WebGui inaccessible from LAN after OpenVPN server enabled…Huh??
-
Doubt it's a bug. You have something misconfigured somewhere. Maybe get on the console and look at the routing table, etc when you enable the OpenVPN.
-
Doubt it's a bug. You have something misconfigured somewhere. Maybe get on the console and look at the routing table, etc when you enable the OpenVPN.
Here are my routing tables before and after I enable OpenVPN.
Before:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default L101.NYCMNY-VFTTP- UGS igb0
nsnyny01.verizon.n 0c:c4:7a:33:d6:f4 UHS igb0
nsnwrk01.verizon.n 0c:c4:7a:33:d6:f4 UHS igb0
108.30.70.0 link#1 U igb0
pool-108-30-70-185 link#1 UHS lo0
localhost link#7 UH lo0
192.168.0.0/22 192.168.4.10 UGS igb1
192.168.4.0 link#2 U igb1
pfSense link#2 UHS lo0After:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default L101.NYCMNY-VFTTP- UGS igb0
10.0.8.1 link#9 UHS lo0
10.0.8.2 link#9 UH ovpns1
nsnyny01.verizon.n 0c:c4:7a:33:d6:f4 UHS igb0
nsnwrk01.verizon.n 0c:c4:7a:33:d6:f4 UHS igb0
108.30.70.0 link#1 U igb0
pool-108-30-70-185 link#1 UHS lo0
localhost link#7 UH lo0
192.168.0.0/22 192.168.4.10 UGS igb1
192.168.4.0 link#2 U igb1
pfSense link#2 UHS lo0
When I turn the OpenVPN server on, the only thing that appears to not be working is the WebGui. I can SSH into the router but just can't access it via browser. The rest of my network appears fine. I will try and connect one of the OpenVPN clients and see if the tunnel is working tomorrow.
-
What is this:
192.168.0.0/22 192.168.4.10 UGS igb1
What is igb1?
That is what you have defined as the remote networks for the OpenVPN server. Why is the same route on a local interface? What is 192.168.4.10?
Please post the output of Diagnostics > Command Prompt netstat -rn -finet to avoid all the name substitution so we can see the real routes.
-
What is this:
192.168.0.0/22 192.168.4.10 UGS igb1
What is igb1?
That is what you have defined as the remote networks for the OpenVPN server. Why is the same route on a local interface? What is 192.168.4.10?
Please post the output of Diagnostics > Command Prompt netstat -rn -finet to avoid all the name substitution so we can see the real routes.
192.168.4.10 is the gateway to my Verizon Actiontec "router" which I converted to an ether net bridge to serve my set top boxes. I thought that could be the culprit but I disabled that route and gateway and it still gave me the same issue.
-
Show me. Your stuff is hosed, bro. OpenVPN just simply doesn't do what you're describing. Get off the assumption that you have found a "bug" and try to find what you have buggered up.
-
Just noticed this:
I rediscover it which has it show back up as 192.168.4.255
.255 is the broadcast address for a /24, not a valid host address as you have noted. Something buggered.
Ok something is going on with my IPMI. When I launch IPMIView it shows my pfSense box (192.168.4.10) as active.
You just said that 192.168.4.10 was some actiontec router, not pfSense. Which is it?
-
I know something is configured wrong on my end, I don't believe it's a bug anymore which was why I changed the title of my thread.
192.168.4.10 is a gateway to my Verizon Actiontec "router" (with a router of 192.168.0.0/22) configured on my pfSense box which has an IP address of 192.168.4.1. 192.168.4.10 WAS the IPMI address but before I had configured that gateway, I forgot I had changed it. Just to clarify:
192.168.4.1: LAN address of pfSense box
192.168.4.10: Gateway address to Actiontec router (old IP for IPMI)
192.168.4.250: Current IPMI addressI realize it looks bad that my old IPMI address and the address for the gateway to my Actiontec are the same but I can assure they are not currently configured to be the same.
To further confirm a that conflict not being the problem I unplugged my IPMI, and removed the 192.168.4.10 gateway along with the 192.168.0.0/22 route for it from pfSense and still have the same issues once I enable OpenVPN.
What would you like me to show display to show that being the case? Remove them again and do another netstat -r?
-
Another set of netstat -rn -finet commands before and after you do whatever with OpenVPN that appears to break stuff would probably be good.
If you can't get at the webGUI you can do it in ssh.
-
Another set of netstat -rn -finet commands before and after you do whatever with OpenVPN that appears to break stuff would probably be good.
If you can't get at the webGUI you can do it in ssh.
Disabled the 192.168.4.10 gateway and 192.168.0.0/22 route. Then ran netstat -rn -finet commands before and after enabling OpenVPN server. Results below:
Before OpenVPN enabled:
Routing tablesInternet:
Destination Gateway Flags Netif Expire
default 108.30.70.1 UGS igb0
68.237.161.12 0c:c4:7a:33:d6:f4 UHS igb0
71.250.0.12 0c:c4:7a:33:d6:f4 UHS igb0
108.30.70.0/24 link#1 U igb0
108.30.70.185 link#1 UHS lo0
127.0.0.1 link#7 UH lo0
192.168.4.0/24 link#2 U igb1
192.168.4.1 link#2 UHS lo0After OpenVPN enabled:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 108.30.70.1 UGS igb0
10.0.8.1 link#9 UHS lo0
10.0.8.2 link#9 UH ovpns1
68.237.161.12 0c:c4:7a:33:d6:f4 UHS igb0
71.250.0.12 0c:c4:7a:33:d6:f4 UHS igb0
108.30.70.0/24 link#1 U igb0
108.30.70.185 link#1 UHS lo0
127.0.0.1 link#7 UH lo0
192.168.4.0/24 link#2 U igb1
192.168.4.1 link#2 UHS lo0
Looks to me like the only difference is that it adds the 10.0.8.0 interfaces. Don't see why that alone would break the WebGui.
-
Where are you accessing the webgui from? What address are you accessing? You are also not getting the route(s) for the remote networks so that's still buggered. You should probably post your serverX.conf from /var/etc/openvpn.
-
Where are you accessing the webgui from? What address are you accessing? You are also not getting the route(s) for the remote networks so that's still buggered. You should probably post your serverX.conf from /var/etc/openvpn.
I'm accessing from a PC on my LAN (192.168.4.50). I'm trying to access https://192.168.4.1 like I always do from the LAN. Right now I have no remote networks configured in the OpenVPN server. I tried to strip it down as much as possible to isolate the problem. So the only network configured in the OpenVPN server is the VPN network itself (10.0.8.0/32) which is why the remote networks are not showing up.
How can I view that config file from the console? I can get into the directory fine but not sure how to view/access the file. Sorry not very familiar with FreeBSD commands.
Just not computing for me that I can access the server fine over SSH from my PC but not via HTTPS. How can that be a routing issue?
-
Found the issue. Turns out it is a bug. Not so much with pfSense itself but with the bandwidthd package. Once uninstalled I'm all good now.
-
Damn packages. Don't know why people install them. No wonder pfSense "just works" for me and not for other people.
Glad you found it.
-
Damn packages. Don't know why people install them. No wonder pfSense "just works" for me and not for other people.
Glad you found it.
I don't really use them either, I might as well uninstall most (if not all) of them.
Thanks for the continued back and forth dialogue though. Much appreciated.
