Disable/block WebGUI from WAN
-
Hello,
We have a pfsense box with OpenVPN for our users main remote access VPN. It works great and we have very few problems. We did notice last night though, if we do a https connection to the ip of the VPN server we are greeted with the WebGUI login. I would obviously prefer to have this disabled completely. In my little bit of research it appears WAN login to the GUI is blocked by default unless you create a firewall rule to allow it. So I'm going to assume that one of our rules allowing VPN traffic is also enabling this. Is there a way I can disable WAN access to the GUI without also impacting VPN traffic on port 443?
I can provide you with any necessary details to help.
-
What about System => Advanced => Admin Access and move the default "443" port to another port.
From what I know, the GUI binds to every interface, WAN included.
This means that it's listening on WAN port 443 by default, but as you stated : no rule for incoming traffic so : not accessible.You moved the default VPN port from 1194 to 443. I wonder how that can actually work, if already nginx (the GUI web server) is already listening on that port.
(or nginx = TCP only and VPN = UDP only ? In that case change your WAN VPN rule to UDP only ;))edit : everything has already been explained … yesterday ... https://forum.pfsense.org/index.php?topic=138110.0