Pfsense Web interface unreachable

K

Klueze

New Member
May 27, 2020
6
1
3
40
Hello there,

I restored a previously preconfigured pfsense VM on Proxmox hoping to change in the future the existing rules contained on it, but now I’m not able to connect through the web interface to the pfsense, although I’m able to open the console of the pfsense on Proxmox and interact with the VM. I can’t see the VM from my network either. The question is:

This problem has to do with a wrong network configuration on Proxmox or some rules that needs to be changed on the pfsense VM?
 
To your previous question: yes and no. Yes I have restarted several times the whole system, and no, I haven’t checked this log (in the other post I explained in detail my situation, I’m a newbie in this domain, but I’m doing my best), promise that I’ll do it as soon as possible.

Sorry for the delay, because of the present problem I don’t have access to Internet as usual. Today I try something new, maybe this can clarify the situation:

With the VM fresh restored, I tried to ping to a real PC on my network, the result: Invalid argument. After that I used the option for resetting the pfsense to default, when I tried to ping again I got a successful response, but still not able to connect using the web interface from the LAN. Finally I disabled all the pfsense rules and I could get the access by web. So, this tells me at least, that the Proxmox network configuration and the identification of interfaces on the pfsense are fine. I don’t know, what could be happening, if there is a conflict with some other element on the pfsense as result of restoring a VM belonging to a different network to mine or some other reason. So I hope that this new elements help some way. Maybe this problem belongs now to a pfsense forum instead here. Thanks a lot any way. If you have any other advice let me know.
 
Klueze said:
To your previous question: yes and no. Yes I have restarted several times the whole system, and no, I haven’t checked this log (in the other post I explained in detail my situation, I’m a newbie in this domain, but I’m doing my best), promise that I’ll do it as soon as possible.

Sorry for the delay, because of the present problem I don’t have access to Internet as usual. Today I try something new, maybe this can clarify the situation:

With the VM fresh restored, I tried to ping to a real PC on my network, the result: Invalid argument. After that I used the option for resetting the pfsense to default, when I tried to ping again I got a successful response, but still not able to connect using the web interface from the LAN. Finally I disabled all the pfsense rules and I could get the access by web. So, this tells me at least, that the Proxmox network configuration and the identification of interfaces on the pfsense are fine. I don’t know, what could be happening, if there is a conflict with some other element on the pfsense as result of restoring a VM belonging to a different network to mine or some other reason. So I hope that this new elements help some way. Maybe this problem belongs now to a pfsense forum instead here. Thanks a lot any way. If you have any other advice let me know.
Click to expand...

Maybe belongs In PFsence but from my experience ( pfsence will blame the hypervisor and the hypervisor people will blame the firewall ) . o_O

Ok , now let's talk about your issue I have an idea , did you try to to revers the NIC's I mean change NIC1 to vmbr1 and NIC2 to vmbr0 maybe after the restore pfsence got confused and mixed the LAN with the WAN and vice-versa .

I have a suggestion use wiregard VPN see this tutorial
I have similar situation branched office proxmox connected directly with HQ using wiregard after I used pfsence and would disconnect and connect every 2~3 days with wiregard if the proxmox is not connected I know that ISP internet is down I have been using it for 5 months very good :D:D:D
 
Here're some tips after I tried restoring my firewall VM (Untangle) onto proxmox.

1. First up, make sure Proxmox firewall (pve-firewall) is not a problem. SSH to your PVE and run "pve-firewall stop" and see if everything works now. If it's still broken, continue to step 2.
2. Are you using proxmox firewall? If yes, you need to make sure "net.netfilter.nf_conntrack_tcp_be_liberal" is set to 1. Also, the firewall option of your NIC in your pfSense VM firewall should all be OFF for now. Ditto with firewall option with the pfSense VM. You can turn this back on when everything is working
3. If your network uses VLAN1, there's your problem. Promox GUI (and probably commandline) allows you to create a NIC tagged to VLAN1. But that interface is not going to work. Data from that VLAN has to be passed into Proxmox as untagged.

If pve-firewall is OFF, everything should work. If pve-firewall is ON, but things are not working, then it's #2 (conntrack issue). But if your pfSense is still broken regardless, then I bet you're using VLAN1 and try to pass that as a tagged into your pfSense VM...

It took me months to figure out point #3. But nice if the WebGUI will just throw an error if I try to create a virtual NIC with a tag of VLAN1....
 
  • Like
Reactions: malnaim
Sorry for the delay. I can’t use what you recommend because I need to use my company standards’ software, so, it is not my choice, that’s why I’m going through all of this, because if I could choose I could start from fresh on a new pfsense, but the main issue here is that I’m restoring the image of this particular VM (similar to mine) in order to recycle the rules contained on it. Thanks.
 
Sorry, I was refering to Malnaim's coment about wiregard VPN. Thanks anyway. I resolved to restore to default the pfsense and then import the rules from a similar node.
 
  • Like
Reactions: malnaim
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back