IPSec can't access webGUI
-
Are you accessing the pfSense GUI using an address that is interesting to IPsec (Contained in a phase 2)?
Please use complete inside IP addresses. Nobody but you knows what "warehouse" and "home" are. Thanks.
-
sorry
this is my phase 2 at home
tunnel LAN 192.168.10.0/24 ESP AES256-GCM (auto) SHA256
tunnel LAN 192.168.40.0/24 ESP AES256-GCM (auto) SHA256
tunnel LAN 192.168.50.0/24 ESP AES256-GCM (auto) SHA256my network at home is 192.168.1.0/24
Are you accessing the pfSense GUI using an address that is interesting to IPsec (Contained in a phase 2)?
Please use complete inside IP addresses. Nobody but you knows what "warehouse" and "home" are. Thanks.
-
Great. What IP address are you sourcing from, and what IP address is the destination?
-
I am currently on 192.168.1.254 and I am trying to reach 192.168.10.1
I can ping it I can also ssh to it but I can't access the WEBgui I did before and all the changes I've made on 192.168.10.1 is the time server and rule pass network alias of all my networks to LAN address NTP port so they can use those NTP servers "0.pfsense.pool.ntp.org" -> "0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org"
still my IPSec rule is any to any
-
I solved that problem just used used ssh with option 15 to restore it back to recent configuration, but I still can't access my home from here
I am currently on 192.168.10.0/24 network and I am trying to access my home 192.168.1.0/24 network
here is my phase 2 on my warehouse side
tunnel LAN 192.168.1.0/24 ESP AES256-GCM (auto) SHA256
tunnel WIFINET 192.168.1.0/24 ESP AES256-GCM (auto) SHA256
tunnel ANET 192.168.1.0/24 ESP AES256-GCM (auto) SHA256 -
Make sure the stuff at home will accept connections from foreign subnets. Check things like windows firewall there.
-
I have no problem when ssh tunneling to any of my devices at home but the IPSec feels like 1 way tunnel
when I am at home I can access anything on my warehouse, but when I am here I can't access anything at home both sides are with any to any rules both sides have rule on wan to open IPSec port 500 from alias ( I created an alias because I will add more location later)
I have some simple rules on my firewall just basic like DNS, ICMP, HTTP, HTTPS port to have a basic internet access for nowany Idea what can I do to fix that.
-
Yes. Check the windows firewall on the devices at your home.
-
The strange thing is that when from home remote desktop to one of my windows servers here at the warehouse and from there I open my firewall gui it is working but when I am here and remote desktop to the same server and tried to open the firewall gui at home it is not working. I am using the same laptop in both sides. Ok if any of my servers there have as you said some firewall settings to prevent me from accessing the subnets here at warehouse sides what about the pfsense how can I diagnose to see if the packets are even going trough pfsense.
thank you
-
Diagnostics > Packet Capture
Diagnostics > States
-
Hello
I have an AIRVPN installed on my home pfsense box on LAN interface 192.168.1.0/24, but I am not sure if any of those settings can be the reason of my problem. I don't know what most of those rules are for, I just followed the Guide so I can get it up and running I shouldn't probably set this on the LAN I should used the OPT Interface for that but I am still learning so it wont take much more time to learn how to do it right.
Here are the Guide I had from AIRVPN
https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/
Can you see that rule REJECT_LOCAL
Step 6-J: Seventh AirVPN_LAN Firewall Rule
I believe this rule may some how preventing me of accessing my home from warehouse side
Thank you
-
No because any policy routing or default gateway settings will not impact connections coming into the firewall over the VPN.
Did you check the firewall on the host you are trying to connect to?
-
YES I have few Ubuntu servers there and they don't have any firewall enabled and I still cannot connect trough IPSec. I have an COMCAST WIFI near me I connected and tried to ssh tunnel to all of my hosts at home and I had no problem doing that. When I get back on my network here and try to tunnel the same way I can't. I can't even ping the pfsense at home from pfsense at the warehouse side
Thank you
-
I thing I found something
WAN udp (HOME WAN IP):500 -> (WAREHOUSE WAN IP):500 MULTIPLE:MULTIPLE 2.138 K / 2.138 K 237 KiB / 237 KiB
this state is at home should I have similar at my warehouse location?
-
I just setup a 3rd side and I can't access my warehouse side with any application that some of my equipment need. Like POWER ALERT software for TRIPP LITE PDUs. when I use firefox to access any of my PDUs there is no problem, but when I use POWER ALERT to manage any of my pdus or remote desktop to access any of my warehouse windows servers I also can't make a connection I disabled the windows 10 firewall and my bitdefender firewall and windows server firewall to see if it is the firewall problem but it wasn't. this time I have state from 3rd location to the warehouse side and back. I attached the rules of my both sides I have to fix that because my work depend on it
Thank you