Web interface not working on vsphere appliance.



  • I have setup pfsense 1.2.3 a dozen times without issue, including on vmware workstation, but I just cant get it to work in vmware vsphere.

    In vsphere, I have a single vswitch connected via a single nic to the lan.  The lan has a range of 11.9.32.0/24

    I have about 5 VMs on this switch, with ips like 11.9.32.17 etc, and they all work great.  I can see their web interfaces, and can ssh into them no problem.

    So I installed pfsense 1.2.3 web appliance, only to find that you cant access the web interface through the WAN port, only the LAN initially.  As I only have one network, plumbed the LAN port into the top level vswitch, and gave it an ip of 11.9.32.19.  The WAN port I connected to a switch which has no physical adapter for now.

    However, I cant see the web interface on http://11.9.32.19.  I have tried the following:

    1. treble check the wan and lan interfaces are correctly assigned in pfsense
    2. treble checked the vswitch is correctly plumbed to the right nic ports.
    3. tried swaping the assigned ports in pfsense.
    4. tried swaping the assigned switchports in vsphere.
    5. rebooted the vm lots of times.
    6. tried "11) Restart webconfigurator"
    7. enabled sshd, but cant ssh to it either.

    So im 100% sure ive got it wired up correctly, but I cant see the web interface from a machine which can happly route to that network (and can ssh and brows to the other VMS on that same vswitch).

    Anyone got any ideas?



  • Ok, after much gnashing of teeth I solved it, but am still not sure why.

    I am coming into the box via a VPN.  I can route to all the necessary IPs, and can access other boxes on the same lan.  But I could not access pfsense.  However, if I ssh tunnel through a physical server on the same lan, I am able to "see" the web configuration gui. What a pain.



  • Do you have a firewall rule on the VPN interface allowing access to the GUI?


  • Netgate Administrator

    It's because the default rule on the pfSense LAN interface that allows access to the web GUI only allows access from the LAN subnet.
    If you are coming from a remote subnet routed via a VPN that will be blocked.
    You need to add a rule on LAN to allow access from your remote subnet.
    You should be able to so your routed access attempts being blocked in the firewall logs.

    Steve


Log in to reply