1
22.1 Legacy Series / Web GUI temporarily accessible from WAN side after default install is rebooted
« on: March 18, 2022, 03:40:43 am »
Hello Everyone,
Thanks for taking the time to read this.
I really like opnsense, and I'm testing it for use at my business. However, my confidence in the product's security is a little shaky after I experienced the situation below.
First: I did a default opnsense installation using the dvd img. The WAN side was connected to my internal network, say 10.0.0.0/24. It gained 10.0.0.100 as its WAN address. I set its LAN side to 192.168.1.1/24.
Second: After installation I logged into the Web GUI from the LAN side to check it out, but I DID NOT change any rules.
Third: I restarted the opnsense machine. When it came back up I tried logging in from the WAN side. To my surprise, I was able to connect and log into opensense from the WAN side. I browsed around the interface for a minute or two, then I closed the browser. I then reopened the browser and tried again from the WAN side. At that point the Web GUI was inaccessible, as I expected it should have always been on WAN.
Just a note: I am 100% sure I was able to log in to the Web interface via WAN. I checked it multiple times after I logged in. It was the WAN side. Also consider that the "block private networks" would still have been enabled for the WAN side settings, since I had not changed that.
So I have a few questions:
1. Is there a known reason this would happen? Perhaps startup took longer that it should have and the firewall rules didn't apply right away? Or, is it by design for some unknown reason?
2. I assume this is not supposed to happen, and I would assume that a firewall would have a fool-proof startup process to prevent this behavior. Is it possible that opnsense does not have this worked out properly?
3. Is the startup process documented in detail somewhere you could direct me to? I would like to read it.
Sorry if I am missing something, or there is a simple explanation. My conclusion does make some operational assumptions I cannot be sure apply to opnsense.
Thanks again for your time!
Thanks for taking the time to read this.
I really like opnsense, and I'm testing it for use at my business. However, my confidence in the product's security is a little shaky after I experienced the situation below.
First: I did a default opnsense installation using the dvd img. The WAN side was connected to my internal network, say 10.0.0.0/24. It gained 10.0.0.100 as its WAN address. I set its LAN side to 192.168.1.1/24.
Second: After installation I logged into the Web GUI from the LAN side to check it out, but I DID NOT change any rules.
Third: I restarted the opnsense machine. When it came back up I tried logging in from the WAN side. To my surprise, I was able to connect and log into opensense from the WAN side. I browsed around the interface for a minute or two, then I closed the browser. I then reopened the browser and tried again from the WAN side. At that point the Web GUI was inaccessible, as I expected it should have always been on WAN.
Just a note: I am 100% sure I was able to log in to the Web interface via WAN. I checked it multiple times after I logged in. It was the WAN side. Also consider that the "block private networks" would still have been enabled for the WAN side settings, since I had not changed that.
So I have a few questions:
1. Is there a known reason this would happen? Perhaps startup took longer that it should have and the firewall rules didn't apply right away? Or, is it by design for some unknown reason?
2. I assume this is not supposed to happen, and I would assume that a firewall would have a fool-proof startup process to prevent this behavior. Is it possible that opnsense does not have this worked out properly?
3. Is the startup process documented in detail somewhere you could direct me to? I would like to read it.
Sorry if I am missing something, or there is a simple explanation. My conclusion does make some operational assumptions I cannot be sure apply to opnsense.
Thanks again for your time!