Messages

Thanks. The console menu option is clearly the best way to change the OPNsense IP, but that was not my problem.

It turns out the issue was AdGuard Home, although it's running as a service in OPNsense, it does not pick up the new IP automatically - and there is nothing related to IP in AdGuard Home's GUI. I have this configured as my primary DNS - No DNS no Internet!

To fix this, the AdGuard Home service must be stopped and the configuration file AdGuardHome.yaml must be edited manually from the CLI. In my case this required the root user.

I know this is not a common action, but posting here in case it helps someone else.

I have a pretty simple vanilla config here. Flat network, a couple of unmanaged switches, Adguard Home.

All I want to do is change the LAN IP from the standard 192.168... to something else.

I changed the IPv4 address under Interfaces/LAN, and ensured any addresses under Services/ISC DHCPv4/LAN were changed from 192.168... to match the new IP. I also changed the lease time to ~30mins.
After a reboot nothing worked. I can't connect to Opnsense at the new IP or get a new IP lease on my Mac. The console looks as I would expect.
After too much time spent rebooting devices, messing with Mac network settings etc I restored to a backup via the console, and all works as before.

I assume I'm missing something obvious. What else must I do to make this change?

Thanks for any help!

Thank you Patrick,

I understand that 443 is the default (and yes, I did make a bookmark with the new port, exactly as you suggested.)

I was hoping there might have been some configuration options on Opnsense to get round it using redirection or something. It's not a big deal to use the port though. I just like things to be simple.

Thanks again.

New user here. Sorry for what is probably an very basic question.

I created a certificate (using ACME client) so I could login to the Opnsense GUI without the security errors (using "servername.my_domain.com"). This worked initially, but because of a conflict, I had to change the port number to something other than 443 (I chose 4443).

Now this method only works when the port number is specified. ie "servername.my_domain.com:4443".

Is there a way to allow just the name to be used, without having to specify the port number?

Thanks!

"Look into the official documentation for "NAT reflection""

The official docs are a bit steep for this newbie, but that was exactly the clue I needed to start researching and I found the tips I needed. THANK YOU @meyergru! You are indeed a hero.

In particular: FIREWALL > SETTINGS > ADVANCED > Network Address Translation
The key was enabling the following settings:

ENABLED - Reflection for port forwards
ENABLED - Reflection for 1:1 
ENABLED - Automatic outbound NAT for Reflection

Hope that helps someone else.

I should probably make this a different post but it follows on from the above:
I am posting this issue to a separate thread to avoid confusion with the subject line. The certificate issue is resolved.

Changing the Opnsense port allowed me to access to my Nextcloud instance from the WAN, however when I try to  access it from the LAN side I get "the server where this page is isn't responding". (blank page)

I assume it's something related to port forwarding or DNS, but I'm not sure where to look.

Thanks

Thank you. Yes, (1) makes sense and changing the port for OPNsense did stop the certificate error.

Based on this suggestion I did some research and sure enough, Asus uses port 8443 for its router GUI. Hence no issues before.

This is my first OPNsense install. I'm moving from a working Asus router and keeping everything on my home network the same (except the router) in order to get things working as a start point. So far ALMOST everything is working, except:

I have a NextCloud instance running in a container on an Unraid Server, which also hosts a SWAG reverse proxy. Nothing changed there. On OPNsense I have set up DDNS (ddclient using Cloudflare) and the port forwarding to match my previous configuration.

However, when I try to access NextCloud from the Internet I get an Invalid Certificate error. It says my site "has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can't add an exception to visit this site."

The certificate it sees is the one I added to replace the self-signed certificate (using ACMEClient) so I can access the OPNsense GUI internally without the error.

Did I do something wrong? OR

Do I need to add another outward-facing certificate? (If so can you point me to any how-to instructions?)

I didn't need this before, but perhaps OPNsense is just more secure.

Thanks for any help!