Can't Access Webgui while hooked up to internet

mercurynormanbates

When I was installing pfsense, I was only connected to my computer via the LAN connection. I was able to get to the webgui just fine. The problem was that there was no address assigned to my WAN so the automatic NAT rules would not populate. When I hooked the router up to my modem via the WAN port, my computer started receiving internet but I can no longer access the webgui at all. I thought that maybe there was a conflict with IP addresses, so I changed the LAN to 192.168.2.1 to see if that would resolve it. I still have internet, but I still cannot load the webgui.

Note that I was in the process of installing ProtonVPN on it, following this guide: https://protonvpn.com/support/pfsense-vpn-setup/ but couldn't get passed the NAT rules section.

Also note that I am a complete noob, so I am gratiously asking for patience in dealing with me. I would appreciate any help.

KOM

@mercurynormanbates Depending on how badly you might have borked things, you might want to consider doing a factory reset and getting it back up to a stable config first. You can also restore recent config from console option 15. Once there, create a backup config.xml and then do your VPN creation. If it goes badly again, you can always factory reset again and then restore your config to get back up quickly.

mercurynormanbates

@kom I am going to do a factory reset and see what happens.

mercurynormanbates

@kom Here is what happened:

Factory reset pfsense
Connect computer via LAN
Go to webgui via 192.168.1.1
Log in with default credentials
Setup – everything default
Interface assignments – add ports, enable ports
Add bridge
Add firewall rules – protocol any for all
Reset modem, plug in modem via WAN, reboot pfsense
Am now connected to internet via computer connected through LAN
Attempt to access webgui through 192.168.1.1
Repeatedly get “192.168.1.1 took too long to respond” error
Turn off windows firewall, still can’t access webgui
Turn off VPN
Can now access the webgui but now I lose internet
Log out of webgui
Reset modem, reset router
Now have internet again
Attempt to access webgui through 192.168.1.1 (no VPN)
Get “192.168.1.1 took too long to respond” error
Close ProtonVPN processes in background
“192.168.1.1 took too long to respond” error
Disconnect internet
“192.168.1.1 took too long to respond” error
Reset router
Can now log in to webgui

mercurynormanbates

I still can't figure out what the issue is here.

KOM

@mercurynormanbates Whatever you're doing, it's not right. What 'bridge' are you creating and why? You don't normally need a bridge for a VPN connection. You said your WAN can't get an address. Did you manage to resolve this? The Proton VPN directions loo pretty standard.

mercurynormanbates

@kom At what point is this a hardware issue? I factory reset again and didn't do anything else. Can connect to the webgui but cannot get internet access. Usually different variations of restarting the modem/router can get some kind of connection, but I can't get one this morning.

viragomann

@mercurynormanbates
@KOM was asking for the bridge, you've added. So please respond to get a step further.

If you bridge the LAN to something else your computer my get an IP from another DHCP which is outside of pfSense LAN network.

So what do you bridge here and why?

KOM

@mercurynormanbates You didn't answer any of my questions. It's hard to debug without information. Define 'can't get access'... do you mean you can't ping 8.8.8.8, for example? Can you resolve anything? Does your WAN get an IP address from your provider?

mercurynormanbates

@kom I apologize. Regarding the bridge, I was using another privay-oriented guide that instructed to create a bridge. These are the instructions:

"If you purchased a 4-port or 6-port option, you can activate these ports at this time by
configuring the following changes. If you purchased the 2-port FW2B, skip this page.
• Navigate to "Interfaces" then "Assignments".
• Click the "Add" option next to each empty port, which will add one port at a time.
• Repeat until all ports have been added and "Add" is no longer available.
• Save your changes.
• Click through each new option (likely Optl, Opt2, etc.).
• Enable each port by checking the first box, and saving your changes each time.
• When finished with all of them, apply the changes in the upper right.
• Navigate to "Interfaces", "Assignments", then select "Bridges" in the upper menu.
• Click "Add" to create a new bridge.
• Select the LAN option as well as each port that was added with ctrl-click or cmd-click.
• Provide a description as "bridge" and click "Save".
• Navigate to "Firewall" then "Rules".
• Click each port and click the "Add" button (up arrow) for each.
• Change the "Protocol" to "Any".
• Click "Save" after each port is modified.
• Apply changes in upper-right after all ports have been added.
• Navigate to "Interfaces" then "Assignments".
• Click "Add" next to "BRJDGEO" and click "Save".
• Click on the bridge, which may be labeled as "Opt(#)".
• Enable the .interface and change the description to "bridge".
• Click "Save" and then "Apply Changes".
• Navigate to "Firewall" then "Rules".
• Click on "Bridge" then click the "Add" button (up arrow).
• Change the "Protocol" to "Any" and click "Save".
• Apply changes in upper-right."

This is why I created the bridge.

In terms of WAN, my WAN has an address from my ISP. In PfSense, the WAN interface settings are set to default. I first noticed that there was an issue when the automatic outbound NAT rules would not generate any automatic rules, then I saw this thread: https://forum.netgate.com/topic/167347/nothing-under-automatic-rules-for-outbound-nat so I thought the issue might be related to my WAN not having a gateway address in Pfsense, causing the rules to not generate. I don't know whether the automatic rules problem is somehow related to my internet/webgui problem.

As for "get access," I mean that I cannot get the webgui to load under any circumstances if the internet is also active at the same time. As in, if the router is getting internet which leads to my computer connected via the LAN port getting internet, then I cannot load the webgui at all.

It also meant that during previous attempts to get the ProtonVPN going (before I factory reset several times), it was not connecting to the VPN server at all.

This all makes me think that there is some kind of issue with the internet being connected to the router cutting of access to the webgui and vice versa. The two things (internet and webgui) cannot be active at the same time, and I just can't figure out why that is.

I would be happy to do any additional tests or provide more information.

mercurynormanbates

@kom
If I have webgui up successfully and the modem is connected to the router, then I am unable to ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 192.168.1.205: Destination host unreachable.
Reply from 192.168.1.205: Destination host unreachable.
Reply from 192.168.1.205: Destination host unreachable.
Reply from 192.168.1.205: Destination host unreachable.

KOM

@mercurynormanbates So LAN is 192.168.1.0/24, correct? What network is your WAN on? I'm wondering if your modem is not set to bridge mode and is giving your WAN a NATed address in the same subnet as your LAN.

Can you ping 8.8.8.8 if you do it via pfSense Diagnostics - Ping and pick WAN for source address?

stephenw10

@mercurynormanbates said in Can't Access Webgui while hooked up to internet:

Turn off VPN
Can now access the webgui but now I lose internet

That seems like a clue. You are disabling a local VPN client on the LAN side host?

What is 192.168.1.205? If that the local host IP then it has no default route after disabling the VPN client.

Steve

KOM

I'm not exactly clear if he redid the VPN config after resetting everything or not. I'm probably misunderstanding but I thought he was having basic connectivity issues aside from the VPN.

mercurynormanbates

@kom

I loaded the pfsense webgui with my computer connected via LAN. Once in, I connected the modem to the WAN port.

When I did the ping from diagnostics with WAN as the source, I get:

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

KOM

@mercurynormanbates Do you have any VPN config stuff still loaded? Did you change any rules or outbound NAT settings? If you look at Status - Interfaces, does your WAN have an address, and if it does is it in the same subnet as your LAN? Do you see a default gateway under System - Routing - Gateways?

mercurynormanbates

@kom I did not reconfigure the VPN on the pfsense after resetting. I did have a VPN running on my computer, but it was disconnected (then I uninstalled it to be safe).

KOM

@mercurynormanbates OK, and the answers to my other questions would be....

mercurynormanbates

@kom Sorry, I saw the other comment about the VPN before I saw your latest one.

It does not list an address for WAN. It's "down"

WAN Interface (wan, igb0)
Status
no carrier
DHCP
down
MAC Address
MTU
1500
Media
autoselect
In/out packets
0/2 (0 B/112 B)
In/out packets (pass)
0/2 (0 B/112 B)
In/out packets (block)
0/0 (0 B/0 B)
In/out errors
0/0
Collisions
0

Gateway set to “automatic”
For Default gateway IPv4, there is no other option besides "automatic"
For IPv6, it has WAN_DHCP6 as an option in the dropdown

KOM

@mercurynormanbates Well, you will have to resolve that to get anywhere further. Try unplugging your cable modem, wait 10 seconds and then boot it back up with pfSense still running. Check again to see if it got an address. Is there anything funny about your ISP for example are they delivering Internet to you on a VLAN? You can also try doing a packet capture on WAN to see if it's getting any reply traffic from your DHCP requests.