Webgui empty response through vpn



  • Hi to all,
    I have configured pfsense as openvpn client.
    I use this VPN to access pfsense console and pfsense webgui, i can access to pfsense via ssh but when i try to access webconfig i get redirect from http to https, the browser alert for my fake ssl certificate and then empty response.
    If i change the protocol from https to http i can open web config but it's really really slow (sometimes i get timeout) when other sites on the same vpn are not slow.

    curl https:

    curl https://84.8.9.20/ -Lvk
    *   Trying 84.8.9.20...
    * TCP_NODELAY set
    * Connected to 84.8.9.20 (84.8.9.20) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /etc/ssl/cert.pem
      CApath: none
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * NPN, negotiated HTTP1.1
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.2 (OUT), TLS handshake, Unknown (67):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 84.8.9.20:443
    * stopped the pause stream!
    * Closing connection 0
    curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 84.8.9.20:443
    

    Routing:

    ...
    84.8.9.0/24	84.8.9.1	UGS	220	1500	ovpnc2	
    84.8.9.1	link#12  UH	0	1500	ovpnc2	
    84.8.9.20	link#12	UHS	0	16384	lo0
    ...
    

    OpenVpn firewall rules:

    Protocol	SourcePort	DestinationPort	Gateway	Queue
    IPv4 TCP	*	*	*	*	WANFIBRA	none
    

    OpenVpn network:

    server 84.8.9.1
    network 84.8.9.0/24
    pfsense ip 84.8.9.20
    client used for testing 84.8.9.8
    

    Do you have any idea why I can not access the web config and why is it so slow?
    Thanks, bye bye!



  • RESOLVED!
    The problem was the MTU of VPN!
    I had MTU 1500 but max of my openvpn machine was 1472.
    I add
    mssfix 1420
    fragment 1472
    mtu-test
    to openvpn client config and all works!
    Thanks!


Log in to reply