Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing Web Gui over IPSEC

    General pfSense Questions
    3
    5
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gob
      last edited by

      Hi

      I've done this hundreds of times in the past without thinking about it but now my brain hurts.

      I have just set up a couple of pfSense 2.0.1 boxes (on DELL R210 servers) for a customer.
      We have an IPSEC tunnel between each of them and to us. The tunnels work fine and full communication between sites works OK. However, when I log into the pfSense WebGui on a remote site over the IPSEC tunnel, I get the logon page but after entering the username and password it reports 'Username or Password incorrect'.

      I've checked the usual CAPs lock etc.
      Tried different browsers and different computers.
      Firewall rule is in place on the remote pfSense allowing traffic over IPSEC

      Logging on to the same WebGui from a machine on the local LAN works perfectly.
      These are clean installs with a basic configuration. There are no NAT or firewall rules added other than default LAN/WAN rules.

      The only thing I can think of that might be different to the other hundreds of installs we have done is that this is the amd64 version of pfSense rather than the i386 version.

      Any suggestions on a fix?

      thanks
      Gordon

      If I fix one more thing than I break in a day, it's a good day!

      1 Reply Last reply Reply Quote 0
      • L
        Lee Sharp
        last edited by

        Uncheck blocking private IPs and see if it gets better.

        1 Reply Last reply Reply Quote 0
        • G
          Gob
          last edited by

          I've tried that but I'm afraid it still doesn't work.

          If I fix one more thing than I break in a day, it's a good day!

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Are you sure you're hitting the firewall you think you're hitting?

            If you couldn't reach the GUI at all I might suspect that an IPsec issue might be at play, but if you hit the GUI and get a denied login, that makes me think you're actually getting directed to one of the other firewalls somehow. Have you tried logging into that firewall with the credentials for one of the others?

            Also if it's pfSense all around, you may find that OpenVPN is more stable/easy to work with in the long run, but that wouldn't be related to this issue.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • G
              Gob
              last edited by

              OK, I'm Dumb!
              The remote site's lan subnet is 192.168.1.0/24 and I could access all devices on that network. Remote PF sense LAN is 192.168.1.1

              Months ago, on my local pfSense I set up a test network for the client with the same subnet and assigned 192.168.1.1 to a spare nic on my pf sense. I then promptly forgot I had done that!
              So I was actually trying to log into my own firewall.

              Interesting though that 192.168.1.1 was hitting my firewall but all other requests to 192.168.1.0/24 go over the ipsec tunnel to the remote site, even though the subnet is configured on the local firewall.

              Sorry for wasting your time guys.

              If I fix one more thing than I break in a day, it's a good day!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.