RDP to host server running PFsense on vmware causes a problem

  • Hi everyone, i dont know if im posting in the right section but i guess it has something to do with routing, so here it goes…

    Im running pfsense on a vmware running on my windows machine, everythng works fine with my captive portal, the problem is, when i RDP to my windows machine from a client pc connected over wifi which is given an ip address by the pfsense, the pfsense goes weird.

    my RDP connects but then freezes and then, when i check the client's network status it says unidentified. when i try to connect from other devices, pfsense will no longer give them an ip address (as if dhcp is disabled). i had to troubleshoot it almost half a day before i realized what was causing it.

    BTW, my windows machine has an ip add, my pfsense hands out ip addresses, and i connect to my windows RDP thru altho my pc's ip is not within that range (since pfsense gives it an ip e.g

    Again, it connects, then RDP freezes just before the entire windows session loads, then pfsense will no longer handout ip's untl i reboot it. weird huh...

    any thoughts? this might be a bug...

  • LAYER 8 Global Moderator

    So pfsense is routing traffic between these networks 192.168.2 and 192.168.10?  Are they same network your using /16 mask?

  • Basically. 192.168.2.is.my.host's.IP, and is natted by vmware as wan interface for my pfsense. Pfsense LAN is the 192.168.10.segment

  • LAYER 8 Global Moderator

    "192.168.2.is.my.host's.IP"  You mean that is pfsense WAN IP?  You would have a different IP in that same network for your vmkern..

    Please draw your network..  My pfsense is on esxi, I have multiple wired and wireless segments and don't have any issues what so ever rdp between segments..

  • Basically. 192.168.2.is.my.host's.IP, and is natted by vmware as wan interface for my pfsense. YES that is my pfsense wan ip…

    windows machine--->                          pfsense                                    ----------->client pc with ip by pfsense                  wan is, lan is

  • 2 devices can not have the same ip, not even in the VM world.

  • LAYER 8 Global Moderator

    yeah how is that suppose to work??  windows machine and pfsense ????

  • im sorry… what i mean is, my host ip is and is assigned by my dhcp server (router connected to my modem), then it is NATted to my vm pfsense with wan ip and a lan ip of

    im really sorry i wasnt thinking straight last time. here it is again

    isp/ router--------Host pc--------->(vm) pfsense------------------>client pc

    what i did was, using the client pc, i RDP into my host pc (

  • LAYER 8 Global Moderator

    So that VM is running on pfsense player?  So your client machine and and host pc are on the same dumb switch and pfsense lan interface is also on the same dumb switch so you hvae a loop?

    "then it is NATted to my vm pfsense with wan ip"
    What is natted?  Sure looks like would be on the same NETWORK..

    Please draw your physical connections..

    Yes client machine running through pfsense out of the box would be nattted to that wan IP of pfsense.

  • i thot people would understand me right away so i'll try to draw it as good as i can…

    __________          __________                l  dumb        l
    l                  l          l  wireless    l-------------l  switch      l>>>>>>>> to other pc's
    lISP modem l------- l                  l                l__________l
    l_________l          l  router      l                  _______________
                                  l_________-l--------        l host pc                l 
                            Lan:        l____l lan:  l
                                                                        l                            l
                                                                        l pfsense on        l            _________
                                                                        l  VMWARE          l            l bridged    l        WIFI
                                                                        lnat:  l----------l  router    l>>>>>>>>>>client pc with ip:
                                                                        llan: l            l_________l

    So i have internet on the client pc, after i log in to the captive portal. what i wanted to do was to allow that client windows pc constant access without having to go thru the portal so i tried to RDP to the Host pc, expecting that once i get in, ill just open the broser and access my pfsense t allow the client's mac .

  • LAYER 8 Global Moderator

    So your host pc does not have any bindings to that 2nd nic you have connected to your bridged router.. Your sure its bridged, so your just using a wifi router as AP?  You have it connected to your host pc 2nd nic with one of its lan ports and have its dhcp turned off.

    Or does your 2nd nic have an IP in the 192.168.10 network as well?  How exactly do you have that bridged router connected to your host pc?

    So what are the connections in vmware player to those nics in your host pc, are they bridged or natted?  Normally vmware player tries to use natted connections where it creates its own networks.

    If you don't want your wifi clients using the captive portal, then turn it off. Or setup you client pc with mac passthru on the captive portal, etc.

  • @johnpoz

    dude i don't mean to offend or what. but i dont know if you are actually reading my post or my english is that bad.  ???

    anyway my host has an ip of, pfsense is natted thru vmware, so it has a wan ip of,i configured its lan ip to, my bridged router of course has its DCHP turned off. pfsense hands out the right ip's, i can actually log in to its captive portal and browse the internet. the problem is when i RDP to my host. using the pc that is a client of pfsense so it has an ip of

  • LAYER 8 Global Moderator

    "anyway my host has an ip of, pfsense is natted thru vmware, so it has a wan ip of"

    How do you expect that to work exactly if there is a NAT??  You can not put same network on both sides of a NAT

    What version of player/workstation are you running.. I don't believe current versions of player allow you to edit the vmnets - but you can still pick between nat and bridged.  See attached image

    So here is the thing if you want pfsense wan to be same network as your normal network then the nic in vmware player/workstation needs to be bridged to your interface on you host machine that is connected to this network.

    Now how exactly is this 192.168.10 network attached to your host machine???  This is another virtual nic in your pfsense VM.. What are the settings on that nic.. What physical nic is it attached too, or is it also Natted?

    How you would normally set this up is your host would have 2 physical nics..  Your pfsense vm wan nic would be bridged to the physical nic that is connected to a network that has internet access.  Now your host machine can either have binding to this nic and IP on this interface.

    Or it can have its binding and connection to the hosts 2nd nic and also bridged to the physical network.. This puts the HOST behind pfsense for internet access on pfsense LAN.  But if your going to have the host in front of pfsense on its WAN network then there should be NO binding on the 2nd host nic for anything other than the vmware bridging protocol – see 2nd image

    If you host has connections in both of your networks both 192.168.2 and 192.168.10 and your trying to connect to its address from a box on connected to its 192.168.10 network.. Your going to have issues.. So it answers you back from its other interface and you have what amounts to a asymmetrical routing issue

    Please post up your vmware settings for your pfsense VM like my first pic.  Exactly what vmware product are you using player/workstation 10,11,12 ?? And please validate what physical nics your stuff is connected to on your HOST PC..  And an ipconfig /all from your host pc wouldn't hurt either.

Log in to reply