[SOLVED] Zenarmor 1.14: 'Network error' after upgrading

[sos_opnsense]

Upgraded to 1.14 from 1.13 today via the GUI and get "network error" in the Zenarmor pages.

So - uninstalled using the OPNsense plugins page, and reinstalled as per web instructions ( https://www.zenarmor.com/free-edition-plan).

Now, I'm stuck on the wizard - I get a spinning wheel under 'Database Settings', then nothing happens, and I can't select 'Next' to get to 'Interface Settings'. I suspect this is a netmap driver issue, or similar - although 1.13.4 was running fine.

There are no errors under 'Notifications', and the Info says "Engine Started".

[701h]

I have no help to offer, I'm just adding that the same has happened to me. I have not removed the package yet.

[Archanfel80]

Same here, after an upgrade zenarmor stuck, so i reinstall the whole opnsense, restored from backup ( deleted the zenarmor configuration parts ) then install the fresh zenarmor. I try to setup but even the initial setup stuck with the Network Error
Please check your network connection message. It seems something is broken with this.

[deuch]

I've a opnsense installed on my home network.

I've tried to update zenarmor 1.14 and i've the same issue "Network Error".

I reach my opnsense device with https://opnsense.localdomain url (private one).

After updating zenarmor or try to reinstall it, the network connection come from the issue that zenarmor web ui try to fetch the js/css/img/html component from my WAN ip address and not the 192.168.1.1/opnsense.localdomain url ... + issue with CORS policy because of the mismatch of the 2 domains/ips

I think there is something wrong with the setup and the WAN address must nor be used to serve the web ui of zenarmor

Even the uninstall tab does not work with the same "Network Error", so i can not send a ticket to support directly :(

So for now, no more zenarmor on my system to protect my kids devices :( ... I'm in my trying period and was ready to buy a subscription, but with this faulty upgrade, i'm starting to look other products.

[Dantichrist]

I have the same issue as above. Most things say "network error" including the health check section. The only thing that's in the notifications is engine started.

Edit: If I log in via IP address everything seems to be working. Logging in via host.domain will not.

Edit #2: Updating to 1.14.1 resolved the issue. Thanks!

[kozistan]

Same here, restored VM Snapshot as I'm running business on it

[athurdent]

I've a opnsense installed on my home network.

I've tried to update zenarmor 1.14 and i've the same issue "Network Error".

I reach my opnsense device with https://opnsense.localdomain url (private one).

After updating zenarmor or try to reinstall it, the network connection come from the issue that zenarmor web ui try to fetch the js/css/img/html component from my WAN ip address and not the 192.168.1.1/opnsense.localdomain url ... + issue with CORS policy because of the mismatch of the 2 domains/ips

I think there is something wrong with the setup and the WAN address must nor be used to serve the web ui of zenarmor

Even the uninstall tab does not work with the same "Network Error", so i can not send a ticket to support directly :(

So for now, no more zenarmor on my system to protect my kids devices :( ... I'm in my trying period and was ready to buy a subscription, but with this faulty upgrade, i'm starting to look other products.

Odd, just checked my installation. According to the Safari Web Inspector, the menu is being pulled from my LAN IP. Only external content is some Google fonts stuff, which is not pulled by zenarmor but my theme. What happens if you access your device with it's internal IP?

[serbans]

Same here, adding here for tracking.

Installer finished, rebooted twice, "Network error" everywhere in the new menus.

Serban

[db9]

I have the same issue with network error when viewing the dashboard. Workaround was to reach the firewall (dashboard) via IP-address instead of FQDN.

Second issue is that I can only select one interface to protect in the settings > configuration. If I select three interfaces only one will be selected after applying the configuration. In the dashboard and live view more interfaces are shown.

[sos_opnsense]

After updating zenarmor or try to reinstall it, the network connection come from the issue that zenarmor web ui try to fetch the js/css/img/html component from my WAN ip address and not the 192.168.1.1/opnsense.localdomain url ... + issue with CORS policy because of the mismatch of the 2 domains/ips

I think there is something wrong with the setup and the WAN address must nor be used to serve the web ui of zenarmor

FWIW, I access my OPNsense on a FQDN.

EDIT: I just tried to access via the router IP address (https://192.x.x.x:port) - still the same error / lack of progress / 'Network error'.

[serbans]

So,update from me (Licensed Home version)
I can "access" the Zenarmor menus when accessing the FW with the IP address, but:
- all buttons are greyed out (clicking on them issues a message - "setting updated" but the  position of the switches is still "off") - quite disconcerting considering the privacy settings also cannot be actually viewed from the GUI either
- I run the reporting on an external Elasticsearch DB - cannot see any reports, the system says "network error".

UPDATE:
- in Safari the buttons are visible, in Firefox, even clearing cache / private window - no luck.

[deuch]

I did an install with using the management IP of the FW and it works this time.

I'm now able to create policies etc ...

But i can not still use zenarmor with the opnsense.localdomain name, only with the private ip

[pwalczak]

Hey there,

same thing in my router. I believe the problem is that the frontend now tries to access the zenarmor API using the router LAN IP address instead of the URL address of the router GUI.

In my case I access the router with the URL: https://my.awesome.router which is secured with a letsencrypt certificate. The Zenarmor client though tries to use the URL https://192.168.1.1/api/zenarmor which of course leads to an invalid certificate error and prevents the client from getting to an access token.

Is there any configuration setting available which allows us to set the URL of the Zenarmor API backend?

[stomek]

Hi everyone,

having the identical issue after the upgrade.
Access to the Zenarmor tab in OPNsense is not working using the FQDN, but works using the internal mgmt IP address.
Hope Zenarmor is fixing the issue in due course.

Rgds,
Stefan

[sos_opnsense]

Good work tracking this one down, everyone!

Dare I say, it looks like it *should* be a straightforward fix for Zenarmor.

Surprised this wasn't picked up in beta though - it's not as though running a firewall behind a certificate and FQDN is a bleeding-edge use case.

Unfortunately, I'll have to wait for the actual fix, since using the internal management IP address isn't working for me.