Raspberry Pi and pfsense behind vpn, block everthing.
-
Hi,
Yes iam trying to port forward through vpn public ip because thats only IP that's public. Everything goes through that.
I have checked my vpn provider does not block any port.
I have added a pictures how the setup is in port forward.
The unifi net is where my raspberry is connected to
-
"because thats only IP that's public. Everything goes through that."
No not really.. Not unsolicited inbound traffic unless you have setup port forwarding at your vpn, and then most likely 80 not going to be allowed.
What vpn service are you using, and you setup port forwarding in your account with them?
-
I mean its setup like that got some help before. My Vpn provider does not block port 80? I have Azirevpn
-
Where do they say this? Where is your setup that port 80 that is being hit at whatever public IP is your vpn exit point is being sent down the vpn tunnel to you?
https://www.azirevpn.com/support
I find it HIGHLY unlikely that any VPN would support inbound 80.. Just from the fact that they have multiple clients all using the same public IP.. So who would get 80? You do understand these such services the public IP is shared with other users of the vpn.. That really is the whole point of these things - to HIDE your ip, etc.
If you want to forward 80 inbound to your pi, I would suggest you just forward that on your normal wan ISP connected.. This is how it is normally done.. And takes all of 30 seconds to do..
-
Hi,
Thx for all your help you where right. Its working know. My ISP had 2 different hostname one does block 80. Does that mean I have security risk if I do so?
Is this how it should look like for best option
-
Yes that would be how you would forward port 80 to something behind.
But to being best option, are you always going to access it from known locations? Or is this something for public consumption? If possible lock it down to source IP so only you can access it from where you need/want to access it from.
Better yet would be to vpn into your network to access it. Unless of course its going to be open for public - if open to the public, I would suggest you isolate the box from the rest of your network. So if it does get compromised it can not access anything else on your network.
-
I want to access the raspberry from my phone and work computer from different locations but mostly office.
"I would suggest you isolate the box from the rest of your network. So if it does get compromised it can not access anything else on your network"
How?
-
Put it on its own vlan.. So if your wanting to access your network from your phone and work - why would you not just use a vpn? Why open up the pi to the public internet at all.
-
Hi again,
Never done that. Should I use the vpn that I am paying for azirevpn or a personal vpn?
-
what? Just run vpn server on pfsense.. Takes all of 30 seconds to setup.
-
ok, thx i will try that