Access webGui via double stack



  • Hello guys,

    It's possible to access the pfsense webgui via double stack (ipv4 and ipv6)?



  • Why do you think it wouldn't be possible? IPv6 is just addresses and routes just like IPv4 is when it comes to connectivity.



  • @kpa:

    Why do you think it wouldn't be possible? IPv6 is just addresses and routes just like IPv4 is when it comes to connectivity.

    Ok. How I config this?



  • You need to have DNS configured so that it returns both A and AAAA records for the name you have chosen for the firewall, let's say firewall.example.tld. A record(s) for the IPv4 address(es) and AAAA records for the IPv6 address(es). For local access you can do that in the DNS resolver with host overrides, otherwise in the authoritative name server for your domain.


  • Rebel Alliance Global Moderator

    Or just go to your ipv6 address directly.

    Your client does have to have a working ipv6 connection, etc.

    Or sure names work as well, if you setup a AAAA for pfsense to resolve too.  See 2nd attachment via name and using ipv6.






  • @johnpoz:

    Or just go to your ipv6 address directly.

    Your client does have to have a working ipv6 connection, etc.

    Or sure names work as well, if you setup a AAAA for pfsense to resolve too.  See 2nd attachment via name and using ipv6.

    johnpoz,

    what firewall configuration you did?


  • Rebel Alliance Global Moderator

    What do you mean what firewall config?

    My lan rules are default any any.. I see no reason to filter MY access.  Now my other networks are very restricted from my lan and other segment.  But there is a antilock out rule anyway.

    What rules do you have?  Did you disable the antilock out?  This allows access to pfsense both ipv4 and ipv6




  • Your pfsense IPV6 address is most probably a public address.

    So, if you have allowed access throught the firewall, it will be accessible via the internet from anywhere in the world and by anyone without any port forwarding required.

    Keep that in mind.

    Now that thats out of the way, I access mine like this (the numbers here are replaced but the form is correct)

    https://[2001:111:e111:1::1]/


  • Rebel Alliance Global Moderator

    ^ very true.  But out of the box all wan inbound be it ipv4 or ipv6 is blocked.  You would of had to allow such access by creating a rule.



  • Guys,

    My firewall no have access from outside. Only for me. ;D

    My DNS server have both v4 (A) and v6 (AAAA) entries.

    Did you disable the antilock out?  This allows access to pfsense both ipv4 and ipv6

    He was disabled. Now, it's working. It needed only a access rule any to vlan300 address.


  • Rebel Alliance Global Moderator

    That is a pretty OPEN rule ;)  If your wanting to lock down access to the gui.. And only access it from a specific vlan great.  But that that seems pretty wide if you ask me ;)

    Glad you got it sorted.



  • @johnpoz:

    That is a pretty OPEN rule ;)  If your wanting to lock down access to the gui.. And only access it from a specific vlan great.  But that that seems pretty wide if you ask me ;)

    Glad you got it sorted.

    yea..I will configure a rule according to the link below. :D
    https://doc.pfsense.org/index.php/Restrict_access_to_management_interface

    Thanks!!!