• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Accessing Web Gui over IPSEC

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 3 Posters 1.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    Gob
    last edited by Aug 29, 2012, 4:17 PM

    Hi

    I've done this hundreds of times in the past without thinking about it but now my brain hurts.

    I have just set up a couple of pfSense 2.0.1 boxes (on DELL R210 servers) for a customer.
    We have an IPSEC tunnel between each of them and to us. The tunnels work fine and full communication between sites works OK. However, when I log into the pfSense WebGui on a remote site over the IPSEC tunnel, I get the logon page but after entering the username and password it reports 'Username or Password incorrect'.

    I've checked the usual CAPs lock etc.
    Tried different browsers and different computers.
    Firewall rule is in place on the remote pfSense allowing traffic over IPSEC

    Logging on to the same WebGui from a machine on the local LAN works perfectly.
    These are clean installs with a basic configuration. There are no NAT or firewall rules added other than default LAN/WAN rules.

    The only thing I can think of that might be different to the other hundreds of installs we have done is that this is the amd64 version of pfSense rather than the i386 version.

    Any suggestions on a fix?

    thanks
    Gordon

    If I fix one more thing than I break in a day, it's a good day!

    1 Reply Last reply Reply Quote 0
    • L
      Lee Sharp
      last edited by Aug 30, 2012, 1:55 AM

      Uncheck blocking private IPs and see if it gets better.

      1 Reply Last reply Reply Quote 0
      • G
        Gob
        last edited by Aug 30, 2012, 9:20 AM

        I've tried that but I'm afraid it still doesn't work.

        If I fix one more thing than I break in a day, it's a good day!

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Aug 30, 2012, 1:02 PM

          Are you sure you're hitting the firewall you think you're hitting?

          If you couldn't reach the GUI at all I might suspect that an IPsec issue might be at play, but if you hit the GUI and get a denied login, that makes me think you're actually getting directed to one of the other firewalls somehow. Have you tried logging into that firewall with the credentials for one of the others?

          Also if it's pfSense all around, you may find that OpenVPN is more stable/easy to work with in the long run, but that wouldn't be related to this issue.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • G
            Gob
            last edited by Aug 30, 2012, 1:46 PM

            OK, I'm Dumb!
            The remote site's lan subnet is 192.168.1.0/24 and I could access all devices on that network. Remote PF sense LAN is 192.168.1.1

            Months ago, on my local pfSense I set up a test network for the client with the same subnet and assigned 192.168.1.1 to a spare nic on my pf sense. I then promptly forgot I had done that!
            So I was actually trying to log into my own firewall.

            Interesting though that 192.168.1.1 was hitting my firewall but all other requests to 192.168.1.0/24 go over the ipsec tunnel to the remote site, even though the subnet is configured on the local firewall.

            Sorry for wasting your time guys.

            If I fix one more thing than I break in a day, it's a good day!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received