@pietro-morre said in DynDNS and host (rdp):
I state that it is a new firewall.
That doesn't matter.
The technic you will have to sue is called NAT. That's a very old router functionality (somewhere in the end of last century) that maps incoming connection on a port on WAN, to an internal, LAN type device, using a port.
NAT hassle will be over as soon as IPv6 can deal with everything, and IPv4 starts to fade out.
Because traffic has to comin in on WAN, the pfSense firewall should also have a firewall rule on the WAN interface that let the traffic enter. It's typically a "from everybody, to port X" rule.
You could should change the "everybody"here to "somebody" if yoy know what IP will be used to connect to your local device.
RDP : as Microsoft states : use it on a LAN, from device, to a device, or use it over in trusted networks.
Never - ever - over the Internet period. Only fools do so, and they all entered the "I'm so sorry phase". Don't become a member of that club.
Since the beginning of 2020 half the planet has become an OpenVPN expert, so, good new, just join them. It permitted millions to keep on working - or at least trying to do so.
So, I advise you to :
Youtube. Look for the Netgate page. They have videos (!). Look at the two Initial and Advanded OpenVPN video. There is also the style, mini, recent video. Do look the big ones. Your video host, jimp (without the @ now) explains the entire thing step by step.
Now set up OpenVPN server. The GUI is quiet daunting, but still better as creating yourself a openVPN server config file (see example below).
As soon as it runs, and you have this :
(note : the ipV6 in my image is purely optional)
If you used the pfSense OpenVPN server setup wizard, the needed firewall rule will get auto created.
if not - and I advise you to set up the OpenVPN server manually, you will have to create a rule like this :
( pretty easy, right ?! )
Now, a small pause and no brainer : install the OpenVPN client export pfSense package.
See again the official videos, and learn how to set up users or even better : certs and how to export a client OpenVPN config file.
Then, take a phone. Disable the wifi ( !!!) and install the 'real' Official OpenVPN client.
Copy the exported Client OpenVPN file to your phione and 'import' it in the OpenVPN official app.
Connect.
When you reached this point, have a look at all the other so called pfSense OpenVPN videos.
See them.
Understand now why the other half of the planet will never have a working VPN.
My OpenVPN server pfSense config file. This is what you create with the GUI :
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-GCM
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.10.3
tls-server
server 192.168.3.0 255.255.255.0
server-ipv6 2001:470:ccea:1::/64
client-config-dir /var/etc/openvpn-csc/server1
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'my-local-domain.tld' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "dhcp-option DOMAIN my-local-domain.tld"
push "dhcp-option DNS 192.168.3.1"
push "dhcp-option DNS6 2001:470:xxxx:1::1"
push "block-outside-dns"
push "register-dns"
push "dhcp-option NTP 192.168.3.1"
push "redirect-gateway def1"
push "redirect-gateway ipv6"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-crypt /var/etc/openvpn/server1.tls-crypt
ncp-disable
persist-remote-ip
float
topology subnet
