• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[Solved] Cant access pfsense https over IPSec

Scheduled Pinned Locked Moved IPsec
4 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    marcvb
    last edited by Jul 9, 2016, 1:53 PM Jul 6, 2016, 8:26 PM

    We got this realy strange problem.
    We worked with 3 senior it employees on this problem and we cant find the solution.

    We got an IPSec connection between 2 sites.
    We can ping from both sides the internal lan ip of the pfsense.
    But from site 1 we are unable to open https sites on site 2 on the lan ip.
    From site 2 to site 1 this isn't a problem.
    We changed the firewalls on both sides for pfsense still the same problem.
    Strange thing is we can't connect to the pfsense lan over https and also a Linux web server is giving the same problem, what is even more strange is that we can access a Windows iis webserver over the same vpn.

    We tried changing ip ranges and rebuild the firewalls on both sides. We even connected a third site over vpn. This site has no problem what so ever.

    Hope you can help us out.
    We are planning to restart the switches at site 1 to see if that solves the problem

    1 Reply Last reply Reply Quote 0
    • J
      julianbros
      last edited by Jul 8, 2016, 8:33 PM

      Is it only the PfSense http/https service which is broken?

      Can you confirm by calling other urls from different sites?

      I had the same problem which was solved by enable MSS clamping on VPN traffic.

      1 Reply Last reply Reply Quote 0
      • M
        marcvb
        last edited by Jul 9, 2016, 1:56 PM Jul 9, 2016, 1:52 PM

        @julianbros:

        Is it only the PfSense http/https service which is broken?

        Can you confirm by calling other urls from different sites?

        I had the same problem which was solved by enable MSS clamping on VPN traffic.

        Thank you for that answer i will try it next moday.
        I sort of fixed it by changing the mtu value of the nic.
        We needed to setup a remote veeam back-up and access the esx over ipsec.
        This wasn't possible only after lowering the mtu value.
        It was both on http and https 80/443
        Site 1 has fiber 100/100 and site 2 has 250/250.
        It just stopped working, maybe the isp changed something.

        This is not a really nice fix and i will try the MSS clamping maybe this wil fix it for the whole network.

        1 Reply Last reply Reply Quote 0
        • M
          marcvb
          last edited by Jul 11, 2016, 2:16 PM

          @julianbros:

          Is it only the PfSense http/https service which is broken?

          Can you confirm by calling other urls from different sites?

          I had the same problem which was solved by enable MSS clamping on VPN traffic.

          MSS clamping has solved it for the complete network, thank you!

          1 Reply Last reply Reply Quote 0
          2 out of 4
          • First post
            2/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received