Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
SSL error with an Opnsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: SSL error with an Opnsense (Read 701 times)
Brainstoming
Newbie
Posts: 3
Karma: 0
SSL error with an Opnsense
«
on:
January 23, 2024, 02:40:19 pm »
Hello,
I can't put my finger on the cause of the problem, it seems to me that the Opnsense is generating the problem without really understanding the reason.
I have a lab infrastructure on a cloud infrastructure at Hetzner.
I have a few servers: a domain controller, two RDS managed by a broker on another server.
To this infrastructure I've added an Opnsense, which is the only one with a public IP to manage filtering.
The servers only access the WAN via the firewall.
For several days now, my servers have been unable to access certain websites.
The tracert to a website shows me that everything goes out correctly:
However, as soon as I open a web browser I get this:
What's even stranger is that I can access google's .fr and .de domains, and a few websites work, but the majority have exactly the same problem.
As soon as I remove the Opnsense firewall, I don't have this certificate problem. That's why I'm posting this puzzle here.
Does anyone have any clues? Or even encountered this kind of problem?
Thanks in advance for your ideas
Logged
Patrick M. Hausen
Hero Member
Posts: 6812
Karma: 572
Re: SSL error with an Opnsense
«
Reply #1 on:
January 23, 2024, 03:51:28 pm »
The certificate subject that you blurred would be the interesting thing to diagnose your problem. Do you have a transparent web proxy active on your OPNsense?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Brainstoming
Newbie
Posts: 3
Karma: 0
Re: SSL error with an Opnsense
«
Reply #2 on:
January 23, 2024, 04:00:53 pm »
No i don't have active a web proxy on my OPNsense
Logged
Patrick M. Hausen
Hero Member
Posts: 6812
Karma: 572
Re: SSL error with an Opnsense
«
Reply #3 on:
January 23, 2024, 04:07:05 pm »
DNS blocklist? Reaching something identifying as braincloud.online when your browser thinks it's talking to google.be is fishy. VPN provider who might in turn have a transparent proxy?
The last IP addresses in your traceroute seem to belong to google alright.
Perform a Wireshark trace on your desktop system and watch if your browser is talking to that same IP address or anything different.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
SSL error with an Opnsense