PfSense in vmWare Cannot Access Web Control
dscherer last edited by
I'm running VMWare ESXi Free on a rented box.
I have 2 physical NICs, 1 connected to the Internet, one connected to the Private Network in our DC.
Each NIC is connected to a vSwitch and each vSwitch has a Management network and VM network (LAN/WAN).
Here is the diagram: https://www.dropbox.com/s/9ceg5k4jjczkvlt/vmWare Networking Config.png
I setup the pfSense VM using the guide for vmWare in the docs. https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5
During the pfSense Setup I set my WAN interface to one of my free Public IPs and did the same with a Private IP for the LAN interface. The upstream Gateway address is provided by the DC and was typed verbatim.
The DC opened up an SSL VPN for me to connect to the private network. Once connected to the VPN, I can access the ESXi host using its Private IP (10.34.251.163), but I always get "Connection Reset" when trying to connect to the pfSense VM via its Private IP (10.34.251.164). When I connect to the VPN I'm shown as connecting to 10.2.1.21 and I'm trying to access 10.34.251.164 (/27), could this be part of the problem?
pfSense cannot PING out to Google as well currently, however pinging Google's IP works just fine. I can ping the ESXi Host and I can Ping pfSense from inside pfSense as well.
Looking in pfTop while trying to access the Web Panel over private IP, I can see the incoming TCP connection, but as I said the Browser tries to connect for a little while then says connection reset.
At this point I have no idea what to do next and any help is appreciated.
I saw this: Virtual pfSense Appliance on VMWare Host and made the changes suggested by the answer (setting promiscuous mode to allow) and I can see the incoming traffic from my VPN IP to the pfSense private IP. But I cannot access the Web GUI still. (my pfTop: https://www.dropbox.com/s/fzow6i02ijim748/pfTop.png)
Jonb last edited by
If you are coming in on a different IP via the SSL VPN the pfsense will need to know how's to route this. By the sounds of it you will only have the default Gateway on the WAN interface, as such the traffics destined for you will go via the WAN.
To solve this you would be better off VPN straight to the Pfsense box or you will need to put static routes in.