pfSense behind 4g router

Gérald

I know that SSH is integrated with freeBSD.
I use it this way to access my servers.
But it seems that there is no interface in pfSense to make SSH tunnel creation more user frendly

stephenw10

@stephenw10 said in pfSense behind 4g router:

...you should use a VPN for this really.

But I'm not sure what you expect to see here for SSH. Once it's enabled in System > Advanced > Admin Access you can tunnel stuff to it or use it as a proxy, which I generally prefer.

Steve

JKnott

@Gérald said in pfSense behind 4g router:

But it seems that there is no interface in pfSense to make SSH tunnel creation more user frendly

????

You don't need a tunnel for SSH. It's encrypted on it's own.

stephenw10

Looks like he's trying to setup this sort of tunnel:
https://www.ssh.com/ssh/tunneling/example#sec-Remote-Forwarding

Gérald

@stephenw10 said in pfSense behind 4g router:

Looks like he's trying to setup this sort of tunnel:
https://www.ssh.com/ssh/tunneling/example#sec-Remote-Forwarding

That's exactly it, as previously stated ...

stephenw10

Ok, so it's exactly the same as it would be for Debian. What do you expect to see in a 'package' for this?

Steve

Gérald

Thanks for your interest !

I would like a package that would allow me to set up SSH tunnels quickly between my LAN and my VPS
To be able to control their states and an automatic reconnection (autossh) in case of disconnection.

stephenw10

Hmm, I see. So maybe something like the port forward setup page but including configuring the actual SSH connections?

I've never seen anything like that offered on any firewall to be honest. Really this is exactly where you would usually just use a VPN. Is there some reason you don't want to use a VPN?

Steve

Gérald

Wo not have to install clients on external devices

stephenw10

Well normally you would setup a site-to-site VPN and client can then connect across it directly. No need to install VPN clients on the hosts behind the firewall. Unless I'm missing something...

JKnott

@Gérald said in pfSense behind 4g router:

Wo not have to install clients on external devices

If the clients are running Windows, you'd still have to install something like Putty.

Gérald

@JKnott said in pfSense behind 4g router:

@Gérald said in pfSense behind 4g router:

Wo not have to install clients on external devices

If the clients are running Windows, you'd still have to install something like Putty.

No, on Windows or Android, with the reverse SSH solution, just use myPublicIP: myPort in the app to connect to the LAN

JKnott

@Gérald said in pfSense behind 4g router:

No, on Windows or Android, with the reverse SSH solution, just use myPublicIP: myPort in the app to connect to the LAN

What are you running on Windows or Android to allow that to happen?

stephenw10

You don't need to run anything in the client. The SSH tunnel sets up a 'port forward' of sorts so that when you access the local host on the specified port that is forwarded to the remote SSH server at whatever port you specified when you created it.

I can see how that might be useful for numerous distributed remote hosts. If all the remote devices are behind one firewall though a site-to-site VPN makes far more sense there. You could then just access the remote devices directly.

Steve

JKnott

@stephenw10 said in pfSense behind 4g router:

You don't need to run anything in the client. The SSH tunnel sets up a 'port forward' of sorts so that when you access the local host on the specified port that is forwarded to the remote SSH server at whatever port you specified when you created it.

You need client or server software at each end. Linux provides both. Putty can be used as the client on Windows. What provides the SSH service, client or server in that reverse tunnel?

stephenw10

I guess the OP is doing this in reverse but you can do it either way...

So I run on a local pfSense box:

[2.4.4-RELEASE][admin@5100.stevew.lan]/root: ssh -L 172.21.16.128:4343:127.0.0.1:443 someserver.example.org

Now any client behind pfSense can access 'someserver' at 172.21.16.128:4343 without any sort of ssh on the client itself.

In the reverse setup pfSense would be the server and clients connect to it with the server end listening for port to forward.

That seems to be what the OP is doing but in the reverse case all the setup is at the client so I'm not sure what help any gui page might be....

Steve

Gérald

All the setup is on a local computer : ssh -R remote_port: host: localport VPS_username@VPS_IP_address
On the VPS, juste a simple linux distribution.
On the remote clients, i juste need to use VPS_PublicIP: remote_port in Android, Apple or Windows app

stephenw10

Right so if you use pfSense instead of the local computer you use currently you could create a VPN to the VPS from it and forward ports across it. You would need something that can do port forwards in the VPS though I guess.

Steve

Gérald

@stephenw10 said in pfSense behind 4g router:

Right so if you use pfSense instead of the local computer you use currently you could create a VPN to the VPS from it and forward ports across it.

Exactly.
Permit rapid tunnel creation, their activation / deactivation and the possibility to control their states and an automatic reconnection (autossh) in case of disconnection.

It is a quick way for a webmaster to allow access to these self-hosted site under development to be tested by his client for example ...

The MobaSSHTunnel software under Windows does that perfectly!