2

I'm running VMWare ESXi Free on a rented box.

I have 2 physical NICs, 1 connected to the Internet, one connected to the Private Network in our DC.

Each NIC is connected to a vSwitch and each vSwitch has a Management network and VM network (LAN/WAN).

Here is the diagram: https://www.dropbox.com/s/9ceg5k4jjczkvlt/vmWare%20Networking%20Config.png

I setup the pfSense VM using the guide for vmWare in the docs. https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

During the pfSense Setup I set my WAN interface to one of my free Public IPs and did the same with a Private IP for the LAN interface. The upstream Gateway address is provided by the DC and was typed verbatim.

The DC opened up an SSL VPN for me to connect to the private network. Once connected to the VPN, I can access the ESXi host using its Private IP (10.34.251.163), but I always get "Connection Reset" when trying to connect to the pfSense VM via its Private IP (10.34.251.164). When I connect to the VPN I'm shown as connecting to 10.2.1.21 and I'm trying to access 10.34.251.164 (/27), could this be part of the problem?

pfSense cannot PING out to Google as well currently, however pinging Google's IP works just fine. I can ping the ESXi Host and I can Ping pfSense from inside pfSense as well.

Looking in pfTop while trying to access the Web Panel over private IP, I can see the incoming TCP connection, but as I said the Browser tries to connect for a little while then says connection reset.

At this point I have no idea what to do next and any help is appreciated.

Update:

I saw this: Virtual pfSense Appliance on VMWare Host and made the changes suggested by the answer (setting promiscuous mode to allow) and I can see the incoming traffic from my VPN IP to the pfSense private IP. But I cannot access the Web GUI still. (my pfTop: https://www.dropbox.com/s/fzow6i02ijim748/pfTop.png)

Community
  • 1
DavidScherer
  • 189
  • 1
  • 2
  • 8
  • 1
    Why does each switch have a management network??? – Chopper3 Jan 18 '15 at 11:31
  • There is a disabled public management network in case of emergency that I can ask my DC to enable in the event of a catastrophic BOOM! – DavidScherer Jan 19 '15 at 18:32
  • That makes no sense at all but fine, whatever. – Chopper3 Jan 19 '15 at 21:11
  • @Chopper3 If the routing appliance (UTM) were to take a crap one day, my VPN also takes a crap preventing me from accessing the management network. In the event that this were to happen, I'd call the DC and have them enable the public management network so could get to the console and at least resolve the issue with the UTM and disable the public management network again. It's probably no the prettiest solution, but it's the only last resort fail-safe I could think to put in place that I could think of. – DavidScherer Jan 20 '15 at 22:01
  • Or you could access a simple out-of-band system via a VPN and use one management network instead of the Rube Goldberg machine you just described. – Spooler Nov 13 '17 at 03:38

2 Answers2

1

Does it have gas in it? Can I give you a dumb answer?

Okay, then: 1. go into VMclient, open a console for pfsense and restart the PFS web interface.

  1. A default VMware hypervisor has port 443 open, so there should not be any problem with the VMware firewall unless you tinkered with it.

  2. While you are there, did you check the MAC assignment of the card to the LAN IP?

  3. Can PFS ping the IP of the client trying to https: into the PFS web interface? Check cables too. Nothing feels dumber than spending hours to debug when the physical layer is the fault. It happens.

  4. If you did all this, check the PFS logs for a TCP connection, if you see a ICMP connection and UDP but not TCP, then is a certificate required?

Wolfgang Weicheier
  • 11
  • 1
0

This sounds to me like an issue with the default gateway or DNS servers. Please check this configuration.

Pierre.Vriens
  • 1,159
  • 34
  • 15
  • 19
Spencer5051
  • 301
  • 2
  • 4
  • There is no place to set the Default Gateway inside pfSense. Where would I configure these settings? – DavidScherer Jun 20 '14 at 16:33
  • Well, no place to set the default gateway for the LAN. I used the settings provided by the DC when configuring the WAN interface/ip. – DavidScherer Jun 20 '14 at 16:41