Messages

1

General Discussion / Re: Access to Opnsense GUI without specifying the port

« on: April 25, 2024, 04:56:00 am »

Thank you Patrick,

I understand that 443 is the default (and yes, I did make a bookmark with the new port, exactly as you suggested.)

I was hoping there might have been some configuration options on Opnsense to get round it using redirection or something. It's not a big deal to use the port though. I just like things to be simple.

Thanks again.

2

General Discussion / Access to Opnsense GUI without specifying the port

« on: April 25, 2024, 12:30:33 am »

New user here. Sorry for what is probably an very basic question.

I created a certificate (using ACME client) so I could login to the Opnsense GUI without the security errors (using "servername.my_domain.com"). This worked initially, but because of a conflict, I had to change the port number to something other than 443 (I chose 4443).

Now this method only works when the port number is specified. ie "servername.my_domain.com:4443".

Is there a way to allow just the name to be used, without having to specify the port number?

Thanks!

3

General Discussion / Re: "Invalid Certificate" blocking Internet access

« on: April 18, 2024, 11:45:17 pm »

"Look into the official documentation for "NAT reflection""

The official docs are a bit steep for this newbie, but that was exactly the clue I needed to start researching and I found the tips I needed. THANK YOU @meyergru! You are indeed a hero.

In particular: FIREWALL > SETTINGS > ADVANCED > Network Address Translation
The key was enabling the following settings:

ENABLED - Reflection for port forwards
ENABLED - Reflection for 1:1 
ENABLED - Automatic outbound NAT for Reflection

Hope that helps someone else.

4

General Discussion / Re: "Invalid Certificate" blocking Internet access

« on: April 18, 2024, 08:01:28 pm »

I should probably make this a different post but it follows on from the above:
I am posting this issue to a separate thread to avoid confusion with the subject line. The certificate issue is resolved.

Changing the Opnsense port allowed me to access to my Nextcloud instance from the WAN, however when I try to  access it from the LAN side I get "the server where this page is isn't responding". (blank page)

I assume it's something related to port forwarding or DNS, but I'm not sure where to look.

Thanks

5

General Discussion / Re: "Invalid Certificate" blocking Internet access

« on: April 18, 2024, 06:37:22 pm »

Thank you. Yes, (1) makes sense and changing the port for OPNsense did stop the certificate error.

Based on this suggestion I did some research and sure enough, Asus uses port 8443 for its router GUI. Hence no issues before.

6

General Discussion / "Invalid Certificate" blocking Internet access

« on: April 18, 2024, 01:30:56 am »

This is my first OPNsense install. I'm moving from a working Asus router and keeping everything on my home network the same (except the router) in order to get things working as a start point. So far ALMOST everything is working, except:

I have a NextCloud instance running in a container on an Unraid Server, which also hosts a SWAG reverse proxy. Nothing changed there. On OPNsense I have set up DDNS (ddclient using Cloudflare) and the port forwarding to match my previous configuration.

However, when I try to access NextCloud from the Internet I get an Invalid Certificate error. It says my site "has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site."

The certificate it sees is the one I added to replace the self-signed certificate (using ACMEClient) so I can access the OPNsense GUI internally without the error.

Did I do something wrong? OR

Do I need to add another outward-facing certificate? (If so can you point me to any how-to instructions?)

I didn't need this before, but perhaps OPNsense is just more secure.

Thanks for any help!