove access restriction, everything starts to work again.
------

As i was typing this, I figured it out looking to share the caddyfile.
Invert option might be "inverted", as in it denies access to ip address listed instead of allowing.

Inverted not checked : not client_ip 192.168.0.0/16 192.168.50.2
Inverted checked : client_ip 192.168.0.0/16 192.168.50.2

Would you happen to know where the www folder for caddy is located?
I'd like the main domain to point to a single html file inside caddy

something like this :

<!DOCTYPE html>
<html>
  <body style="overflow:hidden; margin:0; text-align:center;">
    <img src="image.jpg" style="height:100vh; max-width:100%; object-fit: contain;">
  </body>
</html>

Sorry I don't know then. Without some debug logs its uncertain what happens there. I need some info that is not anynomized so theres no mistakes due to wrong omissions.

- Check your DNS, does "nslookup yoursubdomainname" really resolve to the IP address of the OPNsense?

- If Yes, Whats the output of "curl -v subdomainname"

- What do the debug logs show when you try to reach it?

- Which kind of application is listening there? Is it a HTTP or HTTPS application.

- If the application demands a HTTPS connection, did you enable "TLS Insecure Skip Verify" like I asked?

- When you deactivate the handler for the subdomain AND disable "abort", do you at least see an empty webpage and the certificate?

If its a very complex issue, you can also go to https://caddy.community and fill out their help template. Show your old nginx configuration, and your current Caddyfile. That way they can see if theres a mistake.

So, thanks for the heads up! I finally managed to make it work.
As every time something ain't working in networking... its always dns !

For DNS resolving, i'm using pi-hole > unbound > DoT

Pi-hole was not resolving the "local" domain and was throwing "non-existing domain"

Adding a local dns record thru pihole, pointing to the firewall made it resolve.

Now works as intended !

You have enabled TLS, does that mean your internal service has a globally trusted certificate? Because if not, you need to make sure Caddy trusts the certificate.

Check this out, it explains it: https://docs.opnsense.org/manual/how-tos/caddy.html#reverse-proxy-the-opnsense-webgui

Otherwise, disable both TLS options you have set, and enable "TLS Insecure Skip Verify", it will skip certifocate handling and the internal HTTPS connection will "just work".

Disabling evrything TLS made no change.

'ive redacted wrongly sorry :

*.local.domain.tld {
   log 6a100fb9-863d-4a8e-a6dc-6aaad5598184

@febd140e-6307-4080-8419-d1de0c6a23b2 {
      host sub1.local.domain.tld

The Caddyfile does validate under diagnostics, but still won't proxy to the local server.