src icon indicating copy to clipboard operation
src copied to clipboard
verified publisher icon opnsense

Enabling syncookies breaks traffic that both originates and terminates on the firewall

Open no-usernames-left opened this issue 1 year ago • 5 comments

Important notices

  • [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug Enabling syncookies breaks traffic both originating and terminating on the firewall (such as when you put Caddy in front of the OPNsense web GUI).

To Reproduce

  1. Set up Caddy to proxy the OPNsense web GUI according to the tutorial
  2. SSH into the firewall
  3. openssl s_client -connect 127.0.0.1:443 (or :8443; both are affected, showing it's neither a Caddy nor a lighttpd issue)
  4. See your certificate and be happy
  5. Firewall - Settings - Advanced, change Enable syncookies from never (default) to always, click Save
  6. openssl s_client -connect 127.0.0.1:443 (or :8443)
  7. After connection and a delay of many seconds, see write:errno=54 and be sad

Expected behavior Not this.

Additional context Discovered while troubleshooting this issue.

Environment OPNsense Business 24.4_8 (amd64) os-caddy 1.5.4_1

no-usernames-left avatar Jun 07 '24 21:06 no-usernames-left