Web interface not working on vsphere appliance.
-
I have setup pfsense 1.2.3 a dozen times without issue, including on vmware workstation, but I just cant get it to work in vmware vsphere.
In vsphere, I have a single vswitch connected via a single nic to the lan. The lan has a range of 11.9.32.0/24
I have about 5 VMs on this switch, with ips like 11.9.32.17 etc, and they all work great. I can see their web interfaces, and can ssh into them no problem.
So I installed pfsense 1.2.3 web appliance, only to find that you cant access the web interface through the WAN port, only the LAN initially. As I only have one network, plumbed the LAN port into the top level vswitch, and gave it an ip of 11.9.32.19. The WAN port I connected to a switch which has no physical adapter for now.
However, I cant see the web interface on http://11.9.32.19. I have tried the following:
- treble check the wan and lan interfaces are correctly assigned in pfsense
- treble checked the vswitch is correctly plumbed to the right nic ports.
- tried swaping the assigned ports in pfsense.
- tried swaping the assigned switchports in vsphere.
- rebooted the vm lots of times.
- tried "11) Restart webconfigurator"
- enabled sshd, but cant ssh to it either.
So im 100% sure ive got it wired up correctly, but I cant see the web interface from a machine which can happly route to that network (and can ssh and brows to the other VMS on that same vswitch).
Anyone got any ideas?
-
Ok, after much gnashing of teeth I solved it, but am still not sure why.
I am coming into the box via a VPN. I can route to all the necessary IPs, and can access other boxes on the same lan. But I could not access pfsense. However, if I ssh tunnel through a physical server on the same lan, I am able to "see" the web configuration gui. What a pain.
-
Do you have a firewall rule on the VPN interface allowing access to the GUI?
-
It's because the default rule on the pfSense LAN interface that allows access to the web GUI only allows access from the LAN subnet.
If you are coming from a remote subnet routed via a VPN that will be blocked.
You need to add a rule on LAN to allow access from your remote subnet.
You should be able to so your routed access attempts being blocked in the firewall logs.Steve