Access webGui via double stack

empbilly

Hello guys,

It's possible to access the pfsense webgui via double stack (ipv4 and ipv6)?

kpa

Why do you think it wouldn't be possible? IPv6 is just addresses and routes just like IPv4 is when it comes to connectivity.

empbilly

@kpa:

Why do you think it wouldn't be possible? IPv6 is just addresses and routes just like IPv4 is when it comes to connectivity.

Ok. How I config this?

kpa

You need to have DNS configured so that it returns both A and AAAA records for the name you have chosen for the firewall, let's say firewall.example.tld. A record(s) for the IPv4 address(es) and AAAA records for the IPv6 address(es). For local access you can do that in the DNS resolver with host overrides, otherwise in the authoritative name server for your domain.

johnpoz

Or just go to your ipv6 address directly.

Your client does have to have a working ipv6 connection, etc.

Or sure names work as well, if you setup a AAAA for pfsense to resolve too. See 2nd attachment via name and using ipv6.

webguiviaipv6.png_thumb

vianameipv6.png_thumb

empbilly

@johnpoz:

Or just go to your ipv6 address directly.

Your client does have to have a working ipv6 connection, etc.

Or sure names work as well, if you setup a AAAA for pfsense to resolve too. See 2nd attachment via name and using ipv6.

johnpoz,

what firewall configuration you did?

johnpoz

What do you mean what firewall config?

My lan rules are default any any.. I see no reason to filter MY access. Now my other networks are very restricted from my lan and other segment. But there is a antilock out rule anyway.

What rules do you have? Did you disable the antilock out? This allows access to pfsense both ipv4 and ipv6

antilockrule.png_thumb

kejianshi

Your pfsense IPV6 address is most probably a public address.

So, if you have allowed access throught the firewall, it will be accessible via the internet from anywhere in the world and by anyone without any port forwarding required.

Keep that in mind.

Now that thats out of the way, I access mine like this (the numbers here are replaced but the form is correct)

https://[2001:111:e111:1::1]/

johnpoz

^ very true. But out of the box all wan inbound be it ipv4 or ipv6 is blocked. You would of had to allow such access by creating a rule.

empbilly

Guys,

My firewall no have access from outside. Only for me. ;D

My DNS server have both v4 (A) and v6 (AAAA) entries.

Did you disable the antilock out? This allows access to pfsense both ipv4 and ipv6

He was disabled. Now, it's working. It needed only a access rule any to vlan300 address.

johnpoz

That is a pretty OPEN rule ;) If your wanting to lock down access to the gui.. And only access it from a specific vlan great. But that that seems pretty wide if you ask me ;)

Glad you got it sorted.

empbilly

@johnpoz:

That is a pretty OPEN rule ;) If your wanting to lock down access to the gui.. And only access it from a specific vlan great. But that that seems pretty wide if you ask me ;)

Glad you got it sorted.

yea..I will configure a rule according to the link below. :D
https://doc.pfsense.org/index.php/Restrict_access_to_management_interface

Thanks!!!