Remote Access to WebUI
-
i would love to use open VPN to manage to pfsense box remotely but it doesn't work so i thought just open it all up to remote admin it first while trying openVPN when i have time later. but even trying "open it all up" doesn't work for me !!
-
Well, if it does not work with firewall disabled, then pfSense is not the issue, as already suggested above…
-
….
As to the natting to the lan to get to the web gui - why would anyone do that? If you want access to web gui via wan, then allow it..:o
5 years …. and I always thought that the pfSEnse-GUI-web-server was only listing on the LAN interface. -
Well i talked to my isp and they confrimed that they dont block anything inc. Vpn connections. They said other customers can use it fine. No complains whatsoever. So it seems the probs is at the pfsense box.
Can anyone post a firewall rule to alllow remote admin? Thats all i need for now i dont care abt anything else.
Thanks -
Well, it became even more easier now.
I activated GUI https access from WAN with this rule : (see first green rule in image)
No NAT needed ;)
Have your WAN interface getting pinged from the outside ? See third rule.
Just a question : You do have an "Internet IP" (WAN) on your WAN interface, right ?! Something like 109.215.195.225.
What is in between the pfSEnse box and your ISP ?
How do you get your IP (DHCP ? pppoe ?)
What are your other firewall rules ?
-
I have my Internet IP on my pfsense WAN indeed. The box got it from ISP via pppoe.
I have deleted everything on the firewall on both LAN and WAN ((Get remote access working first and then add them on 1 by 1 later if needed)
There is nothing bw my pfsense box and ISP.
the box connect to the ISP fiber cable and received IP from them.
The box act as a modem. I enter ISP username password on the wan interface on pfsense. -
For testing, open everything:
- Put a pass all rule on WAN (protocol any, source any, destination any…)
- Ping the WAN IP from somewhere on the public internet, try to access port 80/443 from the public internet
- Do some packet capture and see if anything is arriving of what you expect (there will likely be plenty of rubbish arriving from Russia...)
- traceroute from the real internet to your public IP - see where it stops routing towards you.
Tell us the first couple of octets of you public IP - just to make sure it reall is a public IP.
This stuff really does work on pfSense.
-
Sorry for the late update,
Its finally working for me!
The last post here reallt helped me!
"Put a pass on any any any"Thats it! I was messing around with pass on this source to that dest..
Trying diff combos…at the end it drives me nuts!Now i can take a breath becuz i dont have to travell like 45min to the site just to add a user.
I can explore open vpn in my spare time now.
Will it interfere with the firewall settings that i currently have now? Do i have to move the vpn rule above or below my current rule that allow remote management?Thanks all forks, much appreciated.
-
"Pass any any" on WAN really is for a 10 minute test only! There will be "a million" things out on the public internet trying to access stuff. You really really need to get the correct rule in place for just the access you need/want.
It should be destination WAN address, port 443 (HTTPS) (or also port 80 which should redirect to 443).
Now you should put in a better rule, then disable the "pass any any" rule and make sure access is still working. If you get stuck sorting out what the rule should be, then post a screenshot of your best attempt and we can see what is wrong. -
Whenever possible restrict your Source(any) into Source((my) IP's which may remote-login to this box).
-
Yess that will be my next action before i move to open vpn.
Thanks.
