RPI4: VenusOS access via domain

Hi, I am successfully using VenusOS on a Rasperry Pi 4.
Access is via the IP 192.168.1.50

In the home network I use OPNSENSe as router and caddy to access internal services. For example, I can access my self-hosted Gitea instance at 192.168.1.49 in the home network with gitea.mydomain.com. This only works in the home network (firewall rules).

I would like to do the same for venus. Using venus.mydomain.com I want to be redirected to 192.168.1.50 (venus os). This works, but venus itself then blocks me.

Remote console
Failed to connect. Make sure to enable Remote
Console for LAN, and reboot the device.

What can I do?

Have you enabled remote console on LAN?

Thank you for your input.
Yes, its enablet, otherwise I wouldn’t be able to access it via the IP 192.168.1.50.
I want to be able to bypass this lock (LAN only) and access it via domain.

What you are doing there with firewall rules is a redirect and typically works for http-requests.

That doesn’t affect how dns-resolution is handled by your pc, when you try to ssh into cerbo.yourdomain.com

Try ping cerbo.yourdomain.com - you most likely get host not found.

Therefore you would need a dns server, providing the proper A-record.

I think the opensense has a build in dns server?

Alternatively, if just for convinient access from your machine, you can set the record in the hosts file of your pc (c:\Windows\System32\Drivers\etc\hosts) So he will be able to resolve cerbo.domain.com without any external help.

Hello,
thank you for your response.
This isn’t a dns-problem (on the side of opnsense oder caddy). Otherwise it would not show the venus-os-error (see #1). I can ping venus.mydomain.com from every computer in my homenetwork.

I think it is a security-thing in venusos. but which/where? It allow only LAN-IPs.

I’m using cerbo.ad.domain.tld for my device as well.
So, doesn’t seem to be a “by-default” setting of venus.

eventually dns-cache issues with a earlier (failed) configuration?

try to run ipconfig /flushdns on your pc (as admin) and try again.

Ah, you wrote, you can ping it - so resulution should be fine…

The remote console uses Websockets rather than plain HTTP/HTTPS traffic. I would check if your reverse proxy is handling this traffic properly.

1 Like

I’m using OpenVPN on my OPNSENSe box.

I’m accessing my VenusOS via a DNS name, and it works from the same LAN and from another over a VPN, so there’s no specific security settings in VenusOS that prevent this (also, from a glance over the nginx config, there doesn’t seem to be anything unusual there). I’ve also now tried it from a windows VM with Chrome, Edge and Firefox and they all work fine.
Have you looked into your browser’s developer tools (F12/netwok tab) to see if any requests fail?

Yeah, over wireguard-vpn there is no issue.
Only via caddy = domain.

Thank you for the F12-tipp.
The error message: websocket-error

Sorry, I somehow missed your answer.
One thing I notice in your error is that it attempts to open wss://, which is the encrypted/TLS version.
Are you accessing your device via https? Does it work with plain http?
Although in my tests, it worked with all three browsers over https after I accepted the warning, so I guess it’s a reverse proxy issue, which might be tedious to debug via a forum…
If you’re running opnsense, you probably also have local DNS and DHCP and should be able to access the venus device directly, that is without the reverse proxy.

just looked up what caddy is - it’s a reverse proxy, not a DNS-Service.
hence, it’s only working for http, neither for ssh nor for wss.

See: