The VPN Connection works as far as i can tell, but I can’t access the web gui, only when disabling pf on the shell. I made a WAN rule (udp, any source to wan address +open vpn port) and a Open VPN rule which allows any to any.
Appreciate any tips. Thanks!
when you’re connected with openvpn, your connection to the gui doesnt come in on the WAN interface. It comes in on the VPN interface.
…because thats what VPNs do.
Try adding the subnet for the nat pool used to the accept list for the web GUI
Create a Firewall rule in your VPN Network interface
check the link i use it to access my pfsense gui from my openvpn network
I am having the same problem, and I determined the issue does not occur when I use my phone. There must be something funky with either my specific windows pc, or the pc client. I tried both OpenVPN connect and the old 2.5.7 client. I’m going to try testing a different windows PC next to see if the issue resolves. Either way, if it’s a bug, it’s likely with the client, and not the server.
What address do uou use to connect to the web GUI when connecting via open vpn?. Can I better understand the rules you set in the open vpn section to allow this?
For instance. If I access the web GUI with 192.168.1.1 do I type that in on my phone when I connect via vpn?
Sorry a bit of a noob
There is no accept list for the Web GUI. The Web GUI is bound to all interfaces. There needs to be a firewall rule to allow traffic (pass) on 443 if you are using https or 80 if you are using http on the interface you are trying to access the web gui from. In my case I added a rule on the “OpenVPN” interface to allow all ip4 traffic on all ports (indeed this is what the wizard does when you allow it to auto add the firewall rules). This still did not resolve the issue. I am beginning to suspect this is a bug, but good luck getting the Pfsense devs to acknowledge.
I did this and it completely disabled access to my lan through the VPN, no less the webgui. Adding a rule on the “OpenVPN” interface is the correct way to allow traffic through the VPN. However, adding this rule (either manually or through the OpenVPN wizard) still does not allow me to access the web gui through the VPN. I’ve either messed up some setting elsewhere, or there is a bug in the implementation of OpenVPN in Pfsense.
EDIT: It’s likely a client issue and not a server/pfsense issue, as my phone does not have problems connecting to the web gui when connected through the VPN.
After further investigation, I think the issue is with how I was connecting to to the internet on the remote side. I was in the library and using my android phone as a hotspot. I do this when I am traveling because I don’t want to connect to open hotspots for security reasons, and my phone usually has better speeds than public hotspots anyways. Unfortunately, this is the configuration that does not work. As soon as I connected to the library’s public wifi I can access the web gui just fine. Ugh, at least I know it’s not a server/pfsense issue.
Did more testing, I think it has something to do with T-mobile, and not android tethering/hotspot, as if I connect my phone first to library wifi, and then tether/hotspot, it works, but if I just connect to t-mobile network and then tether/hotspot, it doesn’t work. Although if I just use the openvpn connect app on my phone it connects through t-mobile just fine. Either way, not sure there is anything I can do to resolve this.
OpenVPN Server is a PIA