pfSense behind 4g router
-
It depends what you have running on the VPS. But if you have pfSense running there you can certainly setup a port forward directly to your LAN IP where your cameras are across the VPN. As long as it's routed like OpenVPN is.
Steve
-
Thank you Steve for your help!
For now, nothing is installed on the VPS.
-
Ok, well it's definitely possible with pfSense there. I imagine it would be possible with OpenWRT if you're limited on resources.
Steve
-
If I understand, I have to install pfSense also on the VPS and set up a site to site ?
-
Yes. Or it could be a remote access style but as long as the client is at the 4G end and the server is in the VPS.
Steve
-
Or it could be a remote access style
What can I use as other remote access style?
If the installation and configuration could be simple on the server side ...
My main wish is to not use a client to connect to my LAN. -
@Gérald said in pfSense behind 4g router:
I am on the private network of my access provider with a private IP and it is impossible for me to access my cameras and my home automation from the outside.
Don't you just love NAT?
This is just one reason we need to move to IPv6. NAT requires hacks upon hacks to get around the problems it causes.
-
You can use site-to-site or multi-client style setup. Both will work as long as you have the server end of the tunnel at the VPS and the client end behind the 4G router. That is required since the client initiates the connection to the server outbound.
Once the tunnel is up you can just access hosts on your LAN by port forwarding from the VPS end.
Steve
-
Thanks a lot for all these informations.
I will try that ... -
I come back to you after testing a lot of things.
I tested the reverse ssh and it works exactly as I described in my first post myPublicIP: myPort
I installed on my VPS a Debian distribution and I initiate a tunnel with the command: ssh -R remote_port: host: localport your_username @ IP address of the server.
Is it possible to do the same thing in pfSense? -
Yes: https://www.freebsd.org/cgi/man.cgi?query=ssh
But you should use a VPN for this really.
Steve
-
Thanks for this !!!
But no package for that ? -
For SSH? It's included by default, client and server.
-
Really !!!
And it's where ?? -
@Gérald said in pfSense behind 4g router:
Really !!!
And it's where ??SSH is built in to pfSense, or rather the FreeBSD it runs on. If you're running Linux, it's also built in, but you need something like Putty on Windows.
-
I know that SSH is integrated with freeBSD.
I use it this way to access my servers.
But it seems that there is no interface in pfSense to make SSH tunnel creation more user frendly -
@stephenw10 said in pfSense behind 4g router:
...you should use a VPN for this really.
But I'm not sure what you expect to see here for SSH. Once it's enabled in System > Advanced > Admin Access you can tunnel stuff to it or use it as a proxy, which I generally prefer.
Steve
-
@Gérald said in pfSense behind 4g router:
But it seems that there is no interface in pfSense to make SSH tunnel creation more user frendly
????
You don't need a tunnel for SSH. It's encrypted on it's own.
-
Looks like he's trying to setup this sort of tunnel:
https://www.ssh.com/ssh/tunneling/example#sec-Remote-Forwarding -
@stephenw10 said in pfSense behind 4g router:
Looks like he's trying to setup this sort of tunnel:
https://www.ssh.com/ssh/tunneling/example#sec-Remote-ForwardingThat's exactly it, as previously stated ...
