Can't Access Webgui while hooked up to internet

mercurynormanbates

@kom I apologize. Regarding the bridge, I was using another privay-oriented guide that instructed to create a bridge. These are the instructions:

"If you purchased a 4-port or 6-port option, you can activate these ports at this time by
configuring the following changes. If you purchased the 2-port FW2B, skip this page.
• Navigate to "Interfaces" then "Assignments".
• Click the "Add" option next to each empty port, which will add one port at a time.
• Repeat until all ports have been added and "Add" is no longer available.
• Save your changes.
• Click through each new option (likely Optl, Opt2, etc.).
• Enable each port by checking the first box, and saving your changes each time.
• When finished with all of them, apply the changes in the upper right.
• Navigate to "Interfaces", "Assignments", then select "Bridges" in the upper menu.
• Click "Add" to create a new bridge.
• Select the LAN option as well as each port that was added with ctrl-click or cmd-click.
• Provide a description as "bridge" and click "Save".
• Navigate to "Firewall" then "Rules".
• Click each port and click the "Add" button (up arrow) for each.
• Change the "Protocol" to "Any".
• Click "Save" after each port is modified.
• Apply changes in upper-right after all ports have been added.
• Navigate to "Interfaces" then "Assignments".
• Click "Add" next to "BRJDGEO" and click "Save".
• Click on the bridge, which may be labeled as "Opt(#)".
• Enable the .interface and change the description to "bridge".
• Click "Save" and then "Apply Changes".
• Navigate to "Firewall" then "Rules".
• Click on "Bridge" then click the "Add" button (up arrow).
• Change the "Protocol" to "Any" and click "Save".
• Apply changes in upper-right."

This is why I created the bridge.

In terms of WAN, my WAN has an address from my ISP. In PfSense, the WAN interface settings are set to default. I first noticed that there was an issue when the automatic outbound NAT rules would not generate any automatic rules, then I saw this thread: https://forum.netgate.com/topic/167347/nothing-under-automatic-rules-for-outbound-nat so I thought the issue might be related to my WAN not having a gateway address in Pfsense, causing the rules to not generate. I don't know whether the automatic rules problem is somehow related to my internet/webgui problem.

As for "get access," I mean that I cannot get the webgui to load under any circumstances if the internet is also active at the same time. As in, if the router is getting internet which leads to my computer connected via the LAN port getting internet, then I cannot load the webgui at all.

It also meant that during previous attempts to get the ProtonVPN going (before I factory reset several times), it was not connecting to the VPN server at all.

This all makes me think that there is some kind of issue with the internet being connected to the router cutting of access to the webgui and vice versa. The two things (internet and webgui) cannot be active at the same time, and I just can't figure out why that is.

I would be happy to do any additional tests or provide more information.

mercurynormanbates

@kom
If I have webgui up successfully and the modem is connected to the router, then I am unable to ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 192.168.1.205: Destination host unreachable.
Reply from 192.168.1.205: Destination host unreachable.
Reply from 192.168.1.205: Destination host unreachable.
Reply from 192.168.1.205: Destination host unreachable.

KOM

@mercurynormanbates So LAN is 192.168.1.0/24, correct? What network is your WAN on? I'm wondering if your modem is not set to bridge mode and is giving your WAN a NATed address in the same subnet as your LAN.

Can you ping 8.8.8.8 if you do it via pfSense Diagnostics - Ping and pick WAN for source address?

stephenw10

@mercurynormanbates said in Can't Access Webgui while hooked up to internet:

Turn off VPN
Can now access the webgui but now I lose internet

That seems like a clue. You are disabling a local VPN client on the LAN side host?

What is 192.168.1.205? If that the local host IP then it has no default route after disabling the VPN client.

Steve

KOM

I'm not exactly clear if he redid the VPN config after resetting everything or not. I'm probably misunderstanding but I thought he was having basic connectivity issues aside from the VPN.

mercurynormanbates

@kom

I loaded the pfsense webgui with my computer connected via LAN. Once in, I connected the modem to the WAN port.

When I did the ping from diagnostics with WAN as the source, I get:

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

KOM

@mercurynormanbates Do you have any VPN config stuff still loaded? Did you change any rules or outbound NAT settings? If you look at Status - Interfaces, does your WAN have an address, and if it does is it in the same subnet as your LAN? Do you see a default gateway under System - Routing - Gateways?

mercurynormanbates

@kom I did not reconfigure the VPN on the pfsense after resetting. I did have a VPN running on my computer, but it was disconnected (then I uninstalled it to be safe).

KOM

@mercurynormanbates OK, and the answers to my other questions would be....

mercurynormanbates

@kom Sorry, I saw the other comment about the VPN before I saw your latest one.

It does not list an address for WAN. It's "down"

WAN Interface (wan, igb0)
Status
no carrier
DHCP
down
MAC Address
MTU
1500
Media
autoselect
In/out packets
0/2 (0 B/112 B)
In/out packets (pass)
0/2 (0 B/112 B)
In/out packets (block)
0/0 (0 B/0 B)
In/out errors
0/0
Collisions
0

Gateway set to “automatic”
For Default gateway IPv4, there is no other option besides "automatic"
For IPv6, it has WAN_DHCP6 as an option in the dropdown

KOM

@mercurynormanbates Well, you will have to resolve that to get anywhere further. Try unplugging your cable modem, wait 10 seconds and then boot it back up with pfSense still running. Check again to see if it got an address. Is there anything funny about your ISP for example are they delivering Internet to you on a VLAN? You can also try doing a packet capture on WAN to see if it's getting any reply traffic from your DHCP requests.

johnpoz

@mercurynormanbates said in Can't Access Webgui while hooked up to internet:

Status
no carrier

how would that even work - from that its not plugged in even..

mercurynormanbates

This post is deleted!

johnpoz

@mercurynormanbates said in Can't Access Webgui while hooked up to internet:

Status
no carrier

Never ever ever going to work with no carrier - its not connected.. How could it work.. Either cable bad, port bad, device its connected to is OFF..

KOM

@mercurynormanbates Check that your modem is plugged in and powered up, check your network cable between pfSense WAN and your modem. Check your modem's connection to coax.

mercurynormanbates

@kom said in Can't Access Webgui while hooked up to internet:

Check that your modem is plugged in and powered up, check your network cable between pfSense WAN and your modem. Check your modem's connection to coax.

Modem plugged in and powered up. I am currently using the network cable I used between pfsense and the modem to plug directly into my computer (and have internet).

My modem is through Spectrum and I don't know of any quirks with that. Like I said, at some point in the last few days, I was able to get internet to my computer hooked up to the LAN port with modem hooked up to WAN and get internet, but then I couldn't load the webgui.

KOM

@mercurynormanbates Very strange. Is your pfSense LAN interface 192.168.1.1? Is it possible that you have another device on your network with the same address? Not being able to get to WebGUI is unrelated to WAN not syncing.

mercurynormanbates

@kom

Yes, the pfSense LAN interface is assigned 192.168.1.1

I have another router that I use as my main wireless router that was also assigned 192.168.1.1, but it is not currently running.

KOM

@mercurynormanbates If you disconnect pfSense LAN cable, can you still ping 192.168.1.1? I assume you have pfSense LAN configured to server DHCP addresses to clients? Your PC has a LAN address within your defined scope, and if you run ipconfig in Windows you see 192.168.1.1 as default gateway?

stephenw10

Do you even see link LEDs on the WAN NIC? Or at the modem end Ethernet?

You will probably need to reboot the modem to actually get an IP on the pfSense WAN after connecting directly with a laptop. But you should see a link at least at any time.

Steve