WebGUI unreachable after reboot since 25.7.11_2

[eric_zrgoq14k]

Hi,

Since updating to 25.7.11_2 (and now also on 25.7.11_9) the WebGUI is unreachable after a reboot/restart of OPNSense
I need to SSH into a shell and then invoke: configctl webgui restart.
Then the WebGUI is immediately available again.
Any thoughts on this?

Cheers, Eric

[Patrick M. Hausen]

Did you change the "Interfaces" setting for the UI? Don't ;-)

[eric_zrgoq14k]

Nope, didn't touch anything. Just updated from the gui

[eric_zrgoq14k]

The WebGUI was reachable on the same LAN, but not through tailscale on reboot.

I found out that the GUI service (lighttpd) has that "race condition" where it tries to start before the Tailscale interface is fully ready.
So I made a '/usr/local/etc/rc.syshook.d/start/99-tailscale-gui-fix', which re-starts the GUI a couple of seconds after a boot-up.
All good now.

[Patrick M. Hausen]

If the UI is listening on 0.0.0.0 that should not be necessary. See my last question. You really left the setting on "All (recommended)"?

[eric_zrgoq14k]

I had that before on Tailscale and MGMT VLAN.
When I set it to: All(recommended) so 0.0.0.0, the Webgui became reachable from my WAN on 80 and 443.
Which I could not understand, because I had no firewall rules set on my WAN so I presumed everything gets blocked.
Setting the interfaces to Tailscale and MGMT VLAN solved that unwanted WAN access.

Edit: Could it be that opening 80, 443 on WAN has something to do with anti lock-out rules which are set automatically?

Edit 2: I have set the interfaces to 'All'. Checked: 'Disable the anti lock-out rule' in Firewall/Advanced/Settings.
And problem is solved. So the 'restart WebGUI' script is not needed.

Cheers, Eric