Can't Access pfSense Management GUI from IPsec Host



  • I'm trying to allow access to the pfSense Management GUI from a host connected to the pfSense via an IPsec VPN, but it doesn't work.

    I have no problem accessing HTTP resources on an IPsec host from the LAN (i.e. the other way around). I can also access RDP from the LAN after tweaking the MSS clamping.

    I've created a firewall rule on the IPsec interface, that allows TCP port 80 with the destination set to the IP address of the pfSense on the LAN side, switched on logging and I can see the correct state being created for my HTTP connection.

    I used tcpdump on the pfsense to capture the TCP stream, and I found that the TCP handshake is successful, but as soon as data begins to be transferred it doesn't get an acknowledgement and start to get TCP retransmissions. See wireshark screenshot below (pfSense is 192.168.1.1)…

    Why do the data packets not get acknowledged when the handshake was successful? How can I fix this?