Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Beta4: Remote Router Access/Managment

    webGUI
    6
    8
    6850
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sly last edited by

      How to access router from wan/internet ?

      Tnx.

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        FAQ. Add a firewall rule allowing it.

        1 Reply Last reply Reply Quote 0
        • H
          hoba last edited by

          http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan

          (https is optional but highly recommended due to security reasons)

          1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan last edited by

            @hoba:

            http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan
            (https is optional but highly recommended due to security reasons)

            This gives a solution…. but if you live with Dynamic '24H' 'random' WAN IP's (both sides) -> this start to be complicated.
            The firewall rules do not accept url's like FromMyHom.dyndns.org neither.

            A solution: activate PPTP (pfSense will be the server). And a 'let me in rule' on the PPTP-Firewall tab (this tab will be present).

            Afterwards, from a simple remote XP client you can login, and have SSH and web access to the firewall for maintenance.

            No "help me" PM's please. Use the forum.

            1 Reply Last reply Reply Quote 0
            • H
              hoba last edited by

              Where is the problem? Use DynDNS and create a rule with destination "WAN Adress" and the port the gui listens on. No problem at all.

              1 Reply Last reply Reply Quote 0
              • N
                nima.m last edited by

                Hoba,

                What make SSL for WebGUI more secure ?

                I notice that in menu –> Advanced --> webGUI SSL
                It has both SSL and private key.
                But pfsense never use that private key.

                I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

                Am I right or I have missed something and there is a way for usiing that private key.

                1 Reply Last reply Reply Quote 0
                • H
                  hoba last edited by

                  Everything between the pfSense and the client accessing the webgui is transferred encrypted when using https. When using http people could sniff your passwords, view the webguipages you request, … (if they can sniff somewhere along the way the data takes through the internet or if a proxy is involved).

                  1 Reply Last reply Reply Quote 0
                  • B
                    billm last edited by

                    @nima.m:

                    Hoba,

                    What make SSL for WebGUI more secure ?

                    I notice that in menu –> Advanced --> webGUI SSL
                    It has both SSL and private key.
                    But pfsense never use that private key.

                    I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

                    Am I right or I have missed something and there is a way for usiing that private key.

                    Yeah, you kinda missed something :)  The private key is so you can load an X.509 cert into the gui that you signed with a trusted CA to you as opposed to the pfSense default signed cert.  The webGUI doesn't require a client cert, nor does it use client cert for auth - maybe some day if someone is interested in making it work.

                    –Bill

                    pfSense core developer
                    blog - http://www.ucsecurity.com/
                    twitter - billmarquette

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post