Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Cant access pfsense https over IPSec

    IPsec
    2
    4
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marcvb
      last edited by

      We got this realy strange problem.
      We worked with 3 senior it employees on this problem and we cant find the solution.

      We got an IPSec connection between 2 sites.
      We can ping from both sides the internal lan ip of the pfsense.
      But from site 1 we are unable to open https sites on site 2 on the lan ip.
      From site 2 to site 1 this isn't a problem.
      We changed the firewalls on both sides for pfsense still the same problem.
      Strange thing is we can't connect to the pfsense lan over https and also a Linux web server is giving the same problem, what is even more strange is that we can access a Windows iis webserver over the same vpn.

      We tried changing ip ranges and rebuild the firewalls on both sides. We even connected a third site over vpn. This site has no problem what so ever.

      Hope you can help us out.
      We are planning to restart the switches at site 1 to see if that solves the problem

      1 Reply Last reply Reply Quote 0
      • J
        julianbros
        last edited by

        Is it only the PfSense http/https service which is broken?

        Can you confirm by calling other urls from different sites?

        I had the same problem which was solved by enable MSS clamping on VPN traffic.

        1 Reply Last reply Reply Quote 0
        • M
          marcvb
          last edited by

          @julianbros:

          Is it only the PfSense http/https service which is broken?

          Can you confirm by calling other urls from different sites?

          I had the same problem which was solved by enable MSS clamping on VPN traffic.

          Thank you for that answer i will try it next moday.
          I sort of fixed it by changing the mtu value of the nic.
          We needed to setup a remote veeam back-up and access the esx over ipsec.
          This wasn't possible only after lowering the mtu value.
          It was both on http and https 80/443
          Site 1 has fiber 100/100 and site 2 has 250/250.
          It just stopped working, maybe the isp changed something.

          This is not a really nice fix and i will try the MSS clamping maybe this wil fix it for the whole network.

          1 Reply Last reply Reply Quote 0
          • M
            marcvb
            last edited by

            @julianbros:

            Is it only the PfSense http/https service which is broken?

            Can you confirm by calling other urls from different sites?

            I had the same problem which was solved by enable MSS clamping on VPN traffic.

            MSS clamping has solved it for the complete network, thank you!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.