Accessing router web interface from LAN


  • Hello,
    current setup:

    DSL Router - 192.168.5.254
    pfSense - LAN 192.168.99.1 - WAN DHCP from router

    Router and pfSense are connected using VLAN with a managed switch.

    If I try to connect to router GUI for admin pourpose, pfSense route packets to internet instead of to port 80 of the router interface.

    How can I access router gui from trusted internal LAN?

    Thank you

  • LAYER 8 Global Moderator

    What are you trying to access exactly from where? Your saying your trying to access gui on 192.168.5.254, from pfsense lan 192.168.99.X and you get what? And your accessing it via IP or some FQDN?


  • Hi!

    I am trying from a client in DHCP from pfSense with 192.168.99.0 subnet.
    Trying to ping 192.168.5.254 give not reachable address....

  • LAYER 8 Global Moderator

    Are you forcing your clients out some vpn interface - what are your rules on your lan, or floating tab? Do you have a vpn client setup to some vpn service?


  • eheh, you are right.
    I have a OpenVPN client configured on pfsense and some subnets are going out via vpn.

    If I do a trace route from my pc to the router I can see that the connection exit via vpn gateway...

  • LAYER 8 Global Moderator

    Well yeah that would cause it ;)

    Policy route and allow what you want to access normal routing - before you force it down a vpn gateway..


  • I tried.

    I have set a firewall rule from PC IP address to fritzbox internal address (1921.68.5.254) and the rule is before the main vpn rule but it still goes via vpn....

  • LAYER 8 Global Moderator

    Well you prob pulled routes from your vpn connection, which you don't do if your going to policy route.


  • what have I to check for this?

    Thank you!

  • LAYER 8 Global Moderator

    Look at your routing table, look at your vpn client setup - did you check the do not pull routes checkbox? If not then it would pull routes.


  • Ok, vpn client does not pull routes, I have checked it.

    My current routing table is the following:

    10.8.3.0/24 10.8.3.1 UGS 0 1500 ovpnc3
    10.8.3.1 link#13 UH 8 1500 ovpnc3
    10.8.3.19 link#13 UHS 456 16384 lo0
    127.0.0.1 link#4 UH 7585 16384 lo0
    192.168.5.0/24 link#8 U 11236 1500 em1.90
    192.168.5.42 link#8 UHS 0 16384 lo0
    192.168.10.0/24 link#7 U 2 1500 em0.10
    192.168.10.1 link#7 UHS 0 16384 lo0
    192.168.20.0/24 link#11 U 226025 1500 em0.20
    192.168.20.1 link#11 UHS 0 16384 lo0
    192.168.30.0/24 link#12 U 136670 1500 em0.30
    192.168.30.1 link#12 UHS 0 16384 lo0
    192.168.70.0/24 link#10 U 9794 1500 em0.70
    192.168.70.1 link#10 UHS 0 16384 lo0
    192.168.99.0/24 link#1 U 652937 1500 em0
    192.168.99.1 link#1 UHS 804 16384 lo0

    10.8.3.0 is VPN


  • I tried also changing the gateway but in trace route it always go for 192.168.5.254 using 10.8.3.0 route.....

  • LAYER 8 Global Moderator

    Where is your default route? I don't see one..

    How would you get anywhere ;)

    Post a screen shot of your lan and floating rules - you clearly have a connection there for the 192.168.5.0/24

    That you would go out your vpn, would only happen with a forced connection via gateway rule..

    Keep in mind if you create a rule to allow the access out your normal path, any states would have to be cleared before that would take effect.


  • Adding default route and resetting states did the trick!

    Thank you very much!