VPN connects but I can't access pfSense.



  • Hi
    I've setup a VPN and it connects fine. Access is restricted to OPT2.
    When connected I can reach my NAS on this interface fine, but I can't access pfSense itself.

    Should I be able to do this or is there something I should set to allow this ?

    Thanks



  • Assuming your trying to connect from outside (though the WAN over the VPN) and not from a LAN on the same box??

    What do your VPN firewall rules look like?



  • Hi
    I'm connecting via the WAN using an IPSEC VPN which routes to an interface named OPT2

    Under rules / OPT2 I have 3 rules:

    1. Block anything from OPT2 to WiFi
    2. Block anything from OPT2 to LAN
    3. Allow from OPT2 to IP address of NAS.

    This seems to work and when connected via VPN we can only connect to the NAS.
    I added another rules the same as 3 to allow access to the IP address assigned to OPT2 interface thinking that would allow access to pfSense.

    When I tried to connect I got errors stating the connection wasn't private and was rejected.

    Any help is appreciated.
    Thanks



  • @tomt

    Hey
    Show rules /Firewall/Rules/IPsec
    and phase2 IPsec settings



  • Hi

    This is the Phase 2 settings.

    0_1549806326516_Phase2.jpg

    and these are the rules for IPSEC.
    0_1549806364030_IPSEC.jpg

    I have two IPSEC VPNS configured.
    One is a site to site VPN and I restrict access from 192.168.92.0/24 to specific devices.. that seems to work fine.

    The other is a Dialin IPSEC VPN which has access to the NAS on OPT2, this is what I want to dial into and have access to the NAS & pfSense.

    Thanks



  • @zmaliz
    The last rule shows that you give all access to the OPT2 network. What is the IP address of the OPT2 interface PF?
    Try to access WebGui PF through this address (IP address OPT2 interface PF)



  • Hi

    The IP Address of the OPT2 interface is 172.x.x.1, when I connect to the VPN I get 172.x.x.100

    If I try to browse to pfSense I get:

    0_1549812564368_Screenshot_20190210-152031.jpg

    If I click Advanced I get:

    0_1549812588565_Screenshot_20190210-152053.jpg

    If I click on Proceed to 172.x.x.1 I get taken back to the first page (image1)
    Clicking on the error shown I get:

    0_1549812648104_Screenshot_20190210-152115.jpg

    This is the certificate of the pfSense box.. I can connect fine via the LAN interface.
    What am I doing wrong ! ?

    Thanks



  • @zmaliz said in VPN connects but I can't access pfSense.:

    What am I doing wrong ! ?

    You have no clue how certificates work, this has nothing to do with the VPN.

    NET::ERR_CERT_AUTHORITY_INVALID

    Google it and google how to to add your CA to your device/browser or how to allow self-signed certs.



  • Thanks

    As far as I can tell the WebConfigurator CA is added to me device.
    Not sure why this works on the LAN and Wifi, but not VPN.

    I'd appreciate any help with this. Thanks