Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trouble accessing pfSense Web GUI through IPsec tunnel

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zied.elouaer
      last edited by

      Hi guys,

      I am connecting two remote sites with pfSense firewalls through an IPsec tunnel. All communication between the two sites works fine. Except one problem: I can't access one of the firewall #1 GUI from the site #2 (firewall #2 is accessible from site #1). Note that I can ping the firewall and access it via SSH, only the web GUI doesn't work. The URL's form is https://x.x.x.x:7799. Of course this web interface is accessible from the local network.

      Does anyone have a clue on that? Thanks

      1 Reply Last reply Reply Quote 0
      • Z
        zied.elouaer
        last edited by

        Note also that I checked the firewall logs and there's no blocked traffic related to this issue. Any thoughts?

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          @zied.elouaer:

          only the web GUI doesn't work.

          What does the browser report when you attempt access?

          1 Reply Last reply Reply Quote 0
          • Z
            zied.elouaer
            last edited by

            It remains loading infinitely ???

            1 Reply Last reply Reply Quote 0
            • W
              wallabybob
              last edited by

              @zied.elouaer:

              only the web GUI doesn't work. The URL's form is https://x.x.x.x:7799.

              The remote web server is listening on port 7799? Or you have an appropriate port forward setup so port 7799 gets mapped to the appropriate web server port? I realise you wrote
              @zied.elouaer:

              Of course this web interface is accessible from the local network.

              but on what port?

              When things like this don't work I find it helpful to work from the basics up using packet capture:
              1. When the browser access is attempted does the access attempt have the correct does the connect packet have the correct destination IP address, destination TCP port,and source IP address? (for example, a browser "feature" might force https to port 443).
              2. Does the connect attempt arrive at the destination system with correct destination IP address, destination TCP port,and source IP address?
              3. Do firewall rules allow the access? ("block" firewall rules might not have logging enabled)
              4. Is the target web server listening on the appropriate port?
              etc.

              1 Reply Last reply Reply Quote 0
              • Z
                zied.elouaer
                last edited by

                First, the server is listening on port 7799 and when I access it from the local network I do it on port 7799.

                for your questions 3 and 4 the answer is yes (and the firewall does have logging enabled for block rules)

                For your 1st and 2nd questions, I did not try that yet, can you tell me how to do it on pfSense?

                Thanks again.

                1 Reply Last reply Reply Quote 0
                • W
                  wallabybob
                  last edited by

                  I have never done packet capture on a tunnel interface. I presume it will show data before tunnel encapsulation.

                  FreeBSD utility tcpdump can be used in a pfSense shell session. You can read the man page at http://www.freebsd.org/cgi/man.cgi?query=tcpdump&apropos=0&sektion=0&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html

                  Packet capture can also be done through the pfSense web GUI Diagnostics -> Packet Capture

                  Both methods allow the use of filters to select traffic to report.

                  1 Reply Last reply Reply Quote 0
                  • Z
                    zied.elouaer
                    last edited by

                    I did check the tcpdump output on both firewalls. The packets are transmitted with the right source/destination addresses and ports and also arrive correctly to the other side. Packets are seen in both direction (i.e. from and to both firerwalls).

                    That's really confusing, I don't see why it's not working. ???

                    1 Reply Last reply Reply Quote 0
                    • Z
                      zied.elouaer
                      last edited by

                      ps: I also tried accessing from different browsers and different computers with Linux and Windows, and the result is always the same.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.