Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One interface

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfDriver
      last edited by

      Hello, I'm a new user.
      I'd like to use pfSense as an OpenVPN Server only to easily manage OpenVPN users.
      I don't know why I have to configure WAN interface, while pfSense server in my case is a virtual machine on ESXi host not directly connected to the public network. I have already Cisco router which should route VPN traffic via pfSense to my local network.
      The only one configuration works for me:
      WAN (wan) -> (em0 - dhcp)
      LAN (lan) -> (em1 - static)

      These don't:
      WAN (wan) -> (em0 - static)
      LAN (lan) -> (em1 - static)

      So if I disable em0 or set IPv4 Configuration Type to None I couldn't ping any of these addresses.
      Both IP addresses are on the same NIC under ESXi (WAN is not a WAN in my case).
      Please help. I'd like to have only one interface with static IP.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        The first interface that is configured is assigned as WAN so if you have only one it will always be WAN. With only one interface though that label is not always appropriate though it will be used as the upstream interface with a gateway etc.
        If you are running pfSense as a single purpose appliance for VPN or DNS or DHCP etc then you can configure only one interface. You should be aware that in 'appliance mode' the webgui is available on 'WAN' by default.

        Steve

        1 Reply Last reply Reply Quote 0
        • P
          pfDriver
          last edited by

          Thank you Steve. The problem is that if I have only one interface configured, I couldn't open web gui on that address, even if I disable firewall from the shell. It is not pingable until I configure the second interface and when the WAN address is obtained from the DHCP server. What might be the reason of this behavior?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Hmm, odd. I've never had a problem using a single interface.
            What version are you running? Which install type?
            Is the single interface using dhcp when you can't reach it?

            Steve

            1 Reply Last reply Reply Quote 0
            • P
              pfDriver
              last edited by

              Ok, I reset everything to factory defaults and configure one interface to the static IP address.
              Still I couldn't ping this address however in Filter Logs there was a message that these packets are blocked.
              So in shell I had to disable firewall using command 'pfctl -d'.
              Now I can access web gui from the same subnet where the pfSense is.
              The questions are:

              • how can I enable firewall that I can access web gui panel and ping the fSense IP?
              • what is the best way to add another subnet to access pfSense server
                  route add -net 192.168.2.0/24 em0
                  or maybe
                  System > Routing -> Routes ?
              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Just add a firewall rule to the single interface (presumably still WAN) that allows that traffic. Usually if you've only configured one interface such a rule will already be there.
                You would only add a route like that to allow the pfSense box to access another subnet via some other internal router. Not to allow access to it. This routing would usually be taken care of by your existing router.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.