Update from 22.7 to 23.1 prevents Web GUI from listening on Wireguard interface

[dave-at-home]

It appears that the upgrade (to OPNsense 23.1.4_1-amd64) changed the order of initialization such that the Web GUI is started before the Wireguard interfaces come up.  I see the following in /var/log/system/latest.log:

<11>1 2023-03-24T17:20:48-05:00 dummy.localdomain opnsense 275 - [meta sequenceId="2"] /usr/local/etc/rc.bootup: Unable to configure nonexistent interface opt1 (wg1)

This comes before the line where the GUI is configured:

<13>1 2023-03-24T17:20:49-05:00 dummy.localdomain opnsense 275 - [meta sequenceId="9"] /usr/
local/etc/rc.bootup: plugins_configure early (execute task : webgui_configure_do(1))

However, after a restart, the Wireguard interfaces do come up and work as expected -- except the Web GUI is now unavailable on them.  Restarting the Web GUI using /usr/local/etc/rc.restart_webgui will allow the Web GUI to be seen on the Wireguard interfaces... until the next reboot.

Is anyone else seeing this problem?

Does anyone know of a workaround for this startup problem?  Maybe there's a final startup script where I could tack on the rc.restart_webgui until this gets addressed in a future release.

[franco]

Sorry, this is a general rant on the broader topic surfacing more and more:

I wonder which guide out on the Inetwebs suggests to select a specific listening interface for the web GUI and ignore the warning dialog at the same time that it will lock you out of you use it without proper care?


Cheers,
Franco

[dave-at-home]

Hi Franco,

I believe I've used proper care and, prior to the upgrade, had a configuration that worked perfectly for my purposes. 

After the upgrade, I only have a problem after a reboot, and restarting the web GUI from the console (or from the GUI via a non-wireguard interface) has the system working exactly as desired -- with no other configuration changes.

If there's specific documentation you'd like to suggest I read because you think it's relevant to or explains what I'm seeing, I'd appreciate the reference.

Thanks,
 - dave

[franco]

Hi Dave,

Since the topic comes up more and more lately Ad was nice enough to add the relevant section to the documentation:

https://docs.opnsense.org/manual/settingsmenu.html#listen-interfaces

It includes best practice and what to avoid when wanting to deal with manual listen interfaces configuration.


Cheers,
Franco

[skydiablo]

hmmm, i was running also in this pitfall i want to listen the web gui on my wireguard interface, here is my current work around:

configre your system to listen on all interfaces or dedicated to e.g. LAN + WG0

create a new file:

Code: [Select]

/usr/local/etc/rc.syshook.d/start/51-wireguard-extpaste this content into it:

Code: [Select]

#!/bin/sh

# restart web ui in hope to listen also on wireguard interface
/usr/local/etc/rc.restart_webgui

# restart ssh to also listen on wireguard interface
configctl openssh restart
and also set the execution flag to this file:

Code: [Select]

chmod +x /usr/local/etc/rc.syshook.d/start/51-wireguard-ext
reboot your system and you are fine