Site2site all traffic is ok except for http/https
-
Hi teladero
Why not lowering the MSS ? what is your problem with the webgui ? Maybe the NAS Gui allow only acces from LAN
If you want access the NAS over internet behind a pfsense you have to add a Firewall: NAT: Port Forward for the
NasPlease be more clear with your request.
regard max
-
fantastic, i also solved this by enabling the MSS clamping :)
THX
-
Hi teladero
Why not lowering the MSS ? what is your problem with the webgui ? Maybe the NAS Gui allow only acces from LAN
If you want access the NAS over internet behind a pfsense you have to add a Firewall: NAT: Port Forward for the
NasPlease be more clear with your request.
regard max
What should I lower it to?
I have had a site to site VPN up before with two Meraki security appliance. It worked beautifully.
I do not want my NAS to be accessible through port forwarding. Sorry I wasn't more clear.
-
Hi teladero
Why not lowering the MSS ? what is your problem with the webgui ? Maybe the NAS Gui allow only acces from LAN
If you want access the NAS over internet behind a pfsense you have to add a Firewall: NAT: Port Forward for the
NasPlease be more clear with your request.
regard max
I noticed that the default size was 1400, so I tried 1300 and that did not work. Should I just go smaller? If so, am I slowing my connection to the remote network?
Thanks for all your help.
-
No connection is not faster ;D
(I think the nas is blocking the ip…hard to guess)
regards
max -
No connection is not faster ;D
(I think the nas is blocking the ip…hard to guess)
regards
maxThe NAS (or any other device on my remote network) is not blocking http or https traffic. It used to work fine when I was on a meraki site-to-site vpn. Nothing has changed here except going to pfsense at one location. I can ping, do samba shares, remote desktop, etc across the vpn, so I know it is established. I can try and add some rules on the pfsense box to allow http traffic explicitly over the vpn. I will post the results.
-
No connection is not faster ;D
(I think the nas is blocking the ip…hard to guess)
regards
maxI can't believe it…I added a rule to allow any traffic to the remote network, and it worked! The most bizarre thing is that you can clearly see the two rules below it, allowing IPv4 and IPv6 traffic sourced from the LAN to anywhere. No clue why this was necessary, but hopefully it will help someone else in my position.
Thanks again MaxHeadroom!
-
That makes zero sense. What are the advanced characteristics on that second rule?
-
That makes zero sense. What are the advanced characteristics on that second rule?
Makes zero sense to me as well. Here's what I have for advanced settings.
-
OK just limiters.
I would disable the rule you added, turn logging on on the main pass rule, try to open connections across the VPN, and see what they logs say.
Hmm. Limiters. I don't see anything that should do it but you might be hitting the 2.2.X limiter bug. Also disable the rule you added and try it without the limiters set.
