Problems accessing the webgui after restore on new hardware

thomka · March 26, 2025, 07:08:05 AM

Hello community,

I have been running OPNsense in my home environment for a while now, and everything has always worked without any issues. Recently, I replaced the hardware, which also changed all interface names.

On the old hardware, I created a backup, modified the XML file by replacing the old interface names (re0 and re1) with the new ones, and then restored the backup.

As far as I can tell, everything seemed to work right away. However, I have one significant issue:

I can no longer access the WebGUI. The firewall appears to be working, the VLAN configuration seems to be functioning correctly, and SSH access is working—but unfortunately, the WebGUI is not.

Does anyone have any hints or suggestions for me?

Thank you very much and best regards!

thomka · March 26, 2025, 08:08:26 AM

troubbleshooting so far:

-fresh installation of OPNSense again on the new host
-updated the new installation to the latest version (same version as the "old/source" system)
-restored OPNSense config (modified with replaced/new interface names)
-shutting off the old machine
-started new host

--> same situation: the new OPNSense host seems to be working fine except WebGUI

patient0 · March 26, 2025, 08:08:57 AM

Can you still access OPNsense using SSH and the console? And did you replace all the occurrences of 're0' and 're1' in the config.xml? If you have VLANs then they will be reference the parent interface, too. Does/did the web GUI run on the default ports, 80/443? And what is the error you get in the browser when trying to access the web GUI?

Could you run via SSH or console:

Code Select

sockstat -P tcp | fgrep light

thomka · March 26, 2025, 08:20:27 AM

Hello and thanks for your reply,

it seems that lighttdp is not running:

Code Select

root@OPNsense:/ # sockstat -P tcp | grep light
root@OPNsense:/ # service lighttpd status
lighttpd is not running.
root@OPNsense:/ #

My browser shows me "ERR_CONNECTION_TIMED_OUT"

lighttpd log-file:

Code Select

root@OPNsense:/usr/local/etc/lighttpd # cat /var/log/lighttpd/latest.log
<29>1 2025-03-26T06:51:24+00:00 OPNsense.localdomain lighttpd 5246 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:52:34+00:00 OPNsense.localdomain lighttpd 5246 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1234) [note] graceful shutdown started
<29>1 2025-03-26T06:52:34+00:00 OPNsense.localdomain lighttpd 5246 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 74476
<29>1 2025-03-26T06:52:34+00:00 OPNsense.localdomain lighttpd 75703 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:53:01+00:00 OPNsense.localdomain lighttpd 75703 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1234) [note] graceful shutdown started
<29>1 2025-03-26T06:53:01+00:00 OPNsense.localdomain lighttpd 75703 - [meta sequenceId="5"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 50852
<29>1 2025-03-26T06:53:01+00:00 OPNsense.localdomain lighttpd 51629 - [meta sequenceId="6"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:54:29+00:00 OPNsense.localdomain lighttpd 51629 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1234) [note] graceful shutdown started
<29>1 2025-03-26T06:54:29+00:00 OPNsense.localdomain lighttpd 51629 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 771
<29>1 2025-03-26T06:54:29+00:00 OPNsense.localdomain lighttpd 2645 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:55:09+00:00 OPNsense.localdomain lighttpd 2645 - [meta sequenceId="4"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 29005
<29>1 2025-03-26T06:56:23+00:00 OPNsense.localdomain lighttpd 60502 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1943) server started (lighttpd/1.4.77)
<29>1 2025-03-26T06:57:50+00:00 OPNsense.localdomain lighttpd 60502 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.2339) server stopped by UID = 0 PID = 6999

removed...see reply below / next answers

patient0 · March 26, 2025, 08:40:17 AM

That is not ideal, is something else running on port 80 and/or 443?

Code Select

sockstat -P tcp | egrep '(80|443)'
And to check the lighttpd config used the for OPNsense GUI

Code Select

lighttpd -tt -f /usr/local/etc/lighttpd_webgui/lighttpd.conf

thomka · March 26, 2025, 08:47:43 AM

Quote from: patient0 on March 26, 2025, 08:40:17 AMThat is not ideal, is something else running on port 80 and/or 443?
Code Select Expand
sockstat -P tcp | egrep '(80|443)'
And to check the lighttpd config used the for OPNsense GUI
Code Select Expand
lighttpd -tt -f /usr/local/etc/lighttpd_webgui/lighttpd.conf

inserted all my findings in answer #3

patient0 · March 26, 2025, 08:53:40 AM

Okey, not sure why you assume the directory of lighttpd if I just posted where it really is.

I find it harder to understand the topic if you add answers to later post, in an earlier one (although you didn't really do exactly what I wrote).

thomka · March 26, 2025, 09:15:55 AM

my reply above was before your answer. that´s why I assumed the wrong directory. I removed it from my answer #3 and will use the "reply" button :-)

Code Select

root@OPNsense:~ # lighttpd -tt -f /usr/local/etc/lighttpd_webgui/lighttpd.conf
2025-03-26 09:15:28: (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/mod_openssl.c.2112) SSL: inactive/expired X509 certificate '/usr/local/etc/lighttpd_webgui/cert.pem'
2025-03-26 09:15:28: (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/mod_openssl.c.2144) SSL: couldn't read private key from '/usr/local/etc/lighttpd_webgui/key.pem'
2025-03-26 09:15:28: (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.77/src/server.c.1659) Initialization of plugins failed. Going down.

patient0 · March 26, 2025, 09:30:21 AM

You can give "OPNsense doc: WebGui access reset" a go, it should create new certs.

thomka · March 26, 2025, 10:04:47 AM

Quote from: patient0 on March 26, 2025, 09:30:21 AMYou can give "OPNsense doc: WebGui access reset" a go, it should create new certs.

solved my problem!

Code Select

configctl webgui restart renew
was the solution. Thanks for your time!

best regards,
thomas

Problems accessing the webgui after restore on new hardware

thomka

March 26, 2025, 07:08:05 AM

thomka

March 26, 2025, 08:08:26 AM #1 Last Edit: March 26, 2025, 08:10:18 AM by thomka

patient0

March 26, 2025, 08:08:57 AM #2

thomka

March 26, 2025, 08:20:27 AM #3 Last Edit: March 26, 2025, 09:11:26 AM by thomka

patient0

March 26, 2025, 08:40:17 AM #4

thomka

March 26, 2025, 08:47:43 AM #5

patient0

March 26, 2025, 08:53:40 AM #6

thomka

March 26, 2025, 09:15:55 AM #7 Last Edit: March 26, 2025, 09:25:54 AM by thomka

patient0

March 26, 2025, 09:30:21 AM #8

thomka

March 26, 2025, 10:04:47 AM #9