webGUI not accessible from VLAN but ...
-
... but if I connect a second PC to LAN interface then I get access from VLAN to the webGUI. How is that possible? I followed nguvu.org guides and interfaces are
em0 - WAN
em1 - LAN
em2 - VLANVPN is somehow not protecting LAN interface for some reason so I can't keep a PC there just for the fun of it.
-
not enough information. post screenshots of everything you think you did
-
@heper yeah lots of info missing here, but if I gaze into my crystal ball and had to guess why vlan not able to access the gui, is he is policy routing on that interface out a vpn? and has no rule above it to allow access to the gui?
Why his lan is not using the vpn, is his default lan rule is above where his policy route out the vpn is?
This is just a guess from my crystal ball - which isn't very accurate ;)
-
If you are trying to reach the GUI using its LAN IP address and the LAN interface is unplugged/down, that is expected. When an interface is down it can't use the address on that interface.
If you access the GUI using the IP address of the firewall in the em2 interface from a client connected to the em2 interface, that would work.
If you don't want the clients on "VLAN" to reach the GUI, then your rules are not right in some way. For example you shouldn't just block access to "VLAN Address" but use "This firewall (self)" as the target.
-
@jimp Okay that was new to me - if LAN port em1 has no PC connected then pfSense IP isn't supposed to answer through GUI. So I have to keep a PC connected and powered on in em1 to be able to reach it from VLAN.
Client connected to em2 cannot access to GUI if em1 doesn't have an active connection. I would prefer that then it is easier to connect to GUI instead of start moving stuff to get access to network cables to physically move it to em1.
The reason I'm not using em1 all the time it isn't protected by VPN installed to pfSense. I have 1 main PC for "everything" that was earlier on em1 but now is connected to em2 - apparently something went wrong when I tried to replace AirVPN with ProtonVPN.
-
@johnpoz Policy route - is that firewall rules or something else?
-
@petri said in webGUI not accessible from VLAN but ...:
Client connected to em2 cannot access to GUI if em1 doesn't have an active connection.
wot ? you can connect to the gui just fine if you use the ip attached to the em2 interface (if fw rules allow this)
-
@petri said in webGUI not accessible from VLAN but ...:
Okay that was new to me
There seems to be a lot that you don't know. You can reach the firewall on every Interface. If em1 is down you can still connect to it on every other interface as long as rules allow it.
-
@petri said in webGUI not accessible from VLAN but ...:
Client connected to em2 cannot access to GUI if em1 doesn't have an active connection
Normally you would have interfaces connected to a switch, and not some single device.. But if an interface is not up then no you wouldn't be able to connect to its up, because the interface is not up..
https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#policy-routing-configuration
Why would you not just fix whatever it is your wanting to happen on lan interface not doing what you want for your vpn??
