Stupidly locked out all but one ip address from admin console - need help undoing

Hi all,

First let me premise by saying that this is not a production server it is a test server using scale release candidate 1 so if I have to do a complete reinstall it’s not the end of the world however I don’t want to if I can figure out how to get around this problem.

I was trying to integrate tailscale VPN into my configuration and I couldn’t get to the admin console or SSH from any of the IP addresses assigned to tail scale only local IP addresses. So I went into the admin console and in the advanced section I said to allow the host IP address of the tail scale remote and what this ended up doing was locking out every single IP address except for that one that I somehow can’t get to right now.

I have SSH access with administrator privileges so I can modify any configuration files that I need to I just don’t know which one to modify.

How can I modify the configuration so the admin console will let me in from all IP addresses?

Thanks.

If you have SSH access as root you should be able to invoke TN’s CLI (what you called admin console) using cli.

OK, thank you. @Davvo

I think I have the cli running, only I have no idea how to use it. I don’t have access to a running web admin console to refer to.
Right now, I have this new cli prompt.

Where do I go to remove the restriction?

I’ve only been using TN for about a week or so.

Should I choose 5 “reset configuration to defaults?” I don’t want to remove apps or my certificates.

[truenas]>

Yes. If you have a config backup (and you should) that’s the simplest way.

I haven’t gotten far enough to learn how to backup or restore my configuration so what I do have is a copy of my self-signed certificate information and that’s about it.

I created a TN certificate Authority and created a valid certificate that works and that has been exported to my laptop and imported into my browser. I can do that over again no problem.

If I lost everything it wouldn’t be the end of the world. I probably could have rebuilt the system from scratch already while trying to figure out how to recover from this situation.

Will choosing option 5 remove all of my software and certificates or just reset the administrator console back to its defaults?

It’s basically a factory reset.

Thank you! @Davvo :smiley:

I went with the reset and now I get to do everything over again.

Perhaps you have some advice? The reason that I got myself into this Jam is because I installed tail scale VPN software and I was able to add client PC and my cell phone and the TN server and everything can ping one another only when I try to SSH from the PC or the phone to the TN server I get a connection refused error. Admin console and applications load when going to the internal address but not the tail scale address so there must be something in the server configuration that’s blocking non-local IP’s.

Once I get myself back to where I was how do I tell the server to let anybody from any IP address specifically the tail scale networks to access the server?

Thank you.

Advice 1: Make a backup of your configuration file using the GUI. Do this often while you are configuring your system. This will make recovery significantly easier.

Advice 2: You can make a Clone of your Boot file and make it active before you install something. This may allow you to roll back time should you get into a bind.

Good Luck.

1 Like

Thank you for the advice. I will learn how to do a configuration backup. And more importantly learn how to restore it but that’s why I am in a learning mode using the release candidate version rather than a production system for what I’m doing because I don’t know what I’m doing.

I attached tailscale to The Host adapter and now I can access the server from a tailscale client. So, I’m making progress little bits at a time.

Now I need to redo my self-signed certificate so that it’s valid for both local and VPN.

The place where I am still stuck is how to add an SSL certificate to a Joplin server. I have installed a few apps servers like Vault Warden and next cloud and both of them in the install gave me an option to pick the certificate to use for SSL and Joplin has no such option in the install so it doesn’t load an SSL certificate and I can’t figure out how to get around this and have the Joplin server use SSL certificates that I created for the server.

Any help in this area would be greatly appreciated!

Accessing Joplin will be secure obviously when connected to the VPN although I don’t want to have to be connected to the VPN because I already run a VPN on my cell phone and I can’t run two.

There are a few good videos about tailscale by Lawrence Systems on YouTube.

1 Like

@Davvo,

Thank You for link!

Exactly what I need to read.

1 Like

Truenas has Tailscale as an app. See Lawrence Systems, it’s basically set up the app and you are done with the basic install of TailScale. It works very well.

If you are treating Truenas like a Linux distribution you will have issues and break many things. Truenas is not a Linux distribution but rather an appliance layer that runs on an underlying Linux (Debian for Scale) system. Most configuration, edits, and applications should go through the GUI to avoid issues.

I have only used the GUI to make changes. I have not done anything at the console level to do software installs or modifications of any kind.

I was able to get tail scale to work properly by binding it to the host Network. That was the only solution that works.

I’m using a self signed certificate created by TN.

The IP address and fully qualified names are configured in the certificate and when I use tail scale to connect to storage server I have a valid certificate with an encrypted connection over https.

I have a baremetal install, so logged in via the racks interface/ console setup. Using the ‘6’ option to Open TrueNAS CLI Shell.

system general update ui_allowlist=[]
system general ui_restart

Pulled this from:

Now to setup backups before i do that again :rofl:

3 Likes

@LeoW if you’re still around, I think you should mark the above post as the solution for future peeps :wink:

1 Like

@Stux There is an entry marked as the solution already.

Are you referring to my post about using Tailscale as being a solution?

I will do that if you are referring to my post. Let me know.

Someone seems to have marked it as a solution already

Previously the “factory reset” was marked as the solution

Sorry for the bump but thank you so much for this. I just did the exact same thing to my server and your solution worked. Just had to go buy a VGA cable since my HDMI out wasn’t working :expressionless: