Access webGui via double stack

empbilly · May 25, 2016, 2:18 PM

Hello guys,

It's possible to access the pfsense webgui via double stack (ipv4 and ipv6)?

kpa · May 25, 2016, 3:00 PM

Why do you think it wouldn't be possible? IPv6 is just addresses and routes just like IPv4 is when it comes to connectivity.

empbilly · May 25, 2016, 4:20 PM

@kpa:

Why do you think it wouldn't be possible? IPv6 is just addresses and routes just like IPv4 is when it comes to connectivity.

Ok. How I config this?

kpa · May 25, 2016, 5:27 PM

You need to have DNS configured so that it returns both A and AAAA records for the name you have chosen for the firewall, let's say firewall.example.tld. A record(s) for the IPv4 address(es) and AAAA records for the IPv6 address(es). For local access you can do that in the DNS resolver with host overrides, otherwise in the authoritative name server for your domain.

johnpoz · May 25, 2016, 9:04 PM

Or just go to your ipv6 address directly.

Your client does have to have a working ipv6 connection, etc.

Or sure names work as well, if you setup a AAAA for pfsense to resolve too. See 2nd attachment via name and using ipv6.

empbilly · May 27, 2016, 12:55 AM

@johnpoz:

Or just go to your ipv6 address directly.

Your client does have to have a working ipv6 connection, etc.

Or sure names work as well, if you setup a AAAA for pfsense to resolve too. See 2nd attachment via name and using ipv6.

johnpoz,

what firewall configuration you did?

johnpoz · May 27, 2016, 3:58 AM

What do you mean what firewall config?

My lan rules are default any any.. I see no reason to filter MY access. Now my other networks are very restricted from my lan and other segment. But there is a antilock out rule anyway.

What rules do you have? Did you disable the antilock out? This allows access to pfsense both ipv4 and ipv6

kejianshi · May 27, 2016, 4:47 AM

Your pfsense IPV6 address is most probably a public address.

So, if you have allowed access throught the firewall, it will be accessible via the internet from anywhere in the world and by anyone without any port forwarding required.

Keep that in mind.

Now that thats out of the way, I access mine like this (the numbers here are replaced but the form is correct)

https://[2001:111:e111:1::1]/

johnpoz · May 27, 2016, 12:25 PM

^ very true. But out of the box all wan inbound be it ipv4 or ipv6 is blocked. You would of had to allow such access by creating a rule.

empbilly · May 27, 2016, 2:27 PM

Guys,

My firewall no have access from outside. Only for me. ;D

My DNS server have both v4 (A) and v6 (AAAA) entries.

Did you disable the antilock out? This allows access to pfsense both ipv4 and ipv6

He was disabled. Now, it's working. It needed only a access rule any to vlan300 address.

johnpoz · May 27, 2016, 5:00 PM

That is a pretty OPEN rule ;) If your wanting to lock down access to the gui.. And only access it from a specific vlan great. But that that seems pretty wide if you ask me ;)

Glad you got it sorted.

empbilly · May 27, 2016, 8:43 PM

@johnpoz:

That is a pretty OPEN rule ;) If your wanting to lock down access to the gui.. And only access it from a specific vlan great. But that that seems pretty wide if you ask me ;)

Glad you got it sorted.

yea..I will configure a rule according to the link below. :D
https://doc.pfsense.org/index.php/Restrict_access_to_management_interface

Thanks!!!