Skip to main content

OPN004 - Connection Refused by OPNsense

Agent error code #207004#OPN004 indicates that the OPNsense host actively refused the connection from the agent. The TCP handshake reached the host but no service was listening on the requested port.

This error is distinct from timeouts (#207002)#OPN002), which mean the host did not respond at all. Error #207004#OPN004 means the host is reachable but the web UI port is closed.

Common causes include:

  • The OPNsense web UI is configured on a different port than the agent is dialling
  • The OPNsense web UI is disabled or has crashed
  • A host firewall rule on OPNsense is blocking access from the agent's IP
  • The Hostname in the Knocknoc backend points at the wrong device

Steps to Resolve

Verify the Web UI Port

  1. Log into OPNsense and navigate to System > Settings > Administration
  2. Note the configured TCP port for the web UI (default 443)
  3. Confirm the Hostname in the Knocknoc backend matches this port (include :<port> in the URL if it is non-default)

Confirm the Web UI Is Running

  1. From the agent host, run curl -kv https://<host>/ and check that the connection completes
  2. If the connection is refused from the command line as well, log into OPNsense via SSH or console to confirm the nginx service is running

Check Access Restrictions

  1. In OPNsense, navigate to Firewall > Rules > (WAN/LAN/management interface) and confirm no rule is blocking the agent's IP from reaching the web UI port
  2. If access lists are configured under System > Settings > Administration (e.g. "Listen interfaces" or "Access list"), confirm the agent's IP is permitted

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top