Disable/block WebGUI from WAN

  • Hello,

    We have a pfsense box with OpenVPN for our users main remote access VPN.  It works great and we have very few problems.  We did notice last night though, if we do a https connection to the ip of the VPN server we are greeted with the WebGUI login.  I would obviously prefer to have this disabled completely.  In my little bit of research it appears WAN login to the GUI is blocked by default unless you create a firewall rule to allow it.  So I'm going to assume that one of our rules allowing VPN traffic is also enabling this.  Is there a way I can disable WAN access to the GUI without also impacting VPN traffic on port 443?

    I can provide you with any necessary details to help.

  • What about System => Advanced => Admin Access and move the default "443" port to another port.

    From what I know, the GUI binds to every interface, WAN included.
    This means that it's listening on WAN port 443 by default, but as you stated : no rule for incoming traffic so : not accessible.

    You moved the default VPN port from 1194 to 443. I wonder how that can actually work, if already nginx (the GUI web server) is already listening on that port.
    (or nginx = TCP only and VPN = UDP only ? In that case change your WAN VPN rule to UDP only  ;))

    edit : everything has already been explained … yesterday ... https://forum.pfsense.org/index.php?topic=138110.0

Log in to reply