Beta4: Remote Router Access/Managment

sly

How to access router from wan/internet ?

Tnx.

sullrich

FAQ. Add a firewall rule allowing it.

hoba

http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan

(https is optional but highly recommended due to security reasons)

Gertjan

@hoba:

http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan
(https is optional but highly recommended due to security reasons)

This gives a solution…. but if you live with Dynamic '24H' 'random' WAN IP's (both sides) -> this start to be complicated.
The firewall rules do not accept url's like FromMyHom.dyndns.org neither.

A solution: activate PPTP (pfSense will be the server). And a 'let me in rule' on the PPTP-Firewall tab (this tab will be present).

Afterwards, from a simple remote XP client you can login, and have SSH and web access to the firewall for maintenance.

hoba

Where is the problem? Use DynDNS and create a rule with destination "WAN Adress" and the port the gui listens on. No problem at all.

nima.m

Hoba,

What make SSL for WebGUI more secure ?

I notice that in menu –> Advanced --> webGUI SSL
It has both SSL and private key.
But pfsense never use that private key.

I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

Am I right or I have missed something and there is a way for usiing that private key.

hoba

Everything between the pfSense and the client accessing the webgui is transferred encrypted when using https. When using http people could sniff your passwords, view the webguipages you request, … (if they can sniff somewhere along the way the data takes through the internet or if a proxy is involved).

billm

@nima.m:

Hoba,

What make SSL for WebGUI more secure ?

I notice that in menu –> Advanced --> webGUI SSL
It has both SSL and private key.
But pfsense never use that private key.

I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

Am I right or I have missed something and there is a way for usiing that private key.

Yeah, you kinda missed something :)  The private key is so you can load an X.509 cert into the gui that you signed with a trusted CA to you as opposed to the pfSense default signed cert.  The webGUI doesn't require a client cert, nor does it use client cert for auth - maybe some day if someone is interested in making it work.

–Bill