46
18.1 Legacy Series / Re: Upgrade 17.7.12_1>18.1 failure
« on: January 29, 2018, 10:42:21 pm »
First off all, thanks a lot for every effort you made to release V18. that's really great.
I am using portforwarding (nat rules) to forward SSL traffic from DMZ based mail-proxy or ssl-proxy to other servers in the LAN-Area.
Since updated from 17 to 18 forwarding of incoming https-traffic (443) from DMZ to LAN is not working.
1.) before i deactivated listen port in admin for web-gui from all (default) to lan, every ssl request was returned from web-gui certificate (which was the wrong one
2.) i changed the web-gui listen port to LAN to ensure access from internal lan. external forwarding to my mail-proxy or ssl-proxy is now not longer answered from (wrong) web-gui certificate of opnsense, BUT the mail-proxy and ssl-proxy is responding with "ERR_SSL_PROTOCOL_ERROR". Means all firewall-rules and NAT-rules working but the "ERR_SSL_PROTOCOL_ERROR" is somehow (i dont know where) in the communication of the firewall to the DMZ based proxys.
I am using portforwarding (nat rules) to forward SSL traffic from DMZ based mail-proxy or ssl-proxy to other servers in the LAN-Area.
Since updated from 17 to 18 forwarding of incoming https-traffic (443) from DMZ to LAN is not working.
1.) before i deactivated listen port in admin for web-gui from all (default) to lan, every ssl request was returned from web-gui certificate (which was the wrong one
2.) i changed the web-gui listen port to LAN to ensure access from internal lan. external forwarding to my mail-proxy or ssl-proxy is now not longer answered from (wrong) web-gui certificate of opnsense, BUT the mail-proxy and ssl-proxy is responding with "ERR_SSL_PROTOCOL_ERROR". Means all firewall-rules and NAT-rules working but the "ERR_SSL_PROTOCOL_ERROR" is somehow (i dont know where) in the communication of the firewall to the DMZ based proxys.