I am hoping that one of you out there can assist me with this rather
interesting problem I am having. Let me set the stage.

I am running the latest stable version of pfSense:
2.1.5-RELEASE (amd64)
built on Mon Aug 25 07:44:45 EDT 2014
FreeBSD 8.3-RELEASE-p16

I am running transparent Squid and Squidguard, and all IP ranges have
access to use the proxy.

I have two WAN connections, each with a handful of public IPs. I have
created an IP alias virtual IP of one of my public IPs on WAN1, which is
used to NAT to a web server.

We have an internal DNS server that resolves the domain name of a web
server to the local LAN IP address. So, all computers on unrestricted VLANs
access the web server without having to hit the pfSense router at all. This
works as expected and the valid certificate is served and the web page
loads.

We have one restricted VLAN that is used for guest WiFi access and this
VLAN is assigned external DNS servers and therefore resolve the domain name
to the public IP.

Now my problem. When connected to the guest WiFi on the restricted VLAN and
attempting to access the web server on its public IP, which is assigned to
a virtual IP on WAN1, I get served the certificate from the pfSense router.
I can tell that this is the pfSense self-signed certificate because of the
details of the certificate displayed in the warning. I also get this
behavior if I force a computer on an unrestricted VLAN, using the hosts
file, to resolve the host name of the web server to its public IP.

What is going on here? I can provide more information if needed. Thank you
for your time.

Ryan Clough
Information Systems
Decision Sciences International Corporation
<http://www.decisionsciencescorp.com/>
<http://www.decisionsciencescorp.com/>

-- 
This email and its contents are confidential. If you are not the intended 
recipient, please do not disclose or use the information within this email 
or its attachments. If you have received this email in error, please report 
the error to the sender by return email and delete this communication from 
your records.
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list

Reply via email to