Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Beta4: Remote Router Access/Managment

    webGUI
    6
    8
    7.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sly
      last edited by

      How to access router from wan/internet ?

      Tnx.

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        FAQ. Add a firewall rule allowing it.

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan

          (https is optional but highly recommended due to security reasons)

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @hoba:

            http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan
            (https is optional but highly recommended due to security reasons)

            This gives a solution…. but if you live with Dynamic '24H' 'random' WAN IP's (both sides) -> this start to be complicated.
            The firewall rules do not accept url's like FromMyHom.dyndns.org neither.

            A solution: activate PPTP (pfSense will be the server). And a 'let me in rule' on the PPTP-Firewall tab (this tab will be present).

            Afterwards, from a simple remote XP client you can login, and have SSH and web access to the firewall for maintenance.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              Where is the problem? Use DynDNS and create a rule with destination "WAN Adress" and the port the gui listens on. No problem at all.

              1 Reply Last reply Reply Quote 0
              • N
                nima.m
                last edited by

                Hoba,

                What make SSL for WebGUI more secure ?

                I notice that in menu –> Advanced --> webGUI SSL
                It has both SSL and private key.
                But pfsense never use that private key.

                I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

                Am I right or I have missed something and there is a way for usiing that private key.

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  Everything between the pfSense and the client accessing the webgui is transferred encrypted when using https. When using http people could sniff your passwords, view the webguipages you request, … (if they can sniff somewhere along the way the data takes through the internet or if a proxy is involved).

                  1 Reply Last reply Reply Quote 0
                  • B
                    billm
                    last edited by

                    @nima.m:

                    Hoba,

                    What make SSL for WebGUI more secure ?

                    I notice that in menu –> Advanced --> webGUI SSL
                    It has both SSL and private key.
                    But pfsense never use that private key.

                    I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

                    Am I right or I have missed something and there is a way for usiing that private key.

                    Yeah, you kinda missed something :)  The private key is so you can load an X.509 cert into the gui that you signed with a trusted CA to you as opposed to the pfSense default signed cert.  The webGUI doesn't require a client cert, nor does it use client cert for auth - maybe some day if someone is interested in making it work.

                    –Bill

                    pfSense core developer
                    blog - http://www.ucsecurity.com/
                    twitter - billmarquette

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.