Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Caddy http access issues
« previous
next »
Print
Pages: [
1
]
Author
Topic: Caddy http access issues (Read 117 times)
NeoDragon
Newbie
Posts: 17
Karma: 0
Caddy http access issues
«
on:
November 04, 2024, 06:29:40 pm »
Hi,
I've been using caddy plugin for a little while. Recently, http access started acting up and not allowing ip's included in the addresses, specifically opnvpn subnet.
VPN subnet is on 192.168.50.1/24
Local Subnet is on 192.168.0.0/16
Tried adding 192.168.0.0/16 and the 192.168.50.2 ip (the vpn user address) and it still doesn't work.
As soon as I remove access restriction, everything starts to work again.
------
As i was typing this, I figured it out looking to share the caddyfile.
Invert option might be "inverted", as in it denies access to ip address listed instead of allowing.
Inverted not checked : not client_ip 192.168.0.0/16 192.168.50.2
Inverted checked : client_ip 192.168.0.0/16 192.168.50.2
Logged
Monviech
Global Moderator
Hero Member
Posts: 1512
Karma: 171
Re: Caddy http access issues
«
Reply #1 on:
November 04, 2024, 09:19:02 pm »
Invert not checked should:
"If the client ip /is not/ 192.168.0.0/24, then abort the connection."
Invert checked should:
"If the client ip /is/ 192.168.0.0/24, then abort the connection."
After that match, all IPs that fall through and are not aborted are allowed.
Also keep in mind its the actual client IP on Layer 7 in the header the client sends in the HTTP or HTTPS request. It can be a different one than expected. You have to inspect the HTTP access log.
Maybe that connection doesnt take the route through the VPN but around it and comes with an external IP.
«
Last Edit: November 04, 2024, 09:20:39 pm by Monviech
»
Logged
Hardware:
DEC740
NeoDragon
Newbie
Posts: 17
Karma: 0
Re: Caddy http access issues
«
Reply #2 on:
November 04, 2024, 11:23:23 pm »
You were right, even tho VPN traffic is routed and i can access local ip's and all, caddy is still getting a WAN ip from http log instead of local id.
Any way to change that?
Logged
Monviech
Global Moderator
Hero Member
Posts: 1512
Karma: 171
Re: Caddy http access issues
«
Reply #3 on:
November 05, 2024, 06:13:43 am »
Well yeah that can be changed but that has nothing to do with caddy.
Read on the difference between a Split Tunnel and Full Tunnel VPN.
Another option is Split DNS while the tunnel is connected.
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Caddy http access issues