Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
24.1.9 - Web GUI stopped working
« previous
next »
Print
Pages: [
1
]
2
3
Author
Topic: 24.1.9 - Web GUI stopped working (Read 4380 times)
ProximusAl
Full Member
Posts: 111
Karma: 15
24.1.9 - Web GUI stopped working
«
on:
June 18, 2024, 03:21:55 pm »
I've so far upgraded 2 OPNSense routers from 24.1.8 to 24.1.9
First one was fine.....an IPv6 only router.
Second one, the WebGUI failed to work, but everything else was fine. SSH, Ping, Routing etc
I tried a reboot, still not working.
The only thing that fixed it was issuing /usr/local/etc/rc.restart_webgui
Doing my third now...
Logged
Greg_E
Sr. Member
Posts: 302
Karma: 16
Re: 24.1.9 - Web GUI stopped working
«
Reply #1 on:
June 18, 2024, 03:29:29 pm »
After issuing that command, did the GUI survive a reboot?
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: 24.1.9 - Web GUI stopped working
«
Reply #2 on:
June 18, 2024, 03:34:51 pm »
Just tried that.
No.
I shut it down...pulled the power out....waited....reapplied power.....
This command is now needed everytime. Was perfectly fine before.
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: 24.1.9 - Web GUI stopped working
«
Reply #3 on:
June 18, 2024, 03:37:14 pm »
Further to this....the IPv6 only router was fine, and the WebGUI is accessed over HTTP.
My home router was fine (IPv4 and 6), access to WebGUI over HTTPS
This one, access to WEBGUI over HTTP doing both IPv4 and IPv6.....borked.
I did notice that I had the HSTS tickbox checked even though its over HTTP so unticked that now, will try again.
Logged
franco
Administrator
Hero Member
Posts: 17483
Karma: 1589
Re: 24.1.9 - Web GUI stopped working
«
Reply #4 on:
June 18, 2024, 04:08:06 pm »
This perhaps?
https://docs.opnsense.org/manual/settingsmenu.html#listen-interfaces
Cheers,
Franco
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: 24.1.9 - Web GUI stopped working
«
Reply #5 on:
June 18, 2024, 04:15:05 pm »
Hi Franco.....
It could be....but why now?
I've had it set to LAN like....forever....
Logged
franco
Administrator
Hero Member
Posts: 17483
Karma: 1589
Re: 24.1.9 - Web GUI stopped working
«
Reply #6 on:
June 18, 2024, 04:17:04 pm »
It works until it doesn't is the general issue here. I've been working on a number of IPv6 improvements. Not sure if something changed the timing of the boot sequence but it could also be boot timing related issues with other software updates running as plugins even.
Cheers,
Franco
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: 24.1.9 - Web GUI stopped working
«
Reply #7 on:
June 18, 2024, 04:36:02 pm »
I can confirm that un-setting this from LAN to All does fix it, although now given me a headache on how to resolve an issue, as the way I've done IPv6 means you can hit the admin interface now globally.
I dont do traditional IPv6 the normal way, so I may have to rethink this whole IPv6 thing....
Logged
franco
Administrator
Hero Member
Posts: 17483
Karma: 1589
Re: 24.1.9 - Web GUI stopped working
«
Reply #8 on:
June 18, 2024, 04:45:25 pm »
As long as you don't accept inbound IPv6 traffic for the web interface port I don't see how this would be possible.
Depending on the setup using LAN as selection can end up with the same issue, because LAN has a GUA and if you allow incoming traffic you will be routed to your LAN interface web GUI. It sort of shows that this has nothing to do with this setting, perhaps just that IPv6 can be different from IPv4 firewall approach.
Cheers,
Franco
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: 24.1.9 - Web GUI stopped working
«
Reply #9 on:
June 18, 2024, 04:51:47 pm »
Thanks Franco....
I'll have a think about this one and figure something out.....
Logged
franco
Administrator
Hero Member
Posts: 17483
Karma: 1589
Re: 24.1.9 - Web GUI stopped working
«
Reply #10 on:
June 18, 2024, 04:57:01 pm »
Sure, please let us know what you did so it can help others later on.
Cheers,
Franco
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: 24.1.9 - Web GUI stopped working
«
Reply #11 on:
June 18, 2024, 07:19:23 pm »
Hi Franco,
I was looking in live view whilst hitting the admin interface from outside but nothing was showing.
I can see when I hit on IPv4 I get the default state deny rule, but nothing for IPv6.
Taking a guess I added a block rule for ipv6 only on the WAN to this firewall port 80 and sure enough that’s enough to stop it.
This may be the way forward for me but I wondered why I never saw anything in the logs on a successful hit?
I wondered if the Anti Lockout was at play here perhaps?
Appreciate your insight.
Logged
franco
Administrator
Hero Member
Posts: 17483
Karma: 1589
Re: 24.1.9 - Web GUI stopped working
«
Reply #12 on:
June 18, 2024, 07:43:15 pm »
I wouldn't think it was anti-lockout. When you create a quick pass rule for IPv6 traffic on WAN or floating you don't see the logging unless you log all that traffic via the rule option too.
In some cases you may want logging for a short period of time to make sure it all works as expected on such broad rules, but when moving these to production logging is turned off.
What you can do is create a specific rule for GUI access too in order to be able to log / trace that all the time if needed. This way you can also see who has accessed it that shoudn't (scope of the rule may be wrong).
Cheers,
Franco
Logged
ProximusAl
Full Member
Posts: 111
Karma: 15
Re: 24.1.9 - Web GUI stopped working
«
Reply #13 on:
June 18, 2024, 08:15:36 pm »
Thank you so much for your help.
It turns out I was way overthinking this (Because of the crazy way I deploy IPv6)
A simple block rule on the WAN for IPv6 (did IPv4 for double measure) has resolved my issue.
One question though….I don’t understand why the firewall was happily blocking IPv4 on the WAN, but not IPv6?
I assumed when I set listen interfaces to all 4 and 6 (given they are both on the same interface) would behave the same?
My IPv6 deployment is crazy as I have 2 leased lines. 1 doesn’t support IPv6, and 1 does.
The one that doesn’t support IPv6 is our primary line for IPv4.
We use a Watchguard firewall at our network edge (With 2 OPNsense above that for each leased line feeding the WG which are used for routing only. )
I added a 3rd OPNsense in my LAN which is ULA, and use that for NPTv6, so clients on the LAN can use IPv6.
Watchguard IPv6 implementation sucks, so that’s how I do it.
IPv4 exits leased line 1. IPv6 exists leased line 2. All only possible because of OPNsense.
Logged
franco
Administrator
Hero Member
Posts: 17483
Karma: 1589
Re: 24.1.9 - Web GUI stopped working
«
Reply #14 on:
June 19, 2024, 03:16:39 pm »
> One question though….I don’t understand why the firewall was happily blocking IPv4 on the WAN, but not IPv6?
Not knowing the network setup and rules employed this is hard to guess, sorry.
Cheers,
Franco
Logged
Print
Pages: [
1
]
2
3
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
24.1.9 - Web GUI stopped working