June 19Jun 19 I seem to have lost ability too connect using myunraid.net address. Just get a 404 error-After reboot I was able to connect using the local IP but still a 404 using myunraid.net. Attached diagnostics taken automatically during the shutdown process to boot/logs in case it helps. I can also supply syslog if needed.brunnhildetwo-diagnostics-20260618-2021.zip Edited June 19Jun 19 by wgstarks
June 19Jun 19 Author I think I’ve resolved the problem. It appears that settings>management access>use SSL/TLS was set to “no”. No idea how this would happen? I know I didn’t make the change and no one else has root access. I have set it back to “strict” and access is working now.
June 19Jun 19 Author And now a few hours later and the problem is back. I’m only able to reach the webUI using the local IP address. Clearly I don’t know how to fix this issue and could use some help. New diagnostics attached.brunnhildetwo-diagnostics-20260619-0720.zip
June 19Jun 19 I have had a simpler problem EXCEPT that only a couple of my computers would allow my to use the unraid.net address. The others throw this error:I could never figure way it was behaving this way. I finally said 'Forget it" and just set Use SSL/TLS: to "No". (And I think the "Forget it" was said a bit more colorful language. 🙊) Because different computers( all running wiht the same WINDOWS 11 PRO configuration) that worked and didn't work were on the same LAN, modem, router and DNS, these were ruled out as possible causes of the problem. I seem to recall that Chrome had the same issue as Firefox. Good luck....
June 19Jun 19 Author I think this is possibly related to my pfsense firewall which handles dns for my local network. I notice that when I connect via IP once I’m logged in the browser shows that I am connected to the myunraid.net address.❓❓❓
June 19Jun 19 Have a look at this 'Help' screen:In my setup, If Unraid.net address works, I have to be logged via the local address. If it does not work for a computer, it does not matter if I login via the local address, unraid.net address is never found.While it is a security issue, all my client computers access the LAN via Cat5 connections and not wireless so the loss of encryption for the password exchange is less of a problem. I have decided to accept the risk for now. But I will be following your thread to see if there is something I have missed.
June 19Jun 19 Author My problem is that I don’t know where to add that custom configuration in pfsense.
June 19Jun 19 I have found my problem. On the clients where I could not connect, I was using the DNS service from my IPS provider. On the machines where I could connect, I was using Cloudflare as the primary provider. Quick explanation, My IPS CNS server is preventing redircts!How to do this shown below:1.1.1.1 is Cloudflare's DNS server and 8.8.8.8 Is Google's DNS as an alternate. Edited June 19Jun 19 by Frank1940
June 19Jun 19 Author I think maybe I've got it (at least it's working right now 🤞).I set the code from the help menu in pfsese>services>dns resolver>custom options (so-reuseport: no was already existing)-Also in System>Advanced>Admin Access>DNS Rebind Check I checked Disable DNS Rebinding Checks.I feel like there should be some way to make this work without disabling the rebind check? Not sure if this is a real threat to my firewall now?
June 19Jun 19 Author Only worked for about an hour. I’m going to do a little more research but looks like I can either turn off rebind attack detection on my firewall or just turn off ssl on Unraid.
June 20Jun 20 18 hours ago, wgstarks said:Only worked for about an hour. I’m going to do a little more research but looks like I can either turn off rebind attack detection on my firewall or just turn off ssl on Unraid.Try googling this: pfsense local dns resolver for unraid.netThis was one of the results:https://forums.unraid.net/topic/74143-ssl-certificate-provisioning-w-pfsense-aka-logging-in-to-local-unraid-server-via-ssl/The AI result ( assuming you are getting Google's AI results as well as those from the 'normal' search) might be all you need...
June 20Jun 20 I feel like there should be some way to m23 hours ago, wgstarks said:I feel like there should be some way to make this work without disabling the rebind check? Not sure if this is a real threat to my firewall now?I don't use pfsense so I don't know what is the impact of disabling the check. Is it simply a warning? Firefox (and I assume most other browse do to) issues a warning if you try asking a site using http:// protocol and make you jump through a few hoops to do so. If I recall correctly, it generally 'remembers' that site and does mot require that you do it again. Edited June 20Jun 20 by Frank1940
June 20Jun 20 Author Solution Actually got it fixed with help from Google. Looks like it was a corrupted certificate bundle. Deleted /boot/config/ssl/certs/certificate_bundle.pem and then re-provisioned in settings>management access. Everything is working now.
June 20Jun 20 Author 32 minutes ago, Frank1940 said:I don't use pfsense so I don't know what is the impact of disabling the checkActually got this fixed too. It seems that the pfsense setting recommended in the Unraid help menu in management access settings isn’t formatted properly. The help menu shows adding this setting in pfsense-server:private-domain: “myunraid.net”What actually worked was this-server: private-domain: ‘myunraid.net’No line breaks.
June 20Jun 20 16 minutes ago, wgstarks said:Actually got this fixed too. It seems that the pfsense setting recommended in the Unraid help menu in management access settings isn’t formatted properly. The help menu shows adding this setting in pfsense-server:private-domain: “myunraid.net”What actually worked was this-server: private-domain: ‘myunraid.net’No line breaks.@JorgeB, Could you alert the proper person on the Unraid design team to fix this? Thanks!
June 20Jun 20 Author 3 minutes ago, Frank1940 said:@JorgeB, Could you alert the proper person on the Unraid design team to fix this? Thanks!A little more info from the pfsense forums. The settings page in pfsense states that settings should be separated by a line break. The unbound docs state that only a whitespace is needed but recommend using line breaks and indentation for visual clarity so the currently suggestion in the help menu should work but doesn’t.
June 20Jun 20 13 minutes ago, wgstarks said:line breakLine break are a big problem as the term does not result in the same ASCII character being used for different OS..Windows = CR LFUNIX = LFMacOS = CRWhere CR is Carriage ReturnWhere LF is Line Feed or New Line(All of these are commands originally intended in use by teletype machines. There probably aren't twenty of these still working order left in the world!)This can cause a lot of problems with straight text configuration files written/edited with one OS and subsequently interpreted by a second OS! Edited June 20Jun 20 by Frank1940
June 20Jun 20 Author Actually the instructions may have said separate lines. Not sure about the exact wording but my assumption was that if each setting should be on a separate line then settings that took up two lines wouldn’t work. Changing the setting so that it was all on one line fixed the failed dns query.The full discussion on the pfsense forum is here if anyone is interested. It really illustrates my lack of knowledge when dns is involved.😁
June 20Jun 20 5 hours ago, wgstarks said:Actually got this fixed too. It seems that the pfsense setting recommended in the Unraid help menu in management access settings isn’t formatted properly. The help menu shows adding this setting in pfsense-server:private-domain: “myunraid.net”What actually worked was this-server: private-domain: ‘myunraid.net’No line breaks.The other big thing that I see are the single quote (instead off double quotes) around myunraid.net
June 20Jun 20 Author 6 minutes ago, Frank1940 said:The other big thing that I see are the single quote (instead off double quotes) around myunraid.netNot sure if that matters. Saw a bunch of examples that had either one. I used singles though.
June 21Jun 21 If the help is actually wrong, I would recooemd creatign a bug report https://product.unraid.net/b/unraid-os-bugs
June 21Jun 21 Author 5 hours ago, JorgeB said:If the help is actually wrong, I would recooemd creatign a bug report https://product.unraid.net/b/unraid-os-bugsDonehttps://product.unraid.net/p/7-3-1-management-access-help-shows-invalid-pfsense-rebind-config?b=unraid-os-bugs
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.