Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

pfSense blocking SSL connections/apps on unraid

Featured Replies

I installed pfSense as a vm on unraid, and it is generally working well.  Since unriad is always on, the plan is to use this and get some cheap standalone box as a backup to pfSense.  I'm having an issue with HTTPS sites.  I have lets encrypt, nextcloud, and openvpn installed, which are the ssl related problems I am having.  At first I had an issue connecting to unraid via ssl.  I was able to solve that through this post. The rebind tag in the DNS forwarder was not working.  So I added a domain override for unraid.net.

In DNS resolver, I have added this custom text 

server:
private-domain: "unraid.net"

 

I'm not sure what that is supposed to be doing or if it's working.  Regardless, the SSL issue with logging into unraid was resolved.

 

Regarding nextcloud, it was working well with my isp router.  I have lets encrypt as a reverse proxy for accessing nextcloud at nextcloud.mydomain.net.  Also openvpn was working well.  With pfSense, I cannot access the web gui for openvpn.  I can access the openvpn server from outside my network, but no packets are being sent back and forth.  I cannot access nextcloud on either my local network for from outside.  Lets encrypt is not giving any issues in the log, so it appears the ports forwards are working correctly.  What seems to be the problem is that communication is coming in but not going out.  I can't find anything on Google on how to fix this issue.  It seems like it is a setting that needs to be addressed.  Does anyone have any suggestions?

  • Author

Well it's always good to resolve your own problems.  When I installed pfSense, I changed my private IP scheme to 10.10 from 192.168 and one of the files in nextcloud was configured with the old IP.  So now it's working.  In case anyone is having difficulty with ssl connections on hosts/apps within unraid, I put the following info into dns resolver at the bottom for adding a host override.  I'm connecting via SSL to unraid.  

host - long chain of characters before unraid.net in your address bar
parent domain - unraid.net
IP - unraid IP address

On 11/8/2018 at 7:01 PM, Mlatx said:

With pfSense, I cannot access the web gui for openvpn.

Why not run the openvpn server built in to pfSense?

  • 2 months later...
On ‎11‎/‎9‎/‎2018 at 12:33 AM, Mlatx said:

Well it's always good to resolve your own problems.  When I installed pfSense, I changed my private IP scheme to 10.10 from 192.168 and one of the files in nextcloud was configured with the old IP.  So now it's working.  In case anyone is having difficulty with ssl connections on hosts/apps within unraid, I put the following info into dns resolver at the bottom for adding a host override.  I'm connecting via SSL to unraid.  

host - long chain of characters before unraid.net in your address bar
parent domain - unraid.net
IP - unraid IP address 

 

I have the same issue and tried your solution.  However I get a long series of errors from pfSense.  Could you kindly share a screenshot or the syntax you used to get this working.  The errors I get are:

 

The generated config file cannot be parsed by unbound. Please correct the following errors:
    /var/unbound/test/unbound.conf:114: error: unknown keyword 'host'
    /var/unbound/test/unbound.conf:114: error: stray ':'
    /var/unbound/test/unbound.conf:114: error: stray '"'
    /var/unbound/test/unbound.conf:114: error: unknown keyword 'https'
    /var/unbound/test/unbound.conf:114: error: stray ':'
    /var/unbound/test/unbound.conf:114: error: unknown keyword '//402xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    /var/unbound/test/unbound.conf:114: error: stray '"'
    /var/unbound/test/unbound.conf:115: error: unknown keyword 'parent'
    /var/unbound/test/unbound.conf:115: error: unknown keyword 'domain'
    /var/unbound/test/unbound.conf:115: error: stray ':'
    /var/unbound/test/unbound.conf:115: error: stray '"'
    /var/unbound/test/unbound.conf:115: error: unknown keyword 'unraid.net'
    /var/unbound/test/unbound.conf:115: error: stray '"'
    /var/unbound/test/unbound.conf:116: error: unknown keyword 'IP'
    /var/unbound/test/unbound.conf:116: error: stray ':'
    /var/unbound/test/unbound.conf:116: error: stray '"'
    /var/unbound/test/unbound.conf:116: error: unknown keyword '192.xxx.xx.xx'
    /var/unbound/test/unbound.conf:116: error: stray '"'
    read /var/unbound/test/unbound.conf failed: 18 errors in configuration file

 

Thanks for your help

  • 3 weeks later...
On 1/21/2019 at 4:35 PM, Do2a-2d said:

 

I have the same issue and tried your solution.  However I get a long series of errors from pfSense.  Could you kindly share a screenshot or the syntax you used to get this working.  The errors I get are:

 

The generated config file cannot be parsed by unbound. Please correct the following errors:
    /var/unbound/test/unbound.conf:114: error: unknown keyword 'host'
    /var/unbound/test/unbound.conf:114: error: stray ':'
    /var/unbound/test/unbound.conf:114: error: stray '"'
    /var/unbound/test/unbound.conf:114: error: unknown keyword 'https'
    /var/unbound/test/unbound.conf:114: error: stray ':'
    /var/unbound/test/unbound.conf:114: error: unknown keyword '//402xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
    /var/unbound/test/unbound.conf:114: error: stray '"'
    /var/unbound/test/unbound.conf:115: error: unknown keyword 'parent'
    /var/unbound/test/unbound.conf:115: error: unknown keyword 'domain'
    /var/unbound/test/unbound.conf:115: error: stray ':'
    /var/unbound/test/unbound.conf:115: error: stray '"'
    /var/unbound/test/unbound.conf:115: error: unknown keyword 'unraid.net'
    /var/unbound/test/unbound.conf:115: error: stray '"'
    /var/unbound/test/unbound.conf:116: error: unknown keyword 'IP'
    /var/unbound/test/unbound.conf:116: error: stray ':'
    /var/unbound/test/unbound.conf:116: error: stray '"'
    /var/unbound/test/unbound.conf:116: error: unknown keyword '192.xxx.xx.xx'
    /var/unbound/test/unbound.conf:116: error: stray '"'
    read /var/unbound/test/unbound.conf failed: 18 errors in configuration file

 

Thanks for your help

Just delete "https://" from your host! You must write just the long alphanumeric string!

Please see Mlatx post above!

  • 11 months later...
On 11/9/2018 at 12:33 AM, Mlatx said:

Well it's always good to resolve your own problems.  When I installed pfSense, I changed my private IP scheme to 10.10 from 192.168 and one of the files in nextcloud was configured with the old IP.  So now it's working.  In case anyone is having difficulty with ssl connections on hosts/apps within unraid, I put the following info into dns resolver at the bottom for adding a host override.  I'm connecting via SSL to unraid.  

host - long chain of characters before unraid.net in your address bar
parent domain - unraid.net
IP - unraid IP address

 

Hi,

 

I have IDENTICAL problem to yours. But your solution didn't work me.

I need help.

I used to have TP-Link router and accessing https://nextcloud.mydomain.com was working fine, within and outside of my home (local network). I then installed pfSense, used 10.10.x.x instead of 192.168.x.x, and my set up is:

Shortly after I installed pfsense, I could not access https://nextcloud.mydomain.com any longer, until I found something interesting. When I was using browsers with VPN this happened:

It's obvious that IPs are being blocked/blacklisted somewhere. BUT WHERE?

 

I looked on nextcloud's mysql table oc_bruteforce_attempts, and deleted all entries. No changes to above scenario.

I do not have any add on packages installed on pfsense.

 

Any ideas where IPs are blacklisted?

Edited by emod

6 minutes ago, emod said:

Any ideas where IPs are blacklisted?

If you're using PfBlockerNG on Pfsense, make sure you don't block the GEOIP regions where you wanna access your server from.

 

Every traffic marked blue is blocked and only access from germany is allowed in this example.

You have to unselect every region you want to allow access from.

 

grafik.thumb.png.f60e821a7e9836dc2bcca7ed856ac0dc.png

2 minutes ago, bastl said:

If you're using PfBlockerNG on Pfsense, make sure you don't block the GEOIP regions where you wanna access your server from.

 

Every traffic marked blue is blocked and only access from germany is allowed in this example.

You have to unselect every region you want to allow access from.

 

grafik.thumb.png.f60e821a7e9836dc2bcca7ed856ac0dc.png

Hi,

No, I'm not using PfBlockerNG. as I mentioned, I have NO PACKAGES installed on pfsense.

Is there a place where pfsense autoblocks IPs?

Edited by emod

@emodHave you checked the firewall logs of Pfsense? Are you using Snort or Surricata on Pfsense? Check if any IPs are blocked and compare them to your VPN IP.

How do you access firewall logs on pfsense?

 

On Snort & Suricata, these are add-on packages, which, again, I have not installed. Are you saying Snort & Suricata is somehow integrated within pfsense as a default on install of pfsense OS?

Just now, emod said:

On Snort & Suricata, these are add-on packages, which, again, I have not installed. Are you saying Snort & Suricata is somehow integrated within pfsense as a default on install of pfsense OS?

No, they are not installed on default, but lots of people using it, thats why I've asked.

1 minute ago, emod said:

How do you access firewall logs on pfsense?

Status >>> System Logs >>> Firewall

Solved PARTIALLY. The problem was pfSenses default firewall blocking TONS of IPs at:

Status/System Logs/Firewall..

Pfsense Default denies incredible number of IPs, but without options on how to modify it. From that interface, you can white/blacklist individal entries, but the issue is they go down to PORT-level.

 

Where can one edit "Default deny rules IPv4" on a broader level?

 

@emod Absolutly make sure you know what you are doin and whitelist the right IPs you wanna have access from. Keep in mind, allow access from an IP from a VPN provider allows every user using the same VPN endpoint access!!! Also this IPs might change.

 

You better watch the following video and set it up the secure way.

 

 

 

 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.