Accessing router web interface from LAN

  • Hello,
    current setup:

    DSL Router -
    pfSense - LAN - WAN DHCP from router

    Router and pfSense are connected using VLAN with a managed switch.

    If I try to connect to router GUI for admin pourpose, pfSense route packets to internet instead of to port 80 of the router interface.

    How can I access router gui from trusted internal LAN?

    Thank you

  • LAYER 8 Global Moderator

    What are you trying to access exactly from where? Your saying your trying to access gui on, from pfsense lan 192.168.99.X and you get what? And your accessing it via IP or some FQDN?

  • Hi!

    I am trying from a client in DHCP from pfSense with subnet.
    Trying to ping give not reachable address....

  • LAYER 8 Global Moderator

    Are you forcing your clients out some vpn interface - what are your rules on your lan, or floating tab? Do you have a vpn client setup to some vpn service?

  • eheh, you are right.
    I have a OpenVPN client configured on pfsense and some subnets are going out via vpn.

    If I do a trace route from my pc to the router I can see that the connection exit via vpn gateway...

  • LAYER 8 Global Moderator

    Well yeah that would cause it ;)

    Policy route and allow what you want to access normal routing - before you force it down a vpn gateway..

  • I tried.

    I have set a firewall rule from PC IP address to fritzbox internal address (1921.68.5.254) and the rule is before the main vpn rule but it still goes via vpn....

  • LAYER 8 Global Moderator

    Well you prob pulled routes from your vpn connection, which you don't do if your going to policy route.

  • what have I to check for this?

    Thank you!

  • LAYER 8 Global Moderator

    Look at your routing table, look at your vpn client setup - did you check the do not pull routes checkbox? If not then it would pull routes.

  • Ok, vpn client does not pull routes, I have checked it.

    My current routing table is the following: UGS 0 1500 ovpnc3 link#13 UH 8 1500 ovpnc3 link#13 UHS 456 16384 lo0 link#4 UH 7585 16384 lo0 link#8 U 11236 1500 em1.90 link#8 UHS 0 16384 lo0 link#7 U 2 1500 em0.10 link#7 UHS 0 16384 lo0 link#11 U 226025 1500 em0.20 link#11 UHS 0 16384 lo0 link#12 U 136670 1500 em0.30 link#12 UHS 0 16384 lo0 link#10 U 9794 1500 em0.70 link#10 UHS 0 16384 lo0 link#1 U 652937 1500 em0 link#1 UHS 804 16384 lo0 is VPN

  • I tried also changing the gateway but in trace route it always go for using route.....

  • LAYER 8 Global Moderator

    Where is your default route? I don't see one..

    How would you get anywhere ;)

    Post a screen shot of your lan and floating rules - you clearly have a connection there for the

    That you would go out your vpn, would only happen with a forced connection via gateway rule..

    Keep in mind if you create a rule to allow the access out your normal path, any states would have to be cleared before that would take effect.

  • Adding default route and resetting states did the trick!

    Thank you very much!