Pls Help: I can access webgui on HTTP although only HTTPS is checked. in config

Started by glau, May 03, 2026, 11:49:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 03, 2026, 11:49:03 PM
Hello,
pls find hereafter a picture of my configuration. I try to connect to webgui on https, but I am always switched on http.
I do not understand why...
Thanks for your kind help.
Regards,
GL

May 04, 2026, 07:08:35 AM #1
Quote from: glau on May 03, 2026, 11:49:03 PMpls find hereafter a picture of my configuration. I try to connect to webgui on https, but I am always switched on http.
I do not understand why...
You are right, that should not be possible. If you access the GUI by HTTP you will be redirected to HTTPS automatically.
Have you pressed 'Save' at the bottom of the page?

Can you post a picture of the web browser URL when you access the GUI per HTTP, that includes the full URL when the GUI/login is shown?
And maybe try a `curl -o - http://<your OPNsense>/ ? That should not output anything normaly when HTTPS is active.
Deciso DEC740
May 04, 2026, 11:19:54 AM #2
Hello
thanks for your support. I am now in my job place, I can post the picture this evening.
Yes I saved and restarted the router as precaution before writing this post. The pictures have been taken after several restarts. I made several attemts to login with https and http, getting always the same behaviour as described below.
Basically what happens is that:
1) if I use https://router_ip then I get a message from the browser that the connection is not safe and, if I force to go on, I get in the address bar of the browser an https red with the "deleted" sign and then in the address bar appears http://router_ip with the router login page
2) if I type http://router_ip, I get the router login page
Thanks.
Regards,
GL
May 04, 2026, 01:58:31 PM #3
Quote from: patient0 on May 04, 2026, 07:08:35 AM[...]If you access the GUI by HTTP you will be redirected to HTTPS automatically.[...]

On the same or a different port? With the redirect option "Disabilita la regola di reindirizzamento..." checked and port 443 specified I would expect port 80 to be unavailable. On my own system, "netstat -a" shows no HTTP port listening. HTTP to my HTTPS port gets no response. (I can't conveniently test port 80 because it's blocked by pf, but with no agent listening, I would expect a closed port response, as I have that enabled.)
May 04, 2026, 02:41:25 PM #4
hello,
are different ports...
This is what I cannot understand...
Ciao,
G
May 04, 2026, 09:44:13 PM #5
as promised, below the picture of what I get in the browser address bar, if I write https://router_ip and then I press enter
May 04, 2026, 09:47:28 PM #6
You need to override the "insecure" warning and click the "connect anyway" button. Whatever that is called and how you get there in your browser.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 04, 2026, 09:52:49 PM #7
Is there any way to get in touch with the develping team members? Perhaps I found some bug...
This is my first installation of OPNsense, before I was using pfsense and perhaps I switched on&off some parameters in some "specific" sequence that "activated" some bug, while exploring the configuration.
Pls help...
Thanks.
Regards,
GL
May 04, 2026, 09:54:36 PM #8
This is not a bug. OPNsense is using a self signed certificate and any reasonable browser will flag that connection as insecure. You simply need to override that.

Frequently there's a "show certificate" or "more information" button and this will lead to the "I know the risk, connect anyway" button which you need to find and click.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 04, 2026, 09:57:12 PM #9
Hello Patrick,
thanks for your help, but my problem is that the config (see my first post) should allow only https connections, but instead the router moves to an http connection, even if I type https://router_ip. Yes I force the connection and I get to the router login page, but in http...
The config of the router seems to be ok: I listen only on LAN port and only https is checked.
Ciao,
GL
May 04, 2026, 10:00:06 PM #10
@Patrick, I forgot: I get to the login page also if I write http://router_ip
May 04, 2026, 10:00:55 PM #11
Try to get the override for HTTPS working, then we can fix that part.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 04, 2026, 10:03:01 PM #12
Quote from: glau on May 04, 2026, 09:52:49 PMThis is my first installation of OPNsense, before I was using pfsense and perhaps I switched on&off some parameters in some "specific" sequence that "activated" some bug, while exploring the configuration.

I think you are mistaken, the picture you posted is exactly what was to be expected: you are connect by HTTPS. It's written as HTTPS but with a red line through it, if it had been HTTP then HTTP would be at the start of the URL.
But the browser marks it as not secure because the HTTPS certifcate in use is a self-signed one (it's the same with pfSense).

All self-signed certificates are marked as not secure but every device you buy uses a self-signed certificate. Be it Synology, QNAP, pfSense, OPNsense, Sophos, etc.

TL;DR: What you see it exactly what was expected, you are connecting to https://<your OPNsense IP> and the browser asked you to verify that you want to connect to an not secure page (but still https as shown in your screenshot)
Deciso DEC740
May 04, 2026, 11:06:29 PM #13
Let's see a pic of the dashboard with a FQDN using HTTP:// in the URL field of browser. With your settings wanting HTTPS, I suspect you cannot get such pic.

You can also SSH in and run tcpdump looking for the large amounts of non-encrypted traffic between your browser machine and the FW. I suspect none related to your browser.
Mini-pc N150 i226v x520, FREEDOM
May 04, 2026, 11:24:50 PM #14
thanks!
Print
Go Up Pages1
User actions