Topics

1

23.7 Legacy Series / Web GUI PR_CONNECT_RESET_ERROR when accessed over VPN

« on: November 07, 2023, 12:16:18 pm »

Yesterday, probably since the Update to OPNsense 23.10_2 b9c704d69 (Business Edition), I started getting PR_CONNECT_RESET_ERRORn in the browser when accessing the Web GUI through VPN.

The Web GUI works properly when accessed localy.

The Web GUI Log ist full of

Code: [Select]

2023-11-07T12:13:30 Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/mod_openssl.c.3310) SSL: -1 5 40: Message too long

I use a WireGuard Tunnels to manage OPNsense Firewalls.

No sure it's connected to the update, but I don't see that behavior on systems with OPNsense 23.10

Any ideas?

2

23.1 Legacy Series / Port forwarding / Firewall Destination Issue

« on: July 14, 2023, 02:10:55 pm »

I'm a recent immigrant from the pfSense World and the following situation drove me crazy. I suspect a possible bug (or at least an unexpected behavior) and would be happy to be enlightened by a OPNsense guru if it's not.

I set up a Port Forwarding from my main WAN Interface (WAN_FIBER_Port) to a local network IP. As destination address I had WAN_FIBER_Port address set. All the traffic hitting the Firewall was being rejected by the default deny / state violation rule. The Logs showed the Firewalls Public IP as destination. After a while I realized that the rule does not apply.

It started to work when I set the destination to any. Later I tried manually setting the public IP or WAN_FIBER_Port net and both worked as well.

I was - coming from pfSense - expecting that WAN_FIBER_Port address would be the public IP which the interface gets by DHCP in this case. Somehow this does not seem to be the case. Interestingly WAN_FIBER_Port net works.

Is this intended behavior?

3

23.1 Legacy Series / [SOLVED] Unbound host override not resolving hostname with local/search domain

« on: June 25, 2023, 07:13:51 pm »

Hi, I'm an immigrant from the pfSense country and fairly new here. I got around with OPNsense very well so far, but I just can't get my head around why the host overrides are not working as expected. I tried everything, googling, searching this forum, chatgpt... to no avail.

I use Unifi network devices with a central Unifi Controller which is somewhere else and accessible through a WireGuard VPN. In order to register Unifi devices with the controller the lookup the hostname "unifi" in the local network which should resolve to the IP of the controller. I use the unbound default configuration (as far as I understand). The are their own network and there in a dedicated DHCP Pool.

I set the domain and search domain in the DHCP settings of the corresponding network. I created a host override for unifi.mydomain.tld.
I can resolve it as long as I use the FQDN, but not with the hostname only I get errors. Depending on how I query NXDOMAIN, SERVFAIL or No answer.
It seems like it is not using or respecting the search domain.

Has anyone an idea what I am missing to make this work? I can certainly post more details if required.