Accessing router web interface from LAN
DSL Router - 192.168.5.254
pfSense - LAN 192.168.99.1 - WAN DHCP from router
Router and pfSense are connected using VLAN with a managed switch.
If I try to connect to router GUI for admin pourpose, pfSense route packets to internet instead of to port 80 of the router interface.
How can I access router gui from trusted internal LAN?
What are you trying to access exactly from where? Your saying your trying to access gui on 192.168.5.254, from pfsense lan 192.168.99.X and you get what? And your accessing it via IP or some FQDN?
I am trying from a client in DHCP from pfSense with 192.168.99.0 subnet.
Trying to ping 192.168.5.254 give not reachable address....
Are you forcing your clients out some vpn interface - what are your rules on your lan, or floating tab? Do you have a vpn client setup to some vpn service?
eheh, you are right.
I have a OpenVPN client configured on pfsense and some subnets are going out via vpn.
If I do a trace route from my pc to the router I can see that the connection exit via vpn gateway...
Well yeah that would cause it ;)
Policy route and allow what you want to access normal routing - before you force it down a vpn gateway..
I have set a firewall rule from PC IP address to fritzbox internal address (19126.96.36.199) and the rule is before the main vpn rule but it still goes via vpn....
Well you prob pulled routes from your vpn connection, which you don't do if your going to policy route.
what have I to check for this?
Look at your routing table, look at your vpn client setup - did you check the do not pull routes checkbox? If not then it would pull routes.
Ok, vpn client does not pull routes, I have checked it.
My current routing table is the following:
10.8.3.0/24 10.8.3.1 UGS 0 1500 ovpnc3
10.8.3.1 link#13 UH 8 1500 ovpnc3
10.8.3.19 link#13 UHS 456 16384 lo0
127.0.0.1 link#4 UH 7585 16384 lo0
192.168.5.0/24 link#8 U 11236 1500 em1.90
192.168.5.42 link#8 UHS 0 16384 lo0
192.168.10.0/24 link#7 U 2 1500 em0.10
192.168.10.1 link#7 UHS 0 16384 lo0
192.168.20.0/24 link#11 U 226025 1500 em0.20
192.168.20.1 link#11 UHS 0 16384 lo0
192.168.30.0/24 link#12 U 136670 1500 em0.30
192.168.30.1 link#12 UHS 0 16384 lo0
192.168.70.0/24 link#10 U 9794 1500 em0.70
192.168.70.1 link#10 UHS 0 16384 lo0
192.168.99.0/24 link#1 U 652937 1500 em0
192.168.99.1 link#1 UHS 804 16384 lo0
10.8.3.0 is VPN
I tried also changing the gateway but in trace route it always go for 192.168.5.254 using 10.8.3.0 route.....
Where is your default route? I don't see one..
How would you get anywhere ;)
Post a screen shot of your lan and floating rules - you clearly have a connection there for the 192.168.5.0/24
That you would go out your vpn, would only happen with a forced connection via gateway rule..
Keep in mind if you create a rule to allow the access out your normal path, any states would have to be cleared before that would take effect.
Adding default route and resetting states did the trick!
Thank you very much!