Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Access OPNsense GUI via Tailscale IP address on TLSCL (opt1) Interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Access OPNsense GUI via Tailscale IP address on TLSCL (opt1) Interface (Read 1541 times)
chris.dempsey
Newbie
Posts: 5
Karma: 0
Access OPNsense GUI via Tailscale IP address on TLSCL (opt1) Interface
«
on:
March 17, 2023, 04:49:22 pm »
Objective
To access the OPNsense GUI, using the Tailscale IP address assigned to the OPNsense appliance from any Machine connected to Tailscale.
Overview
After much trial and error this was working last night but I broke it by removing what I thought were irrelevant settings. Despite restoring config files from `System: Configuration: History` I've been unable to reach the previous state and regain access the OPNsense GUI from Machines on Tailscale.
Can anyone help me figure the correct configuration please?
Steps taken
- Installed Tailscale following the instructions at
https://tailscale.com/kb/1097/install-opnsense/
- Failed to gain access to the OPNsense GUI from Machines on Tailscale so in desparation removed Tailscale and reinstalled with
```
make deinstall
make clean
make install
```
- From memory this removed the `TLSCL` Interface so I added it back in from `Interfaes > Assignments` as `TLSCL (opt1)` on `Network Port taiulscale0`
- Created Firewall Rule for the `TLSCL` Interface allow traffic form the network to the interface address - as far as I understand this is the same as the default LAN rules except for net traffic on the TLSCL interface, and should allow traffic to Tailscale IP of the OPNsense appliance 100.11.22.33 on port 443
```
IPv4 * TLSCL net * * * * * Default allow TLSCL to any rule
```
- Discovered I need to update System > Settings > Administration: Listen Interface to include `TLSCL` alongside the default `LAN`
- Assigned the Tailscale IP of OPNsense Machine as a Static IPv4 to the TLSCL Interface at `Interfaces: [TLSCL]` - this seemed to be the key step in finally getting access to the GUI on the Tailscale IP of the OPNsense appliance
- Can ping a Tailscale Machine IP when logged into the OPNsense appliance via SSH (the first 3 responses are via DERP, the final response via the remote Machine's true Public IP)
- Can ping the Tailscale IP of the OPNsense appliance from another Machine on the Tailnet
```
chris@DO-XLR:~$ tailscale ping 100.11.22.33
pong from opnsense (100.11.22.33) via 81.82.83.84:37216 in 16ms
chris@DO-XLR:~$ tailscale ping 100.11.22.33
pong from opnsense (100.11.22.2339) via 81.82.83.84:37216 in 15ms
```
- this logs errors in the Firewall
```
TLSCL 2023-03-17T15:00:14 100.44.55.66:41244 100.11.22.33:443 tcp Default deny / state violation rule
```
- Detailed output from the block is
```
Detailed rule info
__timestamp__ 2023-03-17T15:18:53
ack
action [block]
anchorname
datalen 0
dir [in]
dst 100.11.22.33
dstport 443
ecn
id 50907
interface tailscale0
interface_name TLSCL
ipflags DF
ipversion 4
label Default deny / state violation rule
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 4
seq 2736343943
src 100.44.55.66
srcport 47084
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 64
urp 64480
```
Environment
- OPNsense 23.1.3_4-amd64
- FreeBSD 13.1-RELEASE-p7
«
Last Edit: March 20, 2023, 12:30:57 pm by chris.dempsey
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Access OPNsense GUI via Tailscale IP address on TLSCL (opt1) Interface