Can't access webgui after pfSense VM cloning and WAN IP change.

Matlock

Re: Can't access to webgui after clone VM and change WAN IP

We have a pfsense 2.7.x Hyper-V VM with just one interface WAN working fine as a OpenVPN Server.

We cloned that VM, changed it's IP through the console and now we don't have access to Webgui. The only way to gain access is when we issue the command pfctl -d from the CLI to disable firewall.

After that, when we change any setting, the firewall is automatically enabled and have again no access.

We took a look at Firewall's rules and see nothing obvious.

Please help to resolve this.

SteveITS

@Matlock Access to the GUI from WAN is blocked by default. From where are you connecting and can you show the rules for that interface?

Matlock

@SteveITS Hi,

Let me clarify. This is a 1 NIC Setup which pfsense calls it WAN while in fact it is a LAN interface with local ip address of 192.168.0.241. This setup is normaly accessible from webhui without any issue.

For very specific reasons, we needed a clone of this VM to work in parallel with the existing one. So we made a clone and changed it's IP from the console before connecting it to the Hyper-V network, in order to avoid duplicate IPs on the network.

After doing that, we have the webgui no access issue described on the original post.

Hope this clarifies things. Any suggestions?

Matlock

Anyone?

patient0

@Matlock since nobody jumps onto the stage. I have neither had a one NIC setup nor Hyper-V experience :)

Did you change the IP using the console menu? If yes, I'm not sure what gets triggered by that.

You could try to change the IP directly in the config file in the shell by using viconfig and search for <interfaces> and change <ipaddr> and reboot. That way you can be sure that only the IP is changed and nothing else is triggered.

(below an example config from one of my VMs):

...
        <interfaces>
                <wan>
                        <enable></enable>    
                        <if>vtnet0</if>
                        <descr><![CDATA[WAN]]></descr>
                        <alias-address></alias-address>
                        <alias-subnet>32</alias-subnet>
                        <spoofmac></spoofmac>
                        <ipaddr>10.101.102.27</ipaddr>
                        <subnet>24</subnet>
                        <gateway>WANGW</gateway>
                        <ipaddrv6>fdaa:b2b4:d8b2:1000::27</ipaddrv6>
                        <subnetv6>64</subnetv6>
                        <gatewayv6>WANGW6</gatewayv6>
                </wan>
...

SteveITS

@Matlock How are multiple interfaces set up on the one NIC?

Can you post the rules for the interface you're using to access the web GUI?