Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot connect with RDP via openVPN

    Scheduled Pinned Locked Moved
    OpenVPN
    8
    64
    9.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IrixOS @Patch
      last edited by

      @Patch said in Cannot connect with RDP via openVPN:

      to set the WAN physical port to temporary pfsense GUI access

      'to set the WAN physical port to temporary pfsense GUI access'

      How do you set that? In Firewall rules?

      P 1 Reply Last reply Reply Quote 0
      • P
        Patch @IrixOS
        last edited by

        @IrixOS yes
        There is a default anti lockout rule created for the first LAN. To access the pfsense gui from any other interface you need to add the firearm rule to allow it

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @Patch
          last edited by johnpoz

          @Patch said in Cannot connect with RDP via openVPN:

          To access the pfsense gui from any other interface you need to add the firearm rule to allow it

          Lets clarify that a bit, if your rules on your other interface blocked access to the firewall specifically then yeah you would need to add an allow rule.. But if you just put say a any any rule on it, you would be able to access the gui.

          Now the wan is a bit different.. Out of the box there are no rules, and most users unless they wanted to do some sort of port forward would never even need any rules on wan. It also defaults to blocking rfc1918 source, and bogon as a source.. If your going to use your wan to admin it, from rfc1918 you would need to disable that rfc1918 rule, and create an allow rule.

          The only time "wan" defaults to allowing access is when pfsense is first setup and there is only the WAN interface setup.. If you then later setup lan then that allow rule is removed..

          On a bit of side note - users wanting to block access to the web gui should prob use the "this firewall" alias because if they allow any any for internet, they prob forget about the pfsense public IP that would be allowed by a any any rule on some opt interface.. So blocking the pfsense gui ports using the "this firewall" alias makes sure clients can not get to any IP of pfsense, even though other rules below it might allow that, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

          I 1 Reply Last reply Reply Quote 0
          • I
            IrixOS @johnpoz
            last edited by IrixOS

            @johnpoz

            Johnpoz, Hey JohnPoz, I think you're the only one who can help me.
            I have done a refit of my network with Catalyst 3750 and 4948-10GE.
            I have a serious DNS problem.
            I have a few switches/routers that run OSPF, 1 router is connected via a /30 subnet (lag of four ports) to the firewall.
            All clients behind the ospf routers can reach the pfsense GUI webpage, but they cannot access the internet. Windows 10 diag indicates the DNS server is unavailable. Windows DNS server is configured with the IP address (LAN interface) of the firewall.
            A null route is configured on the ASBR (0.0.0.0 0.0.0.0 next hop IP) and has been propagated to all ospf switches/routers. In pfsense there is a static route (the lagg link) back to the internal ospf network. So I know that routing works from the client to the edge firewall and vice versa.
            I have configured a rule that allows the internal network (summary route) to the firewall and for outbound NAT, allows the internal network (summary route) to everything (*).

            Normally every client should be on the internet, but that doesn't happen, Windows 10 complains about DNS unavailable, I don't understand what is wrong.
            In pfsense I did a few tests with nslookup in diagnostics for msn.be for example and the output is positive. I do not immediately see an error in the output. Can I assume that DNS resolution works on the firewall?

            One way to test is to connect a PC in a /30 directly to the LAN port, but the /30 LAN port has a port channel, and I tried one link instead but that didn't work, couldn't connect to the firewall, probably because of the static route which expects another network device, I dont' know.

            Do you perhaps have some advice?Example.jpg

            1 Reply Last reply Reply Quote 0
            • First post
              Last post