One interface



  • Hello, I'm a new user.
    I'd like to use pfSense as an OpenVPN Server only to easily manage OpenVPN users.
    I don't know why I have to configure WAN interface, while pfSense server in my case is a virtual machine on ESXi host not directly connected to the public network. I have already Cisco router which should route VPN traffic via pfSense to my local network.
    The only one configuration works for me:
    WAN (wan) -> (em0 - dhcp)
    LAN (lan) -> (em1 - static)

    These don't:
    WAN (wan) -> (em0 - static)
    LAN (lan) -> (em1 - static)

    So if I disable em0 or set IPv4 Configuration Type to None I couldn't ping any of these addresses.
    Both IP addresses are on the same NIC under ESXi (WAN is not a WAN in my case).
    Please help. I'd like to have only one interface with static IP.


  • Netgate Administrator

    The first interface that is configured is assigned as WAN so if you have only one it will always be WAN. With only one interface though that label is not always appropriate though it will be used as the upstream interface with a gateway etc.
    If you are running pfSense as a single purpose appliance for VPN or DNS or DHCP etc then you can configure only one interface. You should be aware that in 'appliance mode' the webgui is available on 'WAN' by default.

    Steve



  • Thank you Steve. The problem is that if I have only one interface configured, I couldn't open web gui on that address, even if I disable firewall from the shell. It is not pingable until I configure the second interface and when the WAN address is obtained from the DHCP server. What might be the reason of this behavior?


  • Netgate Administrator

    Hmm, odd. I've never had a problem using a single interface.
    What version are you running? Which install type?
    Is the single interface using dhcp when you can't reach it?

    Steve



  • Ok, I reset everything to factory defaults and configure one interface to the static IP address.
    Still I couldn't ping this address however in Filter Logs there was a message that these packets are blocked.
    So in shell I had to disable firewall using command 'pfctl -d'.
    Now I can access web gui from the same subnet where the pfSense is.
    The questions are:

    • how can I enable firewall that I can access web gui panel and ping the fSense IP?
    • what is the best way to add another subnet to access pfSense server
        route add -net 192.168.2.0/24 em0
        or maybe
        System > Routing -> Routes ?

  • Netgate Administrator

    Just add a firewall rule to the single interface (presumably still WAN) that allows that traffic. Usually if you've only configured one interface such a rule will already be there.
    You would only add a route like that to allow the pfSense box to access another subnet via some other internal router. Not to allow access to it. This routing would usually be taken care of by your existing router.

    Steve