Administration accessible with single URL

Started by czmirek, January 11, 2024, 07:37:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 11, 2024, 07:37:20 PM
I have a home opnsense router with 4 interfaces:

interface0 = WAN, not important
interface1 = 192.168.100.0/24
interface2 = 192.168.101.0/24
interface3 = 192.168.102.0/24

The opnsense web administration gui is available on all interfaces with these addresses:

interface1 = 192.168.100.1
interface2 = 192.168.101.1
interface3 = 192.168.102.1

But I would like to access the opnsense web gui using only a single IP address or URL that works on all of these interfaces. So when I put "http://opnsense.local" in browser I'll get opnsense administration web, regardless on interface to which I'm connected now.

Or perhaps some static IP like "http://192.168.111.111" --- I don't mind as far as it is a single thing that works for all interfaces.

I don't know how to achieve the solution for this problem.

- I can't make a DNS record because a DNS override in UnboundDNS cannot be attached to a specific interface only.
- So I thought some kind of Virtual IP / IP Alias would work...but I couldn't make it work as well.
- No luck with trying to configure 1:1 NAT either.

I would greatly appreciate any advice. Thank you!
January 11, 2024, 08:27:19 PM #1
You can access the OPNsense GUI from any attached interface from any IP address.

Since the OPNsense is your default gateway, all requests from any IP address will be sent to the OPNsense.

You only have to adjust the firewall on that interface to allow any source to destination "This Firewall".
Hardware:
DEC740
January 11, 2024, 08:37:06 PM #2
Yes, I can access OPNSense from all interfaces as I said. The firewall is configured to allow all communication.

I don't have a problem that OPNSense is not accessible. It can be accessed from all interfaces. That is working.

I want to OPNSense to be available on all interfaces using a SINGLE URL --- which can be a single IP address.

So for example, if I do "http://192.168.111.111" I'll get OPNSense in all interfaces. Then I'd be able to make a DNS override so the address "http://opnsense.local" would be also available on all interfaces.
January 11, 2024, 11:04:42 PM #3
But I already said you can use any IP address because the OPNsense is your default gateway.

If you are attached to interface 1 you can reach the IP address of interface 3 too.
Hardware:
DEC740
April 20, 2025, 12:01:15 AM #4
Hi czmirek,

Here is my solution.
You cannot view this attachment.

you can see when I ping this domain, the IP address is my WAN IP address.

Also, you should check the Listen Interfaces.
You cannot view this attachment.

April 20, 2025, 07:13:28 AM #5
I'm afraid the OP is complicating things for no reason.
He should probably pick one interface/IP as the "preferred" way to access OPN and adjust his FW rules to allow that (the simplest is to allow HTTPS to "this firewall" - or the preferred interface address - on all 3 interfaces).

Making a DNS entry pointing to that preferred IP is the next step.
Don't use .local for the OPN domain though. There's an explicit warning about that (it messes up mDNS).
I personally wouldn't use an override on a .com domain. At some point, .home might be more appropriate.
April 20, 2025, 08:00:00 AM #6
Maybe DNS is his problem, since records are automatically added for all interfaces. Set Services: Unbound DNS: General -> "Do not register system A/AAAA records" and create a specific DNS override for the DNS name of the OpnSense box yourself.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
April 27, 2025, 03:17:47 AM #7
Quote from: EricPerl on April 20, 2025, 07:13:28 AMI'm afraid the OP is complicating things for no reason.
He should probably pick one interface/IP as the "preferred" way to access OPN and adjust his FW rules to allow that (the simplest is to allow HTTPS to "this firewall" - or the preferred interface address - on all 3 interfaces).

Making a DNS entry pointing to that preferred IP is the next step.
Don't use .local for the OPN domain though. There's an explicit warning about that (it messes up mDNS).
I personally wouldn't use an override on a .com domain. At some point, .home might be more appropriate.

yes, you are right, I changed it to another one, .com domain may cause the conflict.
April 27, 2025, 03:58:33 AM #8
Quote from: meyergru on April 20, 2025, 08:00:00 AMMaybe DNS is his problem, since records are automatically added for all interfaces. Set Services: Unbound DNS: General -> "Do not register system A/AAAA records" and create a specific DNS override for the DNS name of the OpnSense box yourself.

Yeah, if I didn't do this, it would always get stuck every several seconds when using a domain URL instead of an IP address.

I also fixed the https security issue :-)

You cannot view this attachment.
Print
Go Up Pages1
User actions