Webgui empty response through vpn
-
Hi to all,
I have configured pfsense as openvpn client.
I use this VPN to access pfsense console and pfsense webgui, i can access to pfsense via ssh but when i try to access webconfig i get redirect from http to https, the browser alert for my fake ssl certificate and then empty response.
If i change the protocol from https to http i can open web config but it's really really slow (sometimes i get timeout) when other sites on the same vpn are not slow.curl https:
curl https://84.8.9.20/ -Lvk * Trying 84.8.9.20... * TCP_NODELAY set * Connected to 84.8.9.20 (84.8.9.20) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * NPN, negotiated HTTP1.1 * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Unknown (67): * TLSv1.2 (OUT), TLS handshake, Finished (20): * LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 84.8.9.20:443 * stopped the pause stream! * Closing connection 0 curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 84.8.9.20:443
Routing:
... 84.8.9.0/24 84.8.9.1 UGS 220 1500 ovpnc2 84.8.9.1 link#12 UH 0 1500 ovpnc2 84.8.9.20 link#12 UHS 0 16384 lo0 ...
OpenVpn firewall rules:
Protocol SourcePort DestinationPort Gateway Queue IPv4 TCP * * * * WANFIBRA none
OpenVpn network:
server 84.8.9.1 network 84.8.9.0/24 pfsense ip 84.8.9.20 client used for testing 84.8.9.8
Do you have any idea why I can not access the web config and why is it so slow?
Thanks, bye bye! -
RESOLVED!
The problem was the MTU of VPN!
I had MTU 1500 but max of my openvpn machine was 1472.
I add
mssfix 1420
fragment 1472
mtu-test
to openvpn client config and all works!
Thanks!