Can't access pfSense over VPN



  • I have a site to site VPN setup with iroutes so both networks can communicate with each other.  I can ping the LAN address of the remote pfSense server but if I try to access it through the web I get nothing.  I can access the VPN address of it, but it complains about HTTP_REFERRER problems.  Seems I shouldn't have to use the VPN address anyway though.

    I don't see anything obvious being blocked in either firewall.  Any ideas what I can check?  Thanks for your help.



  • Have you activated the "Anti-Lockout Rule" to allow Access to the webconfigurator from anywhere to LAN address:

    ID 	Proto 	Source 	Port 	Destination 	Port 	Gateway 	Queue 	Schedule 	Description 	
      	* 	* 	* 	LAN Address 	1483 	* 	* 	  	Anti-Lockout Rule
    

    Otherwise you have to add a rule to allow this from your openVPN subnet.



  • Yes, it's enabled by default for me.

    
    ID	Proto 	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	
    	 *	        *	        *	LAN Address	80     *             *	 	Anti-Lockout Rule
    
    

    Thank you for the suggestion.



  • Seems I'm still having trouble with this.  I can route everything between my two networks just fine, but if I try to access the IP of the remote pfSense server, it just times out.  Connecting over the VPN address does seem to be working now though, but is there some sort of setting that would be blocking access to the LAN IP over VPN?

    Again, I see no indication of anything being blocked in the firewall and can ping both ways just fine.



  • @Andyrue:

    I can access the VPN address of it, but it complains about HTTP_REFERRER problems.  Seems I shouldn't have to use the VPN address anyway though.

    System: Advanced: Admin Access
    Disable HTTP_REFERER enforcement check

    .. would be a workaround for that specific issue.

    Have only had to use that when the LAN subnet was the same on both sides and had to NAT to access local resources.  You doing any NAT for the VPN networks?



  • Ok, this was a silly problem.  I have a multi-wan gateway and a firewall rule that directs anything that is destined for port 80 or 443 and is NOT destined to one of my local subnets to use the mult-wan gateway.  I had forgot to add the VPN remote network to my local subnet alias so it was going out the multi-wan gateway and getting lost.  All is working perfectly now.


Log in to reply