core
core copied to clipboard
opnsense
New option WebGUI enable/disable in "opnsense-shell"
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
- [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
Is your feature request related to a problem? Please describe.
When configuring a new install of OPNsense in a virtual machine (or some cloud service) the LAN network is not accessible externally. However, the WAN interface is accessible. But the configuration by default has WAN webGUI access closed, and the shell doesn't have the option to enable it.
Describe the solution you like
The solution could be to add a simple new command to enable/disable (by default disabled) the WAN webGUI access from the "opnsense-shell" command.
Describe alternatives you considered
The alternative is a complex network changes to enable access to the internal LAN, configure (aka enable) the WAN webGUI access, then reconfigure with the final network configuration. However, this is a pain.
Additional context
Other people has commented this problem in other sites: https://www.reddit.com/r/OPNsenseFirewall/comments/odficf/edit_config_through_local_shell/
I feel it's time to address this problem to simplify the initial configuration in virtual environments. Thank you.
I'm not sure what sort of problem this really solves: if you can't access your LAN it's not a management network. If you can't run a WAN-only setup for initial configuration where GUI is unlocked by default it's pretty hard to solve this "problem" for "reasons".
Also I wonder why opnsense-shell should be doing something here specifically. It sounds like trying to solve it from the wrong end.
Cheers, Franco
Hi @fichtner ,
Perhaps I need to explain the use case (the scenario) more clearly:
- When you create (aka install) a vApp of the OPNsense you will have it connected to the WAN and LAN networks. The LAN is an internal and not reachable network. And the WAN network is the external network. In this scenario the internal network is an isolated network for the only use of provide connectivity to other virtual machiens and/or services. And the external one is the "management" network that has access to the Internet. Then you can connect only to the WAN network.
The main problem is this: to complete the configuration you need to access to the webGUI, but it can only be done through the LAN network. And this network is not accessible. My suggestion is then to provide an "enable/disable" switch in the opnsense-shell menu. Almost a simple "pfctl -d" command. But from my point of view it will be preferable a full script that enables/disables the webGUI access over WAN. Because in fact this is quite complex at time.
I hope it will be more clear now. Regards.
This issue has been automatically timed-out (after 180 days of inactivity).
For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.
If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.
