Admin access via ipsec
-
I am setting up a wide area network using pfsense routers, connected together with ipsec. I am new to pfsense but have done similar jobs with other routers previously.
At the moment I can connect to the GUI interface of a remote pfsense router only via a node on the remote network.
It seems that by default admin access to the router is restricted to nodes on networks directly connected to a LAN interface on the router. Is there a way of allowing admin access directly to the router from remote private networks connected by ipsec?.
The manual suggests allowing remote access via VPN but doesn't give any details of how to do it. It may mean you should use VPN to access the GUI via another node on a local network as I am currently doing but this is not ideal when the remote network consists entirely of specialist equipment. I would really like to to be able to access the remote pfsense directly without going via another node on its local network.
Any assistance would be very welcome. Please let me know if I should provide any details of the existing configuration.
-
@fundikompyuta You can connect directly to the LAN interface IP address of the remote pfsense if that LAN network is included in the P2 of the IPsec tunnel.
Check if you have an allow rule at the local site, allowing your IP address to connect to the remote site, to the remote pfSense's LAN IP address, TCP port 80/443.
Also, check if the remote site has an allow rule in IPsec firewall rule tab.
This tab is for incoming connections for the tunnel. -
Thanks very much @mcury - you are saying I should be able to connect so I will check the various rules again.
-
@mcury It was a missing firewall rule - now working fine.