Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Cannot access Web GUI via VPN when connecting externally
« previous
next »
Print
Pages: [
1
]
Author
Topic: Cannot access Web GUI via VPN when connecting externally (Read 2210 times)
Flecto
Newbie
Posts: 4
Karma: 0
Cannot access Web GUI via VPN when connecting externally
«
on:
March 03, 2021, 07:22:51 pm »
I'm baffled by this issue that I'm seeing.
I set up a Wireguard VPN and I can connect my client without issues both when I'm on my internal WiFi (which doesn't have direct access to the Web GUI) and when I'm totally outside my home network (i.e. coming from the internet).
Regardless how I connect to the VPN (from inside or outside), I can ping OPNsense (192.168.1.1) as well as other LAN hosts and I can SSH to both OPNsense and LAN hosts (which would not be allowed if I was on my WiFi without VPN). So far so good. When I'm connected to the VPN from the INSIDE wifi, I can also access the Web GUI at
https://192.168
.1.1. However, when I'm connected to the same VPN from the OUTSIDE (internet), I cannot access
https://192.168
.1.1. Even though I can ping and ssh to 192.168.1.1 just fine. Using
telnet 192.168.1.1 443
I can connect to OPNsense on port 443, but when I try
curl
https://192.168
.1.1
, I get this output:
* Trying 192.168.1.1:443...
* Connected to 192.168.1.1 (192.168.1.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
And it just hangs there. Incidentally, connecting via HTTP works and I get the redirect:
* Trying 192.168.1.1:80...
* Connected to 192.168.1.1 (192.168.1.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 192.168.1.1
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location:
https://192.168.1.1/
< Content-Length: 0
< Date: Wed, 03 Mar 2021 18:07:31 GMT
< Server: OPNsense
<
* Connection #0 to host 192.168.1.1 left intact
By the way, I've also tried it with OpenVPN instead of Wireguard and the same thing happens. When I connect from the outside, I can ping and ssh 192.168.1.1 but the TLS handshake hangs.
Does anybody have any idea what's going on here? How would the OPNsense webserver even know whether I'm connecting to the VPN from outside or inside? It should loke the same for it, shouldn't it? My VPN tunnel IP is the same in both cases.
Any help would be greatly appreciated!
Logged
jp0469
Jr. Member
Posts: 60
Karma: 8
Re: Cannot access Web GUI via VPN when connecting externally
«
Reply #1 on:
March 05, 2021, 08:18:16 pm »
This sounds similar to my issue that I posted here:
https://forum.opnsense.org/index.php?topic=21804.0
Although, in my case I'm using a site-to-site VPN. The workaround I found is that I can access the webGUI using the IP address assigned to the firewall on the subnet of the VPN tunnel.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Cannot access Web GUI via VPN when connecting externally
«
Reply #2 on:
March 05, 2021, 11:52:16 pm »
Without seeing the details of your setup, it is hard to troubleshoot - eg firewall rules, WG setup, what interfaces the webgui is listening on etc. FWIW I can access my LAN via WG from outside and connect to the OPNsense GUI with no issues
One general tip: don’t use the default “WireGuard net” in your firewall rules. Define your own Alias for your VPN network and use that instead:
https://github.com/opnsense/docs/pull/304
Logged
Flecto
Newbie
Posts: 4
Karma: 0
Re: Cannot access Web GUI via VPN when connecting externally
«
Reply #3 on:
March 06, 2021, 04:59:44 am »
Thank you both for your thoughts. Upon further testing, I now suspect that it has something to do with the external internet connection. I had only tested it by tethering my phone to access the VPN from the outside and that connection had a pretty high latency. Yesterday, I had the chance to test it from an external decent wifi with much lower latency and I was actually able to access the Web GUI when connected to the VPN with that more reliable internet connection. So maybe it's not a problem with OPNsense after all.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Cannot access Web GUI via VPN when connecting externally