Pfsense AMI (ami-3b022ad0) not allowing me to login.
-
Hi Guys,
My instance in AWS was deployed with AMI ami-3b022ad0, I am not able to login with having all network and key things in place, I have tried to copy to different account and tried to login the instance but unfortunately I am not able to login, when I see the instance screen shot from AWS it's waiting for the inputs as
-
Can we see that screenshot?
Steve
-
Sure attached here.
-
Ah, that looks correct then. That's the menu it displays when it's finished booting. You should be able to login directly:
https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/managing-an-instance.htmlWhat is failing when you try to connect? What error are you seeing?
Steve
-
When I try to login through putty for the server with public IP,it says network error ,IPs are correctly allowed for SSH to this box.
-
Like it's refusing SSH or like there's no route? I'm assuming you are using the actual public IP and not the WAN address.
Can you connect over https?
Steve
-
I am using actual public IP to connect routing is perfectly fine.I can't access SSH neither https.
-
Is the acl present in AWS to allow connections on either? Is that piblic IP showing as correctly associated with the pfSense WAN IP?
Steve
-
Hi,
Is the acl present in AWS to allow connections on either?
Yes its fine I can take SSH of other machine in the same subnet.Is that public IP showing as correctly associated with the pfSense WAN IP?
How to check this?Dev
-
It's shown as part of the instance hostname. I'm sure it will show in other places in AWS, I've never had to check that specifically.
Steve
-
There is nothing we can check on AWS with respect to pfsense WAN IP,outbound NAT on the pfSense WAN includes the all traffic to be allowed source.
-
You could try SSHing to from another instance in the same VPC. That will hit different ACLs.
If you have configured the security group as shown in the docs then pfSense will allow you to connect.
See section 12 here: https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/launching-an-instance.html
Steve
-
When I try to use same security and Sama NACL for another instance with same key , all works good, Even I have tried to take SSH in same VPC from different NACL but no luck.
Security groups are allowed as described in section12, the strange part is pfsense is doing it's task for just I am not able to login.
-
What task is it doing with just one interface?
Can you ping it from another device in the WAN subnet?
Steve
-
It's doing the white listing task through squid proxy and I can ping from different subnet after enabling ICMP.
-
Can someone help on this,it's really weird not able to login to system even all the configurations are in place.
-
How did you configure it if you were never able to log in?
I was under the impression you had just deployed this but if not what were you doing just before you lost access?
Steve
-
Earlier it was allowing me to login, recently(a week ago) the issues has been started where it's not allowing me to login.
-
@Deb so maybe you need start questions from that point?))
-
Ah, yes. If it had previously been accessible then it's very likely some change that was made that is preventing access.
That could be a firewall rule. Or it could be you enabled Snort and it blocked you.
Steve
-
I did not change any firewall rules,or did not enable snort.
-
You may have triggered SSHguard if you tried to login and failed several times. You should still be able to SSH from some other IP if that was the case. SSHing from some other device in the same subnet should work even if it list routing info for example.
Do you have a config backup?
Steve
