• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Port forward for RDP

General pfSense Questions
3
4
1.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    ka3ax
    last edited by Jun 8, 2016, 8:24 AM

    Hello pfSense Experts,

    Sometimes we need to provide quick RDP access for external technicians to our server. Usually we use VPN to protect our RDP connections. And it is not convenient for external technicians.

    One of commercial firewalls has quite interesting method for this scenario. External technicians enter specific address in web browser and login there. This enables port forward to RDP service of server or jump-in PC. This port forward is enabled for some limited period (1 hour eg).

    It is interesting because guests do not need to install anything on their computers, they only need logon address and credentials.

    Is there something like this for pfSense?

    1 Reply Last reply Reply Quote 0
    • M
      muswellhillbilly
      last edited by Jun 8, 2016, 12:28 PM

      As far as I know, there is no clientless vpn solution for PFsense. OpenVPN provides an SSL-based connection but it uses an installable client. The only 'free' (as in beer) clientless VPN solution I know of is OpenVPN ALS/SSL Explorer, though as far as I know it hasn't been in live development for some time.

      1 Reply Last reply Reply Quote 0
      • A
        AllGamer
        last edited by Jun 8, 2016, 8:00 PM

        if you just want easy Remote into desktop, there are plenty of 3rd party paid services for that, or you can use the open source UltraVNC 1 click solution.

        the catch with the 1 click you'll need to create and configure the client, and the techs will need to do that for you, since they are the ones trying to connect to you.

        if that is too much work then use services Go To My PC, or Log Me In, Adobe also have something similar, actually many many services including Citrix and Cisco have something similar.

        Like Checkpoint firewall have a VPN built-into their switches/routers that lets you pick which machine to remote into, but it's also a paid service.

        The alternative method if you use pFsense is to setup PPPoE server, in your end, so they can PPPoE into your network.
        you can create a vlan and tag the PPPoE to only access a separate vlan, where it would be the same vlan as where your remote desktop machine is located.

        this will securely isolate them from your normal network.

        1 Reply Last reply Reply Quote 0
        • K
          ka3ax
          last edited by Jun 9, 2016, 9:14 AM

          AllGamer, muswellhillbilly,

          Thanks for your tips. I have tried already some of them and mostly those methods are not the same easy as just port forward to RDP.

          I do not expect clientless VPN. I think it would be possible to setup simple web page which enables RDP port forward to one of my LAN PCs. With additional precautions (port forward allowed for specific source address only and expires in certain period of time) this should be safe enough. Or not?

          I just though that this simple way is probably already implemented by other people.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.