Beta4: Remote Router Access/Managment



  • How to access router from wan/internet ?

    Tnx.



  • FAQ. Add a firewall rule allowing it.



  • http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access webgui wan

    (https is optional but highly recommended due to security reasons)



  • @hoba:

    http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access webgui wan
    (https is optional but highly recommended due to security reasons)

    This gives a solution…. but if you live with Dynamic '24H' 'random' WAN IP's (both sides) -> this start to be complicated.
    The firewall rules do not accept url's like FromMyHom.dyndns.org neither.

    A solution: activate PPTP (pfSense will be the server). And a 'let me in rule' on the PPTP-Firewall tab (this tab will be present).

    Afterwards, from a simple remote XP client you can login, and have SSH and web access to the firewall for maintenance.



  • Where is the problem? Use DynDNS and create a rule with destination "WAN Adress" and the port the gui listens on. No problem at all.



  • Hoba,

    What make SSL for WebGUI more secure ?

    I notice that in menu –> Advanced --> webGUI SSL
    It has both SSL and private key.
    But pfsense never use that private key.

    I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

    Am I right or I have missed something and there is a way for usiing that private key.



  • Everything between the pfSense and the client accessing the webgui is transferred encrypted when using https. When using http people could sniff your passwords, view the webguipages you request, … (if they can sniff somewhere along the way the data takes through the internet or if a proxy is involved).



  • @nima.m:

    Hoba,

    What make SSL for WebGUI more secure ?

    I notice that in menu –> Advanced --> webGUI SSL
    It has both SSL and private key.
    But pfsense never use that private key.

    I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

    Am I right or I have missed something and there is a way for usiing that private key.

    Yeah, you kinda missed something :)  The private key is so you can load an X.509 cert into the gui that you signed with a trusted CA to you as opposed to the pfSense default signed cert.  The webGUI doesn't require a client cert, nor does it use client cert for auth - maybe some day if someone is interested in making it work.

    –Bill


Log in to reply