Quote from: kosta on December 09, 2025, 09:01:56 PM"In order to use GeoIP, you need to configure a source in the GeoIP settings tab"hast du das auch gemacht?
debug.log-response-header = "enable"
debug.log-request-header = "enable"accesslog.syslog-level = 7accesslog.use-syslog = "enable"accesslog.filename = log_root + "/access.log"configctl webgui restart
/usr/local/etc/rc.restart_webgui
2025-12-09T21:56:04
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:21:56:04 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0" ⚡tobia ❯❯ ./curl -vk --http2 https://10.50.20.1
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Trying 10.50.20.1:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* start date: May 12 14:22:51 2024 GMT
* expire date: Jun 13 14:22:51 2025 GMT
* issuer: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* Certificate level 0: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to 10.50.20.1 (10.50.20.1 port 443) from 192.168.1.200 port 53262
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://10.50.20.1/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: 10.50.20.1]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.17.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: 10.50.20.1
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/2 200
< set-cookie: PHPSESSID=XXX; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: PHPSESSID=XXX; path=/; secure; HttpOnly
< set-cookie: cookie_test=XXX; expires=Tue, 09 Dec 2025 21:21:34 GMT; Max-Age=3600; path=/; secure; HttpOnly
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate
< pragma: no-cache
< content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< referrer-policy: same-origin
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=31536000
< accept-ranges: bytes
< content-length: 2789
< date: Tue, 09 Dec 2025 20:21:33 GMT
< server: OPNsense
<
<!doctype html>
<html lang="en-US" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<title>Login | OPNsense</title>
<link href="/ui/themes/rebellion/build/css/main.css?v=190a5ea47ddfe74a" rel="stylesheet">
<link href="/ui/themes/rebellion/build/images/favicon.png?v=190a5ea47ddfe74a" rel="shortcut icon">
<script src="/ui/js/jquery-3.5.1.min.js"></script>
<script src="/ui/js/theme.js?v=190a5ea47ddfe74a"></script>
<script>
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "Mg_cQQ_BwGrt5cZfGZCH2Q" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:50px;">
<div class="navbar-brand">
<img src="/ui/themes/rebellion/build/images/default-logo.png?v=190a5ea47ddfe74a" height="30" alt="logo" />
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off"><input type="hidden" name="QdgI-W_IbDP7V2LuCt37pw" value="Mg_cQQ_BwGrt5cZfGZCH2Q" autocomplete="new-password" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/">OPNsense</a> (c) 2014-2025 <a target="_blank" href="https://www.deciso.com/">Deciso B.V.</a>
</div>
</div>
</body>
</html>
* Connection #0 to host 10.50.20.1:443 left intact ⚡tobia ❯❯ ./curl -vk --http2 https://opnsense.XXX.dev
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Host opnsense.XXX.dev:443 was resolved.
* IPv6: (none)
* IPv4: 10.10.20.9
* Trying 10.10.20.9:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.XXX.dev
* start date: Nov 14 12:53:44 2025 GMT
* expire date: Feb 12 12:53:43 2026 GMT
* issuer: C=US; O=Let's Encrypt; CN=R12
* Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to opnsense.XXX.dev (10.10.20.9 port 443) from 192.168.1.200 port 53371
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://opnsense.XXX.dev/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: opnsense.XXX.dev]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.17.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: opnsense.XXX.dev
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/2 400
< content-type: text/html
< date: Tue, 09 Dec 2025 20:24:22 GMT
< server: OPNsense
< content-length: 162
<
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>400 Bad Request</title>
</head>
<body>
<h1>400 Bad Request</h1>
</body>
</html>
* Connection #0 to host opnsense.XXX.dev:443 left intact ⚡tobia ❯❯ ./curl -vk --http1.1 https://10.50.20.1
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Trying 10.50.20.1:443...
* ALPN: curl offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* start date: May 12 14:22:51 2024 GMT
* expire date: Jun 13 14:22:51 2025 GMT
* issuer: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* Certificate level 0: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to 10.50.20.1 (10.50.20.1 port 443) from 192.168.1.200 port 53497
* using HTTP/1.x
> GET / HTTP/1.1
> Host: 10.50.20.1
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly; SameSite=Lax
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly
< Set-Cookie: cookie_test=XXX; expires=Tue, 09 Dec 2025 21:28:14 GMT; Max-Age=3600; path=/; secure; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: same-origin
< Content-type: text/html; charset=UTF-8
< Strict-Transport-Security: max-age=31536000
< Accept-Ranges: bytes
< Content-Length: 2789
< Date: Tue, 09 Dec 2025 20:28:14 GMT
< Server: OPNsense
<
<!doctype html>
<html lang="en-US" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<title>Login | OPNsense</title>
<link href="/ui/themes/rebellion/build/css/main.css?v=190a5ea47ddfe74a" rel="stylesheet">
<link href="/ui/themes/rebellion/build/images/favicon.png?v=190a5ea47ddfe74a" rel="shortcut icon">
<script src="/ui/js/jquery-3.5.1.min.js"></script>
<script src="/ui/js/theme.js?v=190a5ea47ddfe74a"></script>
<script>
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "QHvHZSgsipJdn7QCOlywiA" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:50px;">
<div class="navbar-brand">
<img src="/ui/themes/rebellion/build/images/default-logo.png?v=190a5ea47ddfe74a" height="30" alt="logo" />
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off"><input type="hidden" name="H6oJ5FEb0wUfRprByrj2DQ" value="QHvHZSgsipJdn7QCOlywiA" autocomplete="new-password" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/">OPNsense</a> (c) 2014-2025 <a target="_blank" href="https://www.deciso.com/">Deciso B.V.</a>
</div>
</div>
</body>
</html>
* Connection #0 to host 10.50.20.1:443 left intact ⚡tobia ❯❯ ./curl -vk --http1.1 https://opnsense.XXX.dev
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Host opnsense.XXX.dev:443 was resolved.
* IPv6: (none)
* IPv4: 10.10.20.9
* Trying 10.10.20.9:443...
* ALPN: curl offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=*.XXX.dev
* start date: Nov 14 12:53:44 2025 GMT
* expire date: Feb 12 12:53:43 2026 GMT
* issuer: C=US; O=Let's Encrypt; CN=R12
* Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to opnsense.XXX.dev (10.10.20.9 port 443) from 192.168.1.200 port 53562
* using HTTP/1.x
> GET / HTTP/1.1
> Host: opnsense.XXX.dev
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: no-store, no-cache, must-revalidate
< Content-Length: 2789
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 09 Dec 2025 20:30:14 GMT
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Referrer-Policy: same-origin
< Server: OPNsense
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly; SameSite=Lax
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly
< Set-Cookie: cookie_test=XXX; expires=Tue, 09 Dec 2025 21:30:14 GMT; Max-Age=3600; path=/; secure; HttpOnly
< Strict-Transport-Security: max-age=31536000
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
<
<!doctype html>
<html lang="en-US" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<title>Login | OPNsense</title>
<link href="/ui/themes/rebellion/build/css/main.css?v=190a5ea47ddfe74a" rel="stylesheet">
<link href="/ui/themes/rebellion/build/images/favicon.png?v=190a5ea47ddfe74a" rel="shortcut icon">
<script src="/ui/js/jquery-3.5.1.min.js"></script>
<script src="/ui/js/theme.js?v=190a5ea47ddfe74a"></script>
<script>
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "vCn25poe5-7duF4xaGVFqg" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:50px;">
<div class="navbar-brand">
<img src="/ui/themes/rebellion/build/images/default-logo.png?v=190a5ea47ddfe74a" height="30" alt="logo" />
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off"><input type="hidden" name="Y-eTdSKnnMVkTXU-RgdR8g" value="vCn25poe5-7duF4xaGVFqg" autocomplete="new-password" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/">OPNsense</a> (c) 2014-2025 <a target="_blank" href="https://www.deciso.com/">Deciso B.V.</a>
</div>
</div>
</body>
</html>
* Connection #0 to host opnsense.XXX.dev:443 left intactQuote from: Monviech (Cedrik) on December 08, 2025, 09:27:45 PMYou wrote quite an essay there.
The model comma separates values automatically. Just enter a range without comma, press tab, enter the next range without comma, and so on.
Quote from: Patrick M. Hausen on December 07, 2025, 09:38:51 PMIf the DHCP server in LAN98 sends a default gateway that is the cause for your static route. Don't use DHCP or any dynamic configuration for anything but WAN.This was indeed the solution to the problem, thank you so much.