• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Trouble accessing pfSense Web GUI through IPsec tunnel

Scheduled Pinned Locked Moved General pfSense Questions
9 Posts 2 Posters 3.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zied.elouaer
    last edited by Nov 20, 2012, 2:03 PM

    Hi guys,

    I am connecting two remote sites with pfSense firewalls through an IPsec tunnel. All communication between the two sites works fine. Except one problem: I can't access one of the firewall #1 GUI from the site #2 (firewall #2 is accessible from site #1). Note that I can ping the firewall and access it via SSH, only the web GUI doesn't work. The URL's form is https://x.x.x.x:7799. Of course this web interface is accessible from the local network.

    Does anyone have a clue on that? Thanks

    1 Reply Last reply Reply Quote 0
    • Z
      zied.elouaer
      last edited by Nov 20, 2012, 4:44 PM

      Note also that I checked the firewall logs and there's no blocked traffic related to this issue. Any thoughts?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by Nov 20, 2012, 8:21 PM Nov 20, 2012, 8:04 PM

        @zied.elouaer:

        only the web GUI doesn't work.

        What does the browser report when you attempt access?

        1 Reply Last reply Reply Quote 0
        • Z
          zied.elouaer
          last edited by Nov 20, 2012, 8:19 PM

          It remains loading infinitely ???

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by Nov 20, 2012, 8:52 PM

            @zied.elouaer:

            only the web GUI doesn't work. The URL's form is https://x.x.x.x:7799.

            The remote web server is listening on port 7799? Or you have an appropriate port forward setup so port 7799 gets mapped to the appropriate web server port? I realise you wrote
            @zied.elouaer:

            Of course this web interface is accessible from the local network.

            but on what port?

            When things like this don't work I find it helpful to work from the basics up using packet capture:
            1. When the browser access is attempted does the access attempt have the correct does the connect packet have the correct destination IP address, destination TCP port,and source IP address? (for example, a browser "feature" might force https to port 443).
            2. Does the connect attempt arrive at the destination system with correct destination IP address, destination TCP port,and source IP address?
            3. Do firewall rules allow the access? ("block" firewall rules might not have logging enabled)
            4. Is the target web server listening on the appropriate port?
            etc.

            1 Reply Last reply Reply Quote 0
            • Z
              zied.elouaer
              last edited by Nov 20, 2012, 9:31 PM

              First, the server is listening on port 7799 and when I access it from the local network I do it on port 7799.

              for your questions 3 and 4 the answer is yes (and the firewall does have logging enabled for block rules)

              For your 1st and 2nd questions, I did not try that yet, can you tell me how to do it on pfSense?

              Thanks again.

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by Nov 20, 2012, 10:06 PM

                I have never done packet capture on a tunnel interface. I presume it will show data before tunnel encapsulation.

                FreeBSD utility tcpdump can be used in a pfSense shell session. You can read the man page at http://www.freebsd.org/cgi/man.cgi?query=tcpdump&apropos=0&sektion=0&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html

                Packet capture can also be done through the pfSense web GUI Diagnostics -> Packet Capture

                Both methods allow the use of filters to select traffic to report.

                1 Reply Last reply Reply Quote 0
                • Z
                  zied.elouaer
                  last edited by Nov 21, 2012, 9:53 AM

                  I did check the tcpdump output on both firewalls. The packets are transmitted with the right source/destination addresses and ports and also arrive correctly to the other side. Packets are seen in both direction (i.e. from and to both firerwalls).

                  That's really confusing, I don't see why it's not working. ???

                  1 Reply Last reply Reply Quote 0
                  • Z
                    zied.elouaer
                    last edited by Nov 21, 2012, 10:10 AM

                    ps: I also tried accessing from different browsers and different computers with Linux and Windows, and the result is always the same.

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received