1

I have a pfSense box setup as the firewall/router/VPN appliance at my colo.

Once I VPN into the colo (either pptp or openvpn, pptp preferred due to multiple clients and ease of configuration), I am able to hit all my servers by their private 10.10.10.x ip and am able to browse the public internet without issue.

When I try and hit the URL of a domain hosted by one of my servers, I am prompted for credentials. If I login using the pfSense credentials, I'm connected to pfSense as if I'd used it's internal IP. If I hack my hosts file to point url -> server private IP it works fine, but this is obviously not a good solution.

To recap: not connected to VPN -> www.myurl.com works connected to VPN -> www.myurl.com never makes it to the correct server, but is sent only to the pfSense box

I'm sure it's something small that I've missed in the pfSense config.

Sean
  • 159
  • 5

2 Answers2

1

This is due to the fact that PF functions can't reflect in and out the same interface, it has to pass "through" the router so it redirects you to webconfi. You can setup a .local domain or you can setup Split DNS in PFsense. Instructions for split DNS are in this PFsense KB article. I suggest split DNS to fix this.

Jacob
  • 9,114
  • 4
  • 44
  • 56
  • Ugh. Of course with hundreds of domains... this is going to suck. – Sean Feb 13 '11 at 23:33
  • It might be possible to mass do it in SSH I'll check – Jacob Feb 13 '11 at 23:35
  • @sean take a look at option 3 at http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F it might be easier to implement but I don't know your setup. – Jacob Feb 13 '11 at 23:38
  • @Jacob I looked at that. The last thing I need is our sites going down :) What I've been doing is, for the people that need it, setting up their hosts file to have example.com -> internal ip and telling them to hit www.example.com when not vpned in and example.com when on the VPN. So far it's worked OK, but it's a bit tedious when we get a new URL to deal with or a new PC/Mac/phone [actually being able to ssh from Android has saved date night more than once] to configure. – Sean Feb 13 '11 at 23:54
  • Yeah that might be the best solution :). – Jacob Feb 14 '11 at 00:00
0

You need to setup advanced outbound NAT to NAT with the VPN subnet to get to the Internet.

Glenn Kelley
  • 1,294
  • 6
  • 10
  • I think you misunderstood the question. he wants to use his TLD to access the server locally but can't not get to the internet. – Jacob Feb 13 '11 at 23:13