24.1.9 - Web GUI stopped working

[Patrick M. Hausen]

Maybe a note about the change should be added to the update notes?

Nothing specific to this update. Binding services to individual IP addresses has always been discouraged as per the documentation that was also already cited multiple times in this thread:

https://docs.opnsense.org/manual/settingsmenu.html#listen-interfaces

If it worked before you were lucky. It's never been expected to work reliably.

[sxc731]

I'm also experiencing that issue; apologies for adding to the noise.

In an attempt to minimise exposure (I'd argue this is good practice in sec infra [1]), my Web GUI is indeed restricted to listen to a MGMT interface with a static IPv4 address, with IPv6 config set to 'None' as I don't have a use for it here.  This used to work fine (I know, until it doesn't...)

I also get the smoking gun noted above:

Code Select Expand

/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.76/src/network.c.604) bind() [fe80::5054:ff:febb:5a2b]:443: Can't assign requested address

Is it right for the WebUI to attempt to bind to a disabled IPv6 interface?  Many thanks!!

[1] https://en.wikipedia.org/wiki/Defense_in_depth_(computing)

[newsense]

Using the recommended settings and restricting access on VLANs in scope is a much more reliable avenue

[pickone]

Correct. Though the described loopback approach is much safer if you require explicit single point access.


Cheers,
Franco

Hi! I'm very new to opnsense and I read everything about the new "issue". I made it work again, but I would really love to only have access to the web gui from the local IPs - 192.168.0.0/24 (LAN interface). I read something about loopback address, but I don't understand nothing. Can you please explain step by step, what and where to click, in order to achieve this? Maybe there are more like me and it will help us more. Thank you in advance!