WebGUI unusable via IPSec

Started by pchamorro, December 05, 2024, 02:36:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 05, 2024, 02:36:41 AM
I have two DEC695 running everything stock with the business subscription

Almost everything works fine on both.
On one of them although WebGUI is working fine ONLY from the LAN using HTTPS and a self-signed certificate chain
WebGUI will not properly work from IPSec, from IPSec it will log this error on the OPNSide WebGUI Logs:
Error lighttpd (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.76/src/mod_openssl.c.3674) SSL (error): 5 -1: Permission denied

On the client side the WebGUI loads broken with missing or incomplete resources
The web browser logs Failed to load resource: net::ERR_CONNECTION_CLOSED

If WebGUI is switched to HTTP then on the client side then
the web browser instead logs Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH 200 (OK)

This does not happen on the my other DEC695

Both have nearly identical configurations and both running:
OPNsense 24.10.1-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15
Licensed until 2025-04-30

Any suggestions would be appreciated.
December 05, 2024, 08:43:42 AM #1
Check the MTU along the path? That's my first check if you can ping but not much more.
December 07, 2024, 05:32:40 AM #2
Thank you for your response.

I found a workaround for this issue, I capped the mss of packets to/from webgui via IPsec at the minimal size which made the transmissions more reliable and the webgui operable via IPsec.
Print
Go Up Pages1
User actions