OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: halianelf on September 12, 2018, 01:23:38 am

Title: Can't Access GUI on Secondary
Post by: halianelf on September 12, 2018, 01:23:38 am
I have a pair of firewalls and a really weird issue. I'm basically never attached to my LAN. I either use the public IP that's has a rule to only allow specific IPs or I'm coming across a VPN.

My primary works fine. I can access it both across the tunnel or using it's public. My secondary, I can't except coming from my VM I used for testing that's on the LAN. Even if I put the primary in persistent maintenance mode, it doesn't work on the CARP IP either.

I enabled logging on the rule that I have allowing traffic from the WAN and the log shows it being allowed but all I ever get is "This site can’t be reached x.x.x.x took too long to respond." So at this point I'm at a loss as to what's causing it. It was working fine until I had it reboot (through GUI) because it was giving an error checking for updates yesterday.

Version: OPNsense 18.7.1_3-amd64
Title: Re: Can't Access GUI on Secondary
Post by: mimugmail on September 12, 2018, 06:27:04 am
Can you also login to VPN when the secondary is master?
Title: Re: Can't Access GUI on Secondary
Post by: halianelf on September 12, 2018, 10:53:10 am
No, doesn't look like the the OpenVPN nor the IPSec (at least initiating it from the remote side) work on the secondary either.
Title: Re: Can't Access GUI on Secondary
Post by: mimugmail on September 12, 2018, 04:06:23 pm
Can you check if your HA setup works like desired and perhaps we fix this first :)
Title: Re: Can't Access GUI on Secondary
Post by: halianelf on September 12, 2018, 06:09:33 pm
Pretty sure my HA is working properly but feel free to take a look and let me know if you see something off. If I missed anything you want to see/think will help troubleshoot, let me know. The rules did update on the secondary when I tried changing the GUI allow run on the WAN interface to the 3 IPs (One for each + CARP) for the firewalls rather than just "This Firewall".
Title: Re: Can't Access GUI on Secondary
Post by: halianelf on September 17, 2018, 11:56:57 pm
It may be a NAT issue but not sure exactly what to do to fix it. If I ping an outside IP using the default it works and gets a response. If I change it to the inside it doesn't. Not sure if that helps.