Messages

Well today I finally got around to restoring from backup.  I had to walk away after clicking "go" but when I got back I saw a message about OPNSense is rebooting.  Unfortunately, the dashboard was still broken.

I never actually saw it reboot, so later in the day I use the webGUI to force a reboot.  Although I still didn't actually hear the reboot beep, so maybe it wasn't actually rebooting...

So I walked over and pulled the plug.  When it came back online, the webGUI was feeling better.  I had all my dashboards back.  I was able to check for, and perform, available updates.  When the updates finished, I did hear the device beep for reboot and got all my dashboards back afterwards. 

Situation resolved, I guess.  Thanks to everyone that offered suggestions.  I will pull another backup now, just in case this is preparatory for catastrophic hardware failure.

you're going in a tangential direction to the problem

I tend to agree with this.  It doesn't seem like there's some esoteric setting blocking SSH.  I think I've had a glitch/failure of some kind.  Someone on reddit mentioned the possibility of the SSD being filled up by logs, though none of the attempts to clear logs has helped.  Maybe the plugin I installed lately caused the hard drive to fill, etc.  Without SSH (or convenient console) access, I am in a severely limited state - to only what the webGUI can do. 

Fortunately, it's still FUNCTIONAL, or this failure would have been immediately been met with a reinstall and restore from backup.  Strange as it is... 

At this point, though, I think it's time to restore from backup and see whether that brings back functionality.  I may wait until after upcoming vacation though, in case the restore from backup only makes things worse somehow...

Do you have a multi-WAN setup?  No.
Did you disable the anti-lockout rules by any chance?  No.
Any port forwarding?  Just one for Plex (not the standard port). I do have a rule for forwarding to nginx, but I keep that disabled. That's what I use the HA plugin for. I can remotely enable that port to use a service when I'm not home (which is rare).

For now my internet and WireGuard are still working, so I don't mind taking some time/effort at diagnostics. But if at a dead end, I am comforted knowing a restore from backup should resolve this.

Anything else you think I should try?

I am not seeing anything online that talks about this kind of problem.  I'm also not getting much from reddit or this forum.  Should I just restore from backup?  Anything I should know, like "definitely dont select this option that's going to ensure the problem isn't solved"?

Nevermind, I found Firewall / Log Files / Live View. 

But nothing's happening.  I have Auto refresh enabled, and I hit the refresh button.  Even before applying the filter, I see ZERO activity.

I tried an SSH connection with this page up.  The connection timed out, but the log still showed nothing. 

You ought to be able to locate the rule that enables SSH (nothing that would prevent it is not good enough when deny all is the default).
For that matter, as you attempt to ssh in, with logging enabled for default rules, you should see a pass or fail in the live view (filter on dst_port = 22 if too noisy).

As Patrick mentioned it, the interface that's relevant is the one the PC is connected to.

Can you confirm where to view the live view?

The PC is on LAN. Wouldn't the default "LAN to any" rule allow the ssh?

I don't see anything in my Firewall rules that would prevent me from accessing the box. And the same pc that's reaching it by web is the one trying via ssh.

Beyond that, according to the webgui as of now, ssh is enabled. It's allowed over LAN. It's listening to 22. Password-based login is enabled.

All of which is semi-recently (a month ago or so) arranged so I could ssh in for that home assistant plugin.  When that project concluded all I did was disable ssh entirely. Now re-enabling it isn't helping for some reason.

Other suggestions?

Yes, can confirm.  I can log into webgui from a laptop by visiting the 192.168.x.x ip address for the device.  But even after doing so, and ensuring that ssh is enabled (which I dont leave on by default), I still cant get into ssh.  My attempts to do so just time out.

I relatively-recently used ssh to get into the router to install the home assistant plugin, so I know how to enable it.  That plugin seemed to work well, but may well be the underlying cause of this problem.  I dont know, that's why I am asking for diagnostic suggestions before doing a restore from backup.

I haven't taken the time to connect a keyboard/mouse and screen.  Should I do so?  It's a mild pain to do it.  I might sooner restore from backup if the group thinks that will get me functional again.

I am open to attempting diagnostics, but my GUI doesn't seem capable.  Nothing under Interfaces/Diagnostics gives me any interesting information.  They all seem to go to "No results found!" (I checked ARP Table, got no results.  DNS Lookup doesn't do anything.  NDP Table says no results.  Netstat all 6 options are all blank.   I tried a Trace Route and just got a blank response.)  I am open to alternative suggestions for further diagnosis.

If I go with the 'fallback' restore from backup, what do I lose?  I have Wireguard settings, DuckDNS tracking my public IP, and some static IP addresses.  All of that would come back with a restore from backup, right?

Hello!

My OPNSense instance is half-crashed...?  I noticed my HomeAssistant plugin stopped working, and when I visit the OPNSense webgui, only the Announcements Widget on the Lobby: Dashboard is working. Everything else spins/waits for data, then gives up with "Failed to load widget".

I am pretty sure I am on the latest firmware, though I dont see anywhere in the only-mostly-functional webgui to confirm that.  (Home Assistant still shows OPNSense as 24.7.11_2 firmware even though the plugin is no longer working)

When I visit the plugins page, I see "os-ddclient (missing)" with a bunch of N/A's. If I try to install the missing plugin, I again jump to the Updates page where the circle spins but nothing really happens. If I try the "automatic resolver", or the "reset all conflicts" options, again I wind up at the Updates page where the circle spins but nothing really happens.  I suspect this is for my use of duckdns, but dont know why it's suddenly missing.  It's been working fine for years.

The only way to get anything interesting to happen is to hit the "Check for updates" button on the Status page. That bounces me to the Updates page, but I eventually get "No previous action log found" and nothing else happens.

The webgui works well enough for me to turn SSH back on (i dont keep it enabled), but ssh connection attempts time out. 

I was able to pull a configuration backup and am wondering whether I should just restore from backup at this point?  Any other ideas/suggestions?

Hello All!

I was trying to set up a self-hosted Bitwarden instance, but seem to have royally screwed myself. 

The troubles started when I realized that Bitwarden wanted to use port 80, which is part of the anti-lockout.  So I figured out how to point Bitwarden at port 85.  All well and good.  I set up the port forwarding to the correct local IP with port 85.  All good.  Installing Bitwarden went fine, including setting up with my xxxx.duckdns.org.

Except when I went to have Bitwarden connect to my local instance, it failed.  When I visit xxxx.duckdns.org, I saw my opsense login page, which rejects my login creds.  When I visit the local 192.168.7.209 (the ip for the device on which i installed bitwarden), I somehow also get my opnsense login page.  Which is strange because my opnsense is on 192.168.4.20. 

While messing around with the settings in the Web UI, I toggled it to http.  That didn't help, so I toggled it back.  ... and now nothing works!  I cant access my opnsense login at all!  http://192.168.4.20 just times out.  https://192.168.4.20 also just times out (http vs https).  If I try from a different local device, it still just times out.  I even tried enabling my wireguard to go to 192.168.4.20 - and the connection works but still no WebUI. 

I also tried connecting by ssh, but with port 22 I just get "Connection timed out"

Is there anything else I can do to restore access?

EDIT:
STRANGE!  If I use my cell phone, and use the duckduckgo browser, I can get to 192.168.4.20 and log in!  First things, first... i'm grabbing screenshots of the important settings I would struggle to recreate if this all falls apart.  After that, what should I try changing to restore this webui access for my pc as well?

Edit2:
Through cell phone I was able to copy/paste my entire IP assignments table into an email.  That's the vast majority of what I would hate to lose. 
I was also able to export a backup configuration.  If I burned down my current device and restored, what are the odds my webui would come back?   Or did I bork some setting and that settings going to be coming back from the restore too?

Edit3:
I saw some forum posts with suggestions on how to fix similar problems through ssh.  However, I dont seem to be able to enable ssh.  I can get to the Settings / Administration page on my cell phone, and I can enable the "Enable Secure Shell" setting, hit Save.  All seems fine.  But still if I try to ssh into 192.168.4.20 I consistently get "Connection timed out"  Why cant I access over ssh?

Edit 4:
Other laptops can access Opnsense.  WTF. 
If I use this laptop to visit 192.168.4.20, I get a timeout error.  If I try to visit 192.168.7.209:85 (bitwarden address), I get thrown to xxxx.duckdns.org and get an error about the network change being detected.

Anyone know what's going on here?