Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN connects but I can't access pfSense.

    Scheduled Pinned Locked Moved IPsec
    9 Posts 5 Posters 945 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TomT
      last edited by

      Hi
      I've setup a VPN and it connects fine. Access is restricted to OPT2.
      When connected I can reach my NAS on this interface fine, but I can't access pfSense itself.

      Should I be able to do this or is there something I should set to allow this ?

      Thanks

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        Assuming your trying to connect from outside (though the WAN over the VPN) and not from a LAN on the same box??

        What do your VPN firewall rules look like?

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • T
          TomT
          last edited by

          Hi
          I'm connecting via the WAN using an IPSEC VPN which routes to an interface named OPT2

          Under rules / OPT2 I have 3 rules:

          1. Block anything from OPT2 to WiFi
          2. Block anything from OPT2 to LAN
          3. Allow from OPT2 to IP address of NAS.

          This seems to work and when connected via VPN we can only connect to the NAS.
          I added another rules the same as 3 to allow access to the IP address assigned to OPT2 interface thinking that would allow access to pfSense.

          When I tried to connect I got errors stating the connection wasn't private and was rejected.

          Any help is appreciated.
          Thanks

          K 1 Reply Last reply Reply Quote 0
          • K
            Konstanti @TomT
            last edited by

            @tomt

            Hey
            Show rules /Firewall/Rules/IPsec
            and phase2 IPsec settings

            1 Reply Last reply Reply Quote 0
            • Z
              zMaliz
              last edited by

              Hi

              This is the Phase 2 settings.

              0_1549806326516_Phase2.jpg

              and these are the rules for IPSEC.
              0_1549806364030_IPSEC.jpg

              I have two IPSEC VPNS configured.
              One is a site to site VPN and I restrict access from 192.168.92.0/24 to specific devices.. that seems to work fine.

              The other is a Dialin IPSEC VPN which has access to the NAS on OPT2, this is what I want to dial into and have access to the NAS & pfSense.

              Thanks

              K 1 Reply Last reply Reply Quote 0
              • K
                Konstanti @zMaliz
                last edited by

                @zmaliz
                The last rule shows that you give all access to the OPT2 network. What is the IP address of the OPT2 interface PF?
                Try to access WebGui PF through this address (IP address OPT2 interface PF)

                1 Reply Last reply Reply Quote 0
                • Z
                  zMaliz
                  last edited by

                  Hi

                  The IP Address of the OPT2 interface is 172.x.x.1, when I connect to the VPN I get 172.x.x.100

                  If I try to browse to pfSense I get:

                  0_1549812564368_Screenshot_20190210-152031.jpg

                  If I click Advanced I get:

                  0_1549812588565_Screenshot_20190210-152053.jpg

                  If I click on Proceed to 172.x.x.1 I get taken back to the first page (image1)
                  Clicking on the error shown I get:

                  0_1549812648104_Screenshot_20190210-152115.jpg

                  This is the certificate of the pfSense box.. I can connect fine via the LAN interface.
                  What am I doing wrong ! ?

                  Thanks

                  GrimsonG 1 Reply Last reply Reply Quote 0
                  • GrimsonG
                    Grimson Banned @zMaliz
                    last edited by Grimson

                    @zmaliz said in VPN connects but I can't access pfSense.:

                    What am I doing wrong ! ?

                    You have no clue how certificates work, this has nothing to do with the VPN.

                    NET::ERR_CERT_AUTHORITY_INVALID

                    Google it and google how to to add your CA to your device/browser or how to allow self-signed certs.

                    1 Reply Last reply Reply Quote 0
                    • Z
                      zMaliz
                      last edited by

                      Thanks

                      As far as I can tell the WebConfigurator CA is added to me device.
                      Not sure why this works on the LAN and Wifi, but not VPN.

                      I'd appreciate any help with this. Thanks

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.