• Web interface no longer accessible

    2
    0 Votes
    2 Posts
    174 Views
    GertjanG

    @AdminTS said in Web interface no longer accessible:

    ... you imagine something like this?

    Not at all. Sorry, because :

    @AdminTS said in Web interface no longer accessible:

    Now we also set up a VPN connection on the other side, a physical firewall (Cisco Meraki). If we save the configuration data of the Cisco Meraki, access to the pfsense web interface is no longer possible. Only when we delete the configurations on the Cisco Meraki does everything work as usual again.

    I rephrase :
    When we activate the IPSEC connection, the connection (to the GUI) is lost.
    When you remove the IPSEC connection, the connection (to the GUI) works again
    Right ?

    Without the IPSEC, from where / how do you access the pfSense GUI ?

    Basically : tell us all about your IPSEC (and other) config, and we will tell you what is wrong ^^
    (Btw : I'm more an OpenVPN user - didn't have to occasion to meet with IPSEC before )

  • 0 Votes
    5 Posts
    499 Views
    A

    @Gblenn

    Just tested it with /31 and it works. For route-based IPsec the gateway is created automatically when you assign the tunnel to an interface. I haven't tried with /32 tho. But I tried with larger subnet like /24. I guess it's like what you said, as long as they are on the same subnet it will work. Just that for point-to-point connection with a single transit network it doesn't make sense to use something larger that contains more than 2 IPs.

  • Netgate 7100 pfSense 24.11 upgrade breaks ipsec tunnel

    2
    0 Votes
    2 Posts
    317 Views
    L

    I do notice in 24.11, the LAN interface and LAN subnet are having a different link number:

    192.168.6.0/24 link#21 U lagg0.4091 192.168.6.1 link#16 UHS lo0

    You can see link#21 vs link#16.

    I don't have a 24.03 anymore, but on my other 22.05, the link numbers are same:

    10.147.10.0/24 link#20 U lagg0.40 10.147.10.1 link#20 UHS lo0

    Could this impact how ipsec policy does the route selection?

  • Solved: Issue with Cisco ASA - Single Traffic Selector per Child SA

    1
    0 Votes
    1 Posts
    172 Views
    No one has replied
  • Issue with multiple P2 phases using NAT/BINAT on pfSense

    11
    0 Votes
    11 Posts
    532 Views
    V

    @viragomann Yes, I think so too.

  • IPsec communication between site A and C through site B (Hub and Spoke)

    3
    0 Votes
    3 Posts
    261 Views
    F

    Thanks for the anwser @keyser

    I checked here that the "Split connections" option just appear with IKEv2 only, in my case the IPsec configuration is working with IKEv1. So I will need to try this out of the company working hour.

    About creating IPsec tunnel from A to C, it has a few reasons, one is that the site B is the main core so we centralized all the configuration there, and to be honest my real scenario have more than 3 spokes so create a lot of new IPsec tunnels on site A will transform this firewall in a second core.

    Anyway, thanks for the help, I will read more about it and try enable this option to check if works.

  • 24.11 - Mobile Group Pools Do Not Update Automatic Outbound NAT

    1
    0 Votes
    1 Posts
    140 Views
    No one has replied
  • Site-to-Site VPN Configuration on pfSense with Source NAT

    3
    0 Votes
    3 Posts
    280 Views
    D

    The issue was related to the port 8080 rule on the Juniper device. After making the adjustment, access was granted, and everything worked perfectly.
    Thank you!

  • Phase 2 disconnects but phase 1 remains up

    2
    0 Votes
    2 Posts
    217 Views
    V

    @oscar-pulgarin
    Maybe the logs give hints on what is going wrong. Check both sites.

  • Two subnets sometimes unavailable on other side of site-to-site IPSec VPN

    3
    0 Votes
    3 Posts
    234 Views
    S

    @Decepticon Thanks for the reply. This is an IPSec VPN, and I use the gateway monitoring for multi-wan failover. The IPSec gateways don't show in that section but do think it has something with a route not advertising.

  • Remote VPN Advice?

    7
    0 Votes
    7 Posts
    2k Views
    JonathanLeeJ

    OpenVPN can be configured for smartphone use and set up to access a NAS at home or what have you.

  • Can't See Remote Network Shares

    5
    0 Votes
    5 Posts
    368 Views
    X

    I thought I'd post what I did and what solved my problem. I can now see (access) the remote shares on all computers. The two computers that I could not reach by entering \\local computer IP address in Windows Explorer were both updated to the latest 24H2 version of Windows 11 Pro. I couldn't figure out how to create custom firewall rules on these computers. So instead, I went to Settings>Privacy & Security>Windows Security>Firewall & Network Protection>Allow an app through firewall. In the list of apps "File and Printer Sharing" was already checked for a private network. But there was also listed "File and Printer Sharing (Restrictive)" that was not checked. That entry is not present on version 23H2 of Windows 11 Pro. I checked the private network option, and now I can reach the network shares on both computers using \\local computer IP address in Windows Explorer.

    I thought this might be helpful if others have the same issue with a site to site IPsec VPN.

  • 0 Votes
    2 Posts
    213 Views
    P

    Hi,
    you may try do reboot the pfsense, the routing table is sometimes a little bit weird.

  • Site-to-Site IPSec w/one side behind NAT?

    4
    0 Votes
    4 Posts
    2k Views
    V

    @TheWaterbug
    If it's a policy-based IPSec there is no possibility to route certain hosts over it, you would only be able to route all upstream traffic over the VPN.
    If it's a VTI you can do this.

  • Odd IPSeC Situation - Can't Figure It Out

    1
    0 Votes
    1 Posts
    167 Views
    No one has replied
  • slow transfer speeds ove ipsec

    39
    0 Votes
    39 Posts
    2k Views
    planedropP

    @hescominsoon Glad it's working better now. SMB will definitely be slower but should be far more usable.

  • DNS override only when IPsec tunnel is up

    1
    0 Votes
    1 Posts
    178 Views
    No one has replied
  • 0 Votes
    1 Posts
    137 Views
    No one has replied
  • IPsec tunnels (new to this)

    2
    0 Votes
    2 Posts
    226 Views
    V

    @RET63
    If pfSense is behind a router you have probably to update the identifier on both sites.

    If you have changed the ISP router also remember to configure the port forwarding on it.

  • IPsec Tunnel Woes

    3
    0 Votes
    3 Posts
    295 Views
    V

    @pharceface
    You want to access the remote site from pfSense itself or access a service on pfSense from remote?
    Then you'll need a Static Route Workaround as explained in the docs.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.