Pfsense AMI (ami-3b022ad0) not allowing me to login.
-
Hi,
Is the acl present in AWS to allow connections on either?
Yes its fine I can take SSH of other machine in the same subnet.Is that public IP showing as correctly associated with the pfSense WAN IP?
How to check this?Dev
-
It's shown as part of the instance hostname. I'm sure it will show in other places in AWS, I've never had to check that specifically.
Steve
-
There is nothing we can check on AWS with respect to pfsense WAN IP,outbound NAT on the pfSense WAN includes the all traffic to be allowed source.
-
You could try SSHing to from another instance in the same VPC. That will hit different ACLs.
If you have configured the security group as shown in the docs then pfSense will allow you to connect.
See section 12 here: https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/launching-an-instance.html
Steve
-
When I try to use same security and Sama NACL for another instance with same key , all works good, Even I have tried to take SSH in same VPC from different NACL but no luck.
Security groups are allowed as described in section12, the strange part is pfsense is doing it's task for just I am not able to login.
-
What task is it doing with just one interface?
Can you ping it from another device in the WAN subnet?
Steve
-
It's doing the white listing task through squid proxy and I can ping from different subnet after enabling ICMP.
-
Can someone help on this,it's really weird not able to login to system even all the configurations are in place.
-
How did you configure it if you were never able to log in?
I was under the impression you had just deployed this but if not what were you doing just before you lost access?
Steve
-
Earlier it was allowing me to login, recently(a week ago) the issues has been started where it's not allowing me to login.
-
@Deb so maybe you need start questions from that point?))
-
Ah, yes. If it had previously been accessible then it's very likely some change that was made that is preventing access.
That could be a firewall rule. Or it could be you enabled Snort and it blocked you.
Steve
-
I did not change any firewall rules,or did not enable snort.
-
You may have triggered SSHguard if you tried to login and failed several times. You should still be able to SSH from some other IP if that was the case. SSHing from some other device in the same subnet should work even if it list routing info for example.
Do you have a config backup?
Steve
