How to change login from HTTP to HTTPS?
I could use some help with something that's probably elementary. I don't want to experiment because I might lock myself out of the WebGUI if mess up.
I'm logging in using HTTP. I should have followed the install recommendation to use HTTPS.
What is the series of steps to go through to change this? Also, what can I expect to see as I press ENTER each time along the way? The thought of goofing up and having to figure out a console reset is not high on my list of things I want to do.
Thank you in advance.
Basically, I noticed that if I type in my ISP IP, I pull up a pfSense sign-in screen. After all these years, I really didn't know that would happen. I want to add a 'what you have' element to the 'what you know' part. SSH is disabled, by the way. I hardened the basic sign-in just to be sure. No OpenVPN users have admin access.
Make sure your firewall rules pass the chosen HTTPS port from your management location. The automatic anti-lockout rule will be adjusted automatically if necessary.
System > Advanced change to HTTPS. Set the port if desired (443 otherwise).
Decide if you want port 80 forwarded to HTTPS and set the value of WebGUI redirect accordingly. Checked means connections to 80 will just hang.
Save and apply and connect to the firewall https on the new port.
Yes, you can connect to the public IP address web gui. Block to destination This Firewall (self) to catch WAN addresses, VIPs, etc, on guest interfaces.
I actually did have to reset the password later in the day for Admin from the console. Pressing '3' did it. Looking it up on the internet made it look like a tedious chore. Real life was 1000x easier.
Actually, I don't think I asked the right question. I freaked when I entered my IP into the address bar and my pfSense router popped up. I was at home so I couldn't test remote login.
The better question …
Is remote login on? If so Is there a way to turn it off? If so, how. I couldn't Google a good answer, although it might appear that remote login is off by default and I'm certain I would have never have turned it on, even if I knew where the check box was.
Also, off topic, but many thanks for the way OpenVPN is designed for pfSense. I also removed and rebuilt a couple of OpenVPN servers, including all users, user certs, server certs, and router certs. It took about an hour, which included time to remember how to do it. Rebuilding using the wizards is a gift to us from you. (FYI, I was afraid of a hack, probably needlessly so)
Look at your rules on WAN. What is passed there?
It is perfectly normal for you to be able to bring up the web gui from the inside using the outside IP address unless you specifically block that. That behavior is governed by the rules on LAN.
Being able to connect from the outside is governed by the rules on WAN.