Whats the best way to be able to maintain the network while out of town?
-
Set your webGUI to HTTPS and pick a port (or leave on 443, but this is less secure). Set up a NAT forward o the WAN side to your internal pfSense IP LAN IP on this port. Now you can access the webGUI from anywhere. You can do the same procedure with your SSH port as well.
-
Set your webGUI to HTTPS and pick a port (or leave on 443, but this is less secure). Set up a NAT forward o the WAN side to your internal pfSense IP LAN IP on this port. Now you can access the webGUI from anywhere. You can do the same procedure with your SSH port as well.
Don't I need some kind of dynamic dns and/or virtual ip address for that to work? I mean, I can't just be at the library and type in 192.168.1.1:443 for me to access my web gui.
-
Yes, you can use dynamic DNS but more than likely your IP does not change very often, even if your ISP assigns you a dynamic address. At the library, type in https://your.wan.ip.addr:port and all should work. In the days leading up to your trip, verify your IP every day and see if it changes often. If it does, pfSense has built in clients for some of the popular dynamic DNS services.
-
One thing I noticed is that we have a different IP address today than what we did have yesterday. Plus, we have Satellite internet and we use a modem with the ip address 192.168.0.1. My pfsense WAN IP address is 192.168.02 and my pfsense LAN IP address is 192.168.0.1. So, I'm thinking that just connecting to our IP address won't work. How can I make it so that I can connect even if/when the IP address changes?
-
LogMeIn has a free remote control service that you can run on your home PC that will allow you to connect to it remotely. this will allow you to manage your firewall from your home PC via LogMeIn. you connect to logmein.com via your web browser and start the remote control session so you don't even need to know your home WAN IP.
Roy…
-
Yes, you can use dynamic DNS but more than likely your IP does not change very often, even if your ISP assigns you a dynamic address.
I have a dynamic IP address. Sometimes it stays the same for days, but I've seen it change at least 4 times the one day.
-
Do not leave your WebGUI port – even HTTPS -- exposed to the world if you can help it. Setup OpenVPN and put the client and certs on a USB key, or a laptop, that way you can start a VPN session from the other location.
Using dyndns is essential if your IP changes at all, and OpenVPN client configurations can reference a host by name.
Once you are connected to the VPN, you can ssh, use the WebGUI, route to machines on your LAN, whatever.
As for the IRC channel, there was a spambot attack on freenode so the channel was set to only allow registered and identified freenode users into the channel to keep out the bots. I removed that channel mode for now, it seems like the spammers have stopped hitting so hard. You should be able to get back in. To avoid that problem in the future, register your nickname with freenode and then identify to nickserv once you connect.
-
Setup OpenVPN and put the client and certs on a USB key
Is it possible so run your OpenVPN client from a USB thumb drive without installing anything on the host PC? If so, can you point me to link that describes how to accomplish this?
Roy…
-
Not that I'm aware of, but you'd want to have the installer handy so you don't have to track it down. :-)
There might be a portable version somewhere but I'm not sure it's possible, it needs to install network drivers.
You could always setup a bootable USB key with ubuntu or similar that has the VPN pre-configured.
-
Setup OpenVPN and put the client and certs on a USB key
Is it possible so run your OpenVPN client from a USB thumb drive without installing anything on the host PC? If so, can you point me to link that describes how to accomplish this?
Roy…
The OpenVPN client on windows needs the TUN/TAP device installed so no unfortunately.
-
That's to bad. was hoping that might be possible. Anyway, thanks for the replies!
Roy…