Webconfigurator doesn't load over OpenVPN
-
Hi all,
I have 2 sites running Pfsense 2.0.3 which I connect to using OpenVPN.
The thing is, webconfigurator will not load through the VPN tunnel. The problem seems to occur specifically on port 443.
Using SSH I can connect fine and I can also load the webconfigurator from within the LAN.
An OpenVPN firewall rule exists to allow all traffic.Any ideas?
-
What port is openvpn running on and what port is the web gui for pfsense running on?
-
OpenVPN: 1194
Webconfigurator: 443 -
That is really odd. So, if you move the web gui to a port like 7433 and access it through openvpn with:
https://myserverip:7443
Does it work?
-
Tried to configure port 7443 for access, same result…
-
Did you allow openvpn to access the LAN IP in your firewall rules?
When you try to access the web gui, are you using the IP address or a DNS name?
-
Of course the IP is allowed through the firewall, I can even SSH to it.
I'm using the IP to access the web gui an not the dns name. -
You misunderstand. SSH will of course work. Openvpn, unlike ssh, does require an "allow all" rule to be added to the firewall rules under the openvpn tab for you to access pretty much anything, including the web gui.
I'd check to make sure you have an "allow" rule on the openvpn tab in the firewall.
It should be alot like the default allow rule that appears under the LAN tab when you first set up pfsense.Also, what is you openvpn client? Where did you get that?
And what is your OS? -
Attached is a screenshot of my OPenVPN Firewall Rule.
I'm using the OpenVPN GUI client that is packaged with the site configuration through the Client Export Wizard Package.
I'm running Windows 8 64bit.
-
In that case, you will probably need to post your openvpn configuration. Problem might be there.
-
OpenVPN configuration attached.
BTW: I can telnet to port 443 & 80. The problem is just in browsers.
I get the initial page to accept the certificate, but then everything just hangs.
I've been able to replicate the issue on other computers as well.
-
Some of this won't make a difference, but won't hurt and might help.
This has nothing to do with it, but generally UDP is better than TCP for openvpn.
Try "Force all traffic generated through the tunnel"
compress tunnel packets
Set TOS IP header value of tunnel packets to match the encapsulated packets
Provide a default domain name to clients. Call it something like openvpndom1
Provide NTP Server list to clients - You can get some IPs for them on the web from NTP.ORG
I assume the interface pfsense GUI falls within 10.100.0.0/16?Now - I see you have "WAN1" listed as interface. This means you have multiple WANS?
If so, you might need manual outbound NAT and set outbound routing by interface.If you have packets coming in on 1 interface and trying to leave on another, that would break things.
(I'm actually a little in the dark on that because it seems hit and miss. There is one pfsense running that I admin from time to time with 5 IPs, 5 WANs and no manual outbound NAT and it works just fine with openvpn. Maybe because it only has 1 gateway?)