"
Thank you, it works now!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Make OPNsense that is behind a FRITZBox reachable through internet
June 20, 2025, 02:56:27 PM #2
General Discussion / Re: Make OPNsense that is behind a FRITZBox reachable through internet
June 20, 2025, 10:34:07 AM
omg you are right! When I access the URL through my cell phone, it works :-)
I have Unbound running, but I have no clue about it...can you elaborate this?
I have Unbound running, but I have no clue about it...can you elaborate this?
#3
General Discussion / Make OPNsense that is behind a FRITZBox reachable through internet
June 20, 2025, 10:16:48 AM
Hi,
I am trying to make my OPNsense reachable through the internet. Unfortunately my ISP forces me to use a FRITZBox as a cable modem and therefore the OPNSense is behind the FRITZBox (which can't be set to bridge mode!).
I set up a DNS A record at my hoster so that my internet address www.blablabla.de points to my static IP address (let's say 130.xxx.yyy.zzz).
In short, my network structure looks like this:
Internet --> FRITZ Box (WAN: 130.xxx.yyy.zzz; LAN: 192.168.178.1/24) --> OPNsense (WAN: 192.168.178.2/24; LAN: 192.168.0.1/24)
On the FRITZBox I added port forwarding for HTTP and HTTPS to my OPNsense.
Now, when I enter https://www.blablabla.de in Chrome, a page of my FRITZBox appears that the request was rejected because of DNS rebind protection.
Q1: shouldn't the FRITZBox already forward the request to my OPNsense?
Well, then I added www.blablabla.de as an exception to the DNS rebind rules. Now when I refresh the browser tab, it opens the login page of my FRITZBox???
Maybe I misunderstand something from the ground up, but shouldn't it forward the request to the OPNsense in this case and show me the login page of the OPNsense?
What am I doing wrong here?
Thanks, Steven
I am trying to make my OPNsense reachable through the internet. Unfortunately my ISP forces me to use a FRITZBox as a cable modem and therefore the OPNSense is behind the FRITZBox (which can't be set to bridge mode!).
I set up a DNS A record at my hoster so that my internet address www.blablabla.de points to my static IP address (let's say 130.xxx.yyy.zzz).
In short, my network structure looks like this:
Internet --> FRITZ Box (WAN: 130.xxx.yyy.zzz; LAN: 192.168.178.1/24) --> OPNsense (WAN: 192.168.178.2/24; LAN: 192.168.0.1/24)
On the FRITZBox I added port forwarding for HTTP and HTTPS to my OPNsense.
Now, when I enter https://www.blablabla.de in Chrome, a page of my FRITZBox appears that the request was rejected because of DNS rebind protection.
Q1: shouldn't the FRITZBox already forward the request to my OPNsense?
Well, then I added www.blablabla.de as an exception to the DNS rebind rules. Now when I refresh the browser tab, it opens the login page of my FRITZBox???
Maybe I misunderstand something from the ground up, but shouldn't it forward the request to the OPNsense in this case and show me the login page of the OPNsense?
What am I doing wrong here?
Thanks, Steven
#4
General Discussion / Re: Can't get OPNsense certificate to work
June 19, 2025, 10:49:24 AM
Don't mind...I did a computer restart and now it works. Sometimes it can be this easy :-)
#5
General Discussion / Can't get OPNsense certificate to work
June 18, 2025, 11:27:16 AM
Hi,
my goal is to have a working certificate for my OPNsense in my LAN so that I can access it from my LAN devices without the annoying browser confirmations.
My OPNsense is running under https://opnsense.cflocal in my LAN.
For this, I have created a root CA certificate:
...and I imported as a root CA certificate on my local computer.
Then I have created a server certificate with Common Name = opnsense.local and DNS Domain names = opnsense.local. The issuer of this is the root CA certificate I created before:
In the OPNsense admin settings I chose this new server certificate.
Now, when I reload the OPNsense browser tab, it is still not shown as secure. The strange thing to me is: Chrome shows the certificate as "valid" (which is what I expect). But why the hell is it not secure then??? Is there an issue with my certificate or is this some other problem?
my goal is to have a working certificate for my OPNsense in my LAN so that I can access it from my LAN devices without the annoying browser confirmations.
My OPNsense is running under https://opnsense.cflocal in my LAN.
For this, I have created a root CA certificate:
...and I imported as a root CA certificate on my local computer.
Then I have created a server certificate with Common Name = opnsense.local and DNS Domain names = opnsense.local. The issuer of this is the root CA certificate I created before:
In the OPNsense admin settings I chose this new server certificate.
Now, when I reload the OPNsense browser tab, it is still not shown as secure. The strange thing to me is: Chrome shows the certificate as "valid" (which is what I expect). But why the hell is it not secure then??? Is there an issue with my certificate or is this some other problem?
Pages1
