Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Webconfigurator doesn't load over OpenVPN

    Scheduled Pinned Locked Moved webGUI
    12 Posts 2 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      idoabra
      last edited by

      Hi all,

      I have 2 sites running Pfsense 2.0.3 which I connect to using OpenVPN.
      The thing is, webconfigurator will not load through the VPN tunnel. The problem seems to occur specifically on port 443.
      Using SSH I can connect fine and I can also load the webconfigurator from within the LAN.
      An OpenVPN firewall rule exists to allow all traffic.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        What port is openvpn running on and what port is the web gui for pfsense running on?

        1 Reply Last reply Reply Quote 0
        • I
          idoabra
          last edited by

          OpenVPN: 1194
          Webconfigurator: 443

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            That is really odd.  So, if you move the web gui to a port like 7433  and access it through openvpn with:

            https://myserverip:7443

            Does it work?

            1 Reply Last reply Reply Quote 0
            • I
              idoabra
              last edited by

              Tried to configure port 7443 for access, same result…

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                Did you allow openvpn to access the LAN IP in your firewall rules?

                When you try to access the web gui, are you using the IP address or a DNS name?

                1 Reply Last reply Reply Quote 0
                • I
                  idoabra
                  last edited by

                  Of course the IP is allowed through the firewall, I can even SSH to it.
                  I'm using the IP to access the web gui an not the dns name.

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi
                    last edited by

                    You misunderstand.  SSH will of course work.  Openvpn, unlike ssh, does require an "allow all" rule to be added to the firewall rules under the openvpn tab for you to access pretty much anything, including the web gui.

                    I'd check to make sure you have an "allow" rule on the openvpn tab in the firewall.
                    It should be alot like the default allow rule that appears under the LAN tab when you first set up pfsense.

                    Also, what is you openvpn client?  Where did you get that?
                    And what is your OS?

                    1 Reply Last reply Reply Quote 0
                    • I
                      idoabra
                      last edited by

                      Attached is a screenshot of my OPenVPN Firewall Rule.

                      I'm using the OpenVPN GUI client that is packaged with the site configuration through the Client Export Wizard Package.

                      I'm running Windows 8 64bit.

                      screenshot.jpg
                      screenshot.jpg_thumb

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi
                        last edited by

                        In that case, you will probably need to post your openvpn configuration.  Problem might be there.

                        1 Reply Last reply Reply Quote 0
                        • I
                          idoabra
                          last edited by

                          OpenVPN configuration attached.

                          BTW: I can telnet to port 443 & 80. The problem is just in browsers.
                          I get the initial page to accept the certificate, but then everything just hangs.
                          I've been able to replicate the issue on other computers as well.

                          screenshot2.jpg
                          screenshot2.jpg_thumb

                          1 Reply Last reply Reply Quote 0
                          • K
                            kejianshi
                            last edited by

                            Some of this won't make a difference, but won't hurt and might help.

                            This has nothing to do with it, but generally UDP is better than TCP for openvpn.
                            Try "Force all traffic generated through the tunnel"
                            compress tunnel packets
                            Set TOS IP header value of tunnel packets to match the encapsulated packets
                            Provide a default domain name to clients.  Call it something like openvpndom1
                            Provide NTP Server list to clients - You can get some IPs for them on the web from NTP.ORG
                            I assume the interface pfsense GUI falls within 10.100.0.0/16?

                            Now - I see you have "WAN1" listed as interface.  This means you have multiple WANS?
                            If so, you might need manual outbound NAT and set outbound routing by interface.

                            If you have packets coming in on 1 interface and trying to leave on another, that would break things.
                            (I'm actually a little in the dark on that because it seems hit and miss.  There is one pfsense running that I admin from time to time with 5 IPs, 5 WANs and no manual outbound NAT and it works just fine with openvpn.  Maybe because it only has 1 gateway?)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.