Moving from shared key to SSL/TLS - Can't access web interface anymore
-
Hello,
I'm migrating my OpenVPN P2P tunnel from shared key to SSL/TLS. The tunnel is working fine, but as soon as I switch from shared key to TLS/SSL, I lose access to the web interface which is access via LAN IP.
I'm a bit puzzled as I did not change anything else other than the one OpenVPN tunnel from shared key to TLS/SSL.
As soon as I switch back to shared key, I can access the web interface again.Any advice appreciated.
-
@Enso_ said in Moving from shared key to SSL/TLS - Can't access web interface anymore:
but as soon as I switch from shared key to TLS/SSL, I lose access to the web interface which is access via LAN IP
From where? From LAN, VPN,...?
How did you configure it?
-
From LAN. The pfsense web interface is only available from LAN.
The only change was to move from shared key to TLS/SSL Peer to Peer. Same tunnel, same remote network, same everything else.
Peer to Peer VPN works with the TLS/SSL, but like mentioned, I can't access the web interface as soon as I switch to TLS/SSL. As soon as I switch back to shared key, the web interface is available again. -
@Enso_
I cannot think of any reason for this, as long as the VPN is not in tap mode.Do you access the GUI by IP or by host name?
Can you ping the pfSense interface?
Can you access the internet? -
@Enso_ said in Moving from shared key to SSL/TLS - Can't access web interface anymore:
I can't access the web interface as soon as I switch to TLS/SSL.
As soon as you select "TLS/SSL" here ( ? ) :
The pfSense GUI becomes inaccessible ?
As soon as I switch back to shared key, the web interface is available again.
You can't switch back **.
You just said the GUI is inaccessible. You need a working GUI to change OpenVPN settings (back).As far as I know, the pfSense GUI is a PHP driven web server, and has 'nothing' to do with the OpenVPN process.
The OpenVPN server isn't using any 'GUI' ports like 'TCP 443', right ?
Are you connected to the GUI using the same OpenVPN server ? In that case, that's like sowing the branch of a tree you're sitting on ^^
Just to be sure : you are editing the pfSense OpenVPN server settings, right ?
** : well, you could if you are connected to the console (or SSH) and use option 15.