Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense and wireless router having problems with https

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jschimanski
      last edited by

      Greetings all,

      I have a pfsense 1.2.3 router setup to handle my 5 incoming connections (3 cable, 1 wireless, 1 DSL) in a load balancing failover routine. Connected to the system is a linksys wireless router to handle the wireless clients in my office and to go out of my links to the internet.

      The network is setup as a 10.1.1.x/24 layout with the wireless router given an ip of 10.1.1.9 plugged into the wired internet port of the router and the swtich with nvlan tagging turned on.

      We can get to the internet through the wireless ap as well as access any and all resources on the LAN through it. The router scheme is 10.1.2.x/24 with dhcp turned on for the wireless clients.

      The problem that we are experiencing is the fact that when we go to https sites and log in . The sites immediately dump from logged in to re-log in. Sites like Vonage and other secure sites are acting like the https isn't there and that the request to log ins aren't valid even though it takes them at first and then changing the page the website requires us to log in again. Under the pfsense rules 443 is enabled and allowed for the wireless ip of 10.1.1.9 and it is basically unfiltered by pfsense for access.

      any ideas what could be causing this ?

      I have tried it with every browesr (firefox, i.e., chrome) and 3 different wireless devices on the network and they are all creating the same problem.

      I am thinking that because we are in a round robin and failover routine that the ip address for each request is changing and its confusing the websites so they don't understand the sessions and since the ips are different that it is requiring a relog in each time because that IP is no longer associated to the session?

      Thanks
      John

      1 Reply Last reply Reply Quote 0
      • D
        DeCex
        last edited by

        +1

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Your last point was correct. Some sites enforce an IP:login relationship. If you load balance HTTPS, then those sites will fail if any part of the connection goes across the "wrong" wan.

          Use a failover group for HTTPS instead of load balancing, or perhaps try enabling sticky connections under System > Advanced on the Misc tab under Load Balancing.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.