Update from 22.7 to 23.1 prevents Web GUI from listening on Wireguard interface

Started by dave-at-home, March 28, 2023, 03:45:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 28, 2023, 03:45:52 AM Last Edit: March 28, 2023, 03:48:06 AM by dave-at-home
It appears that the upgrade (to OPNsense 23.1.4_1-amd64) changed the order of initialization such that the Web GUI is started before the Wireguard interfaces come up.  I see the following in /var/log/system/latest.log:

<11>1 2023-03-24T17:20:48-05:00 dummy.localdomain opnsense 275 - [meta sequenceId="2"] /usr/local/etc/rc.bootup: Unable to configure nonexistent interface opt1 (wg1)

This comes before the line where the GUI is configured:

<13>1 2023-03-24T17:20:49-05:00 dummy.localdomain opnsense 275 - [meta sequenceId="9"] /usr/
local/etc/rc.bootup: plugins_configure early (execute task : webgui_configure_do(1))

However, after a restart, the Wireguard interfaces do come up and work as expected -- except the Web GUI is now unavailable on them.  Restarting the Web GUI using /usr/local/etc/rc.restart_webgui will allow the Web GUI to be seen on the Wireguard interfaces... until the next reboot.

Is anyone else seeing this problem?

Does anyone know of a workaround for this startup problem?  Maybe there's a final startup script where I could tack on the rc.restart_webgui until this gets addressed in a future release.
March 28, 2023, 10:11:11 AM #1
Sorry, this is a general rant on the broader topic surfacing more and more:

I wonder which guide out on the Inetwebs suggests to select a specific listening interface for the web GUI and ignore the warning dialog at the same time that it will lock you out of you use it without proper care?


Cheers,
Franco
March 28, 2023, 10:50:45 PM #2
Hi Franco,

I believe I've used proper care and, prior to the upgrade, had a configuration that worked perfectly for my purposes. 

After the upgrade, I only have a problem after a reboot, and restarting the web GUI from the console (or from the GUI via a non-wireguard interface) has the system working exactly as desired -- with no other configuration changes.

If there's specific documentation you'd like to suggest I read because you think it's relevant to or explains what I'm seeing, I'd appreciate the reference.

Thanks,
- dave

March 29, 2023, 04:07:55 PM #3
Hi Dave,

Since the topic comes up more and more lately Ad was nice enough to add the relevant section to the documentation:

https://docs.opnsense.org/manual/settingsmenu.html#listen-interfaces

It includes best practice and what to avoid when wanting to deal with manual listen interfaces configuration.


Cheers,
Franco
August 08, 2023, 12:56:55 AM #4
hmmm, i was running also in this pitfall :( i want to listen the web gui on my wireguard interface, here is my current work around:

configre your system to listen on all interfaces or dedicated to e.g. LAN + WG0

create a new file:
Code Select
/usr/local/etc/rc.syshook.d/start/51-wireguard-ext
paste this content into it:
Code Select
#!/bin/sh

# restart web ui in hope to listen also on wireguard interface
/usr/local/etc/rc.restart_webgui

# restart ssh to also listen on wireguard interface
configctl openssh restart

and also set the execution flag to this file:
Code Select
chmod +x /usr/local/etc/rc.syshook.d/start/51-wireguard-ext

reboot your system and you are fine ;)
Print
Go Up Pages1
User actions