Accessing pfSense WebGUI on external server

Marci

Hello forum

I have installed pfSense on a VPS and I wanted to restrict access to the WebGUI login page.
This worked as expected with using the IP from my home network via a firewall rule.

I also wanted to allow access to the WebGUI for the IP where pfSense is actually installed, so to say the WAN IP.
I am running a vpn server in pfSense, so my idea was that if I connect to this server I would be able to access the WebGUI.

So I made the exact same firewall rule as I did for my home network but I am not able to access the WebGUI through the VPN of the pfSense installation.

It can not be related to using a VPN because if I use an external device and connect via VPN to my home network I can access the WebGUI. So I guess there must be another reason.

Any clue would be welcome :-).

viragomann

@Marci said in Accessing pfSense WebGUI on external server:

I also wanted to allow access to the WebGUI for the IP where pfSense is actually installed, so to say the WAN IP.
I am running a vpn server in pfSense, so my idea was that if I connect to this server I would be able to access the WebGUI.

So I made the exact same firewall rule as I did for my home network but I am not able to access the WebGUI through the VPN of the pfSense installation.

So I guess, you limited the access to a certain source IP. Did you consider, that you need to specify the clients VPN IP?
However, without configuring a CSO it can be dynamic.

Marci

@viragomann Thanks for your comment. I have created a firewall rule for the complete VPN subnet (which is static) but unfortunately I still can not connect.

viragomann

@Marci
You should be able to connect to the web GUI by the servers VPN IP at least. And also by its LAN IP if you have configured the routes accordingly.

The WAN won’t be acceptable over the VPN.

If this doesn’t work give more details about your settings.

Marci

@viragomann Well, I am not able to access the WebGUI when connected to the VPN.
I do not have a LAN IP because pfSense is installed on a web server and there is no LAN. I just have the WAN IP which is also the IP of the server.

So I am struggling a bit which kind of details to provide, especially since I can access the WebGUI from my home network IP.
But using the exact same firewall rule for the server/WAN IP does not work.

viragomann

@Marci
As I said, WAN is not possible, as this is not routed over the VPN.

However, you can access the web interface by the VPN server IP.
Also you could assign an other private IP to any interface (VPN or WAN) as virtual IP and route it over the VPN.

Marci

@viragomann Hey thanks for the comment. You are right, if I use the VPN interface IP I can connect! I did not understand this correctly in your second post.
That solves my problem