Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense AMI (ami-3b022ad0) not allowing me to login.

    Scheduled Pinned Locked Moved General pfSense Questions
    22 Posts 3 Posters 961 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Deb
      last edited by Deb

      Hi Guys,

      My instance in AWS was deployed with AMI ami-3b022ad0, I am not able to login with having all network and key things in place, I have tried to copy to different account and tried to login the instance but unfortunately I am not able to login, when I see the instance screen shot from AWS it's waiting for the inputs as

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Can we see that screenshot?

        Steve

        1 Reply Last reply Reply Quote 0
        • D
          Deb
          last edited by

          Sure attached here.pfsense query_1.PNG

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Ah, that looks correct then. That's the menu it displays when it's finished booting. You should be able to login directly:
            https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/managing-an-instance.html

            What is failing when you try to connect? What error are you seeing?

            Steve

            D 1 Reply Last reply Reply Quote 0
            • D
              Deb @stephenw10
              last edited by

              @stephenw10

              When I try to login through putty for the server with public IP,it says network error ,IPs are correctly allowed for SSH to this box.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Like it's refusing SSH or like there's no route? I'm assuming you are using the actual public IP and not the WAN address.

                Can you connect over https?

                Steve

                D 1 Reply Last reply Reply Quote 0
                • D
                  Deb @stephenw10
                  last edited by

                  I am using actual public IP to connect routing is perfectly fine.I can't access SSH neither https.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Is the acl present in AWS to allow connections on either? Is that piblic IP showing as correctly associated with the pfSense WAN IP?

                    Steve

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      Deb @stephenw10
                      last edited by

                      Hi,
                      Is the acl present in AWS to allow connections on either?
                      Yes its fine I can take SSH of other machine in the same subnet.

                      Is that public IP showing as correctly associated with the pfSense WAN IP?
                      How to check this?

                      Dev

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        It's shown as part of the instance hostname. I'm sure it will show in other places in AWS, I've never had to check that specifically.

                        Steve

                        D 1 Reply Last reply Reply Quote 0
                        • D
                          Deb @stephenw10
                          last edited by

                          There is nothing we can check on AWS with respect to pfsense WAN IP,outbound NAT on the pfSense WAN includes the all traffic to be allowed source.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            You could try SSHing to from another instance in the same VPC. That will hit different ACLs.

                            If you have configured the security group as shown in the docs then pfSense will allow you to connect.

                            See section 12 here: https://docs.netgate.com/pfsense/en/latest/solutions/aws-vpn-appliance/launching-an-instance.html

                            Steve

                            D 1 Reply Last reply Reply Quote 0
                            • D
                              Deb @stephenw10
                              last edited by

                              When I try to use same security and Sama NACL for another instance with same key , all works good, Even I have tried to take SSH in same VPC from different NACL but no luck.

                              Security groups are allowed as described in section12, the strange part is pfsense is doing it's task for just I am not able to login.

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                What task is it doing with just one interface?

                                Can you ping it from another device in the WAN subnet?

                                Steve

                                D 1 Reply Last reply Reply Quote 0
                                • D
                                  Deb @stephenw10
                                  last edited by

                                  It's doing the white listing task through squid proxy and I can ping from different subnet after enabling ICMP.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    Deb
                                    last edited by Deb

                                    Can someone help on this,it's really weird not able to login to system even all the configurations are in place.

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      How did you configure it if you were never able to log in?

                                      I was under the impression you had just deployed this but if not what were you doing just before you lost access?

                                      Steve

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        Deb
                                        last edited by

                                        Earlier it was allowing me to login, recently(a week ago) the issues has been started where it's not allowing me to login.

                                        dragoangelD 1 Reply Last reply Reply Quote 0
                                        • dragoangelD
                                          dragoangel @Deb
                                          last edited by

                                          @Deb so maybe you need start questions from that point?))

                                          Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                                          Unifi AP-AC-LR with EAP RADIUS, US-24

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Ah, yes. If it had previously been accessible then it's very likely some change that was made that is preventing access.

                                            That could be a firewall rule. Or it could be you enabled Snort and it blocked you.

                                            Steve

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.