Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No IPv6 Web GUI access if LAN interface is set to 'Track Interface' #5966

Closed
2 tasks done
maurice-w opened this issue Aug 20, 2022 · 4 comments
Closed
2 tasks done

No IPv6 Web GUI access if LAN interface is set to 'Track Interface' #5966

maurice-w opened this issue Aug 20, 2022 · 4 comments
Assignees
@fichtner
Labels
feature Adding new functionality
Milestone
23.1

Comments

@maurice-w
Copy link
Member

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug

If a LAN interface is tracking a WAN interface and the Web GUI is configured to only listen on this LAN interface, the Web GUI is inaccessible via IPv6.

To Reproduce

Steps to reproduce the behavior:

  1. Make sure the WAN and LAN interfaces have default settings (WAN: DHCPv4 + DHCPv6 with prefix delegation, LAN: Static IPv4 + 'Track Interface' IPv6).
  2. Go to 'System: Settings: Administration', set the 'Web GUI Listen Interfaces' to 'LAN', save and reboot.
  3. See error: The Web GUI is not accessible via the LAN IPv6 address.
  4. Access the Web GUI via the LAN IPv4 address, go to 'System: Diagnostics: Services' and restart the webgui service.
  5. See result: The Web GUI is now accessible via the LAN IPv6 address.

Expected behavior

The Web GUI should be accessible via IPv6 without having to manually restart the service after a reboot.

Relevant log files

Excerpt from /var/etc/lighty-webConfigurator.conf after a reboot:

## bind to port (default: 80)
server.bind  = "127.0.0.1"
server.port  = 80
$SERVER["socket"] == "127.0.0.1:80" {
}
$SERVER["socket"] == "[::1]:80" {
}
$SERVER["socket"] == "192.168.1.1:80" {
}

After webgui service restart:

## bind to port (default: 80)
server.bind  = "127.0.0.1"
server.port  = 80
$SERVER["socket"] == "127.0.0.1:80" {
}
$SERVER["socket"] == "[::1]:80" {
}
$SERVER["socket"] == "192.168.1.1:80" {
}
$SERVER["socket"] == "[2001:db8:1234:5600:215:5dff:fed2:761b]:80" {
}

Additional context

It works when not selecting specific listen interfaces ($SERVER["socket"] == "[::]:80").

Environment

OPNsense 23.1.a_102 (amd64, OpenSSL)
Hyper-V Gen2 Ver10.0
@maurice-w
Copy link
Member Author

Same issue for SSH. After a reboot, the tracking LAN interface's IPv6 address is missing from /usr/local/etc/ssh/sshd_config and IPv6 SSH access doesn't work. Restarting the openssh service temporarily fixes this.

Historical context seems to be #1347.

@fichtner
Copy link
Member

I'm happy to try and tackle this while working on #5933, but it might not be a pretty outcome.

Cheers,
Franco

@fichtner fichtner self-assigned this Aug 22, 2022
@fichtner fichtner added the feature Adding new functionality label Aug 22, 2022
@fichtner fichtner added this to the 23.1 milestone Aug 22, 2022
fichtner added a commit that referenced this issue Sep 8, 2022
@fichtner
interfaces: reload newwanip event for IPv6 for each tracked LAN as well
745d46c 
#5966
@fichtner
Copy link
Member

fichtner commented Sep 8, 2022

@maurice-w I was a bit surprised to see a newwanip event for web GUI already implemented. The issue here is that newwanip is not called for LAN, only for WAN... 745d46c could work, but is not the best thing structurally as webgui (and other things) may be loaded multiple times.

@fichtner fichtner mentioned this issue Jan 12, 2023
Closed
2 tasks
@fichtner
Copy link
Member

RC1 seems to behave for the time being. Nothing to do and do another iteration if necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fichtner fichtner

Labels
feature Adding new functionality
Milestone
23.1
Development

No branches or pull requests
2 participants
@fichtner @maurice-w