FreePBX Web UI through local vpn connection

So I have run into a strange issue. For certain reasons (mostly some control that FreePBX doesn’t provide) I have OpenVPN setup through a PFSense box. My FreePBX box has 2 networks, one is public, the other is an internal to the PFSense box.
When I access the FreePBX web ui directly through the FreePBX box’s public network, it works as expected. If I access the FreePBX web ui using the FreePBX box’s internal network over the vpn connection, if a page ever even loads, it is extremely slow. Sometimes it doesn’t even load, or it will only load pieces.
Now what’s really strange to me, is that I can do everything else using the FreePBX box’s internal ip through the vpn and it works just fine, such as SSH, ping, and sip traffic. The problem seems to be exclusively with the FreePBX web ui.

I don’t know that this is a problem with FreePBX, but since everything but the web ui is working as expected, I don’t know what else to look at.

Any help, or ideas would be greatly appreciated.

Do you see the same issue when accessing the UI via HTTPS? If not, it’s likely your firewall trying to scan / filter HTTP; using HTTPS should be a workaround.

Are there other hosts on the internal network listening on port 80? If so, do you have performance issues accessing them over the VPN?

Check the route table on the PBX. Confirm that the subnet that appears as the source address when accessing the UI through the VPN is routed only via the ‘internal’ interface.

You could use tcpdump to capture HTTP traffic on the PBX internal interface, make some UI accesses over the VPN, copy the .pcap file to your PC and analyze it with Wireshark.

If the excessive delays are on the network side, you could then capture on the PFSense interfaces to pinpoint the trouble.

If they’re on the PBX side, look for CPU usage spikes and see which process is responsible.

What he (@Stewart1) said, plus make sure you aren’t ending up with an open-jawed route. Sending the traffic through the VPN and replying with your public address could cause some weird interactions like this.

I appreciate the responses.

It was still gnawing at me that I could do ping and sip traffic just fine, only the apache stuff was failing. So, after spending a while messing with every mtu under the sun…

I found a reference in PFSense talking about disabling the hardware checksum offload. As soon as I did that, BOOM every FreePBX Web UI page loads instantly as expected, and ping and sip traffic still run perfectly.

For anyone who comes here through a Google search:

PFSense setting location:
System / Advanced / Networking
Disable hardware checksum offload

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.