Beta4: Remote Router Access/Managment

sly · May 27, 2006, 12:26 PM

How to access router from wan/internet ?

Tnx.

sullrich · May 27, 2006, 4:53 PM

FAQ. Add a firewall rule allowing it.

hoba · May 27, 2006, 9:29 PM

http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan

(https is optional but highly recommended due to security reasons)

Gertjan · May 27, 2006, 10:57 PM

@hoba:

http://faq.pfsense.com/index.php?action=artikel&cat=10&id=41&artlang=en&highlight=access%20webgui%20wan
(https is optional but highly recommended due to security reasons)

This gives a solution…. but if you live with Dynamic '24H' 'random' WAN IP's (both sides) -> this start to be complicated.
The firewall rules do not accept url's like FromMyHom.dyndns.org neither.

A solution: activate PPTP (pfSense will be the server). And a 'let me in rule' on the PPTP-Firewall tab (this tab will be present).

Afterwards, from a simple remote XP client you can login, and have SSH and web access to the firewall for maintenance.

hoba · May 27, 2006, 11:27 PM

Where is the problem? Use DynDNS and create a rule with destination "WAN Adress" and the port the gui listens on. No problem at all.

nima.m · May 28, 2006, 11:07 AM

Hoba,

What make SSL for WebGUI more secure ?

I notice that in menu –> Advanced --> webGUI SSL
It has both SSL and private key.
But pfsense never use that private key.

I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

Am I right or I have missed something and there is a way for usiing that private key.

hoba · May 28, 2006, 12:41 PM

Everything between the pfSense and the client accessing the webgui is transferred encrypted when using https. When using http people could sniff your passwords, view the webguipages you request, … (if they can sniff somewhere along the way the data takes through the internet or if a proxy is involved).

billm · May 28, 2006, 2:37 PM

@nima.m:

Hoba,

What make SSL for WebGUI more secure ?

I notice that in menu –> Advanced --> webGUI SSL
It has both SSL and private key.
But pfsense never use that private key.

I test this function and it seams that right now, pfsense establish a secure (encrypted) tunnel for WebGUI communication, but it doesn't require the user that have the same private key as the pfsense for establishing the connection.

Am I right or I have missed something and there is a way for usiing that private key.

Yeah, you kinda missed something :) The private key is so you can load an X.509 cert into the gui that you signed with a trusted CA to you as opposed to the pfSense default signed cert. The webGUI doesn't require a client cert, nor does it use client cert for auth - maybe some day if someone is interested in making it work.

–Bill