VPN connects but I can't access pfSense.

TomT

Hi
I've setup a VPN and it connects fine. Access is restricted to OPT2.
When connected I can reach my NAS on this interface fine, but I can't access pfSense itself.

Should I be able to do this or is there something I should set to allow this ?

Thanks

chpalmer

Assuming your trying to connect from outside (though the WAN over the VPN) and not from a LAN on the same box??

What do your VPN firewall rules look like?

TomT

Hi
I'm connecting via the WAN using an IPSEC VPN which routes to an interface named OPT2

Under rules / OPT2 I have 3 rules:

1. Block anything from OPT2 to WiFi
2. Block anything from OPT2 to LAN
3. Allow from OPT2 to IP address of NAS.

This seems to work and when connected via VPN we can only connect to the NAS.
I added another rules the same as 3 to allow access to the IP address assigned to OPT2 interface thinking that would allow access to pfSense.

When I tried to connect I got errors stating the connection wasn't private and was rejected.

Any help is appreciated.
Thanks

Konstanti

@tomt

Hey
Show rules /Firewall/Rules/IPsec
and phase2 IPsec settings

zMaliz

Hi

This is the Phase 2 settings.

and these are the rules for IPSEC.

I have two IPSEC VPNS configured.
One is a site to site VPN and I restrict access from 192.168.92.0/24 to specific devices.. that seems to work fine.

The other is a Dialin IPSEC VPN which has access to the NAS on OPT2, this is what I want to dial into and have access to the NAS & pfSense.

Thanks

Konstanti

@zmaliz
The last rule shows that you give all access to the OPT2 network. What is the IP address of the OPT2 interface PF?
Try to access WebGui PF through this address (IP address OPT2 interface PF)

zMaliz

Hi

The IP Address of the OPT2 interface is 172.x.x.1, when I connect to the VPN I get 172.x.x.100

If I try to browse to pfSense I get:

If I click Advanced I get:

If I click on Proceed to 172.x.x.1 I get taken back to the first page (image1)
Clicking on the error shown I get:

This is the certificate of the pfSense box.. I can connect fine via the LAN interface.
What am I doing wrong ! ?

Thanks

Grimson

@zmaliz said in VPN connects but I can't access pfSense.:

What am I doing wrong ! ?

You have no clue how certificates work, this has nothing to do with the VPN.

NET::ERR_CERT_AUTHORITY_INVALID

Google it and google how to to add your CA to your device/browser or how to allow self-signed certs.

zMaliz

Thanks

As far as I can tell the WebConfigurator CA is added to me device.
Not sure why this works on the LAN and Wifi, but not VPN.

I'd appreciate any help with this. Thanks