Possible to use pfSense’s Freeradius server w/ a traditional Wifi router network?
-
.. One more thing, I previously mentioned that I would rather not open ports in the pfSense firewall, but actually that would be fine if it would be the easiest and most effective method.
-
@pfsense_forum_user what does it matter what ports? There is nothing else your going to be running on it other than freerad an the webgui? Any Any rule would be fine..
-
Yes, I will only be using the GUI and the Freeradius server. I have Freeradius currently running in pfSense.
I’m just learning pfSense so I’m not familiar with how to give access of those two things to the pfSense WAN. Could you give me some specific pointers for doing that?
I have tried to allow access to the GUI from the WAN but nothing that I tried worked.
-
@pfsense_forum_user did you create a lan as well.. Out of the box if pfsense only has a 1 interface it will put the antilock out there "the wan" and would allow gui access out of the box.
-
pfSense’s web admin page is at 10.0.0.1, and I can access from an Lubuntu VM in pfSense’s LAN, but I’m not able to access it from browsers on the WAN. I tried entering the same IP address in the WAN browsers but nothing happened, then I tried some instructions that I saw online but nothing worked. I also saw that it is possible to establish a VPN into the pfSense WAN but I suppose that would be overkill.
-
@pfsense_forum_user lay out your network.. How do you have your VMs setup - are you natting yoru vm.. What vm software are you running on?
So pfsense wan IP is 10.0.0.1 on your vm and this is bridged to your 10.0.0/24 network? And a client on this same network say 10.0.0.2 can not access it? Then you have something wrong with your VM setup to your network.
When you setup pfsense and only 1 interface, this would be pfsense wan, and it would have the antilock out rule set so any device on this wan network would be able to access the web gui.
If you can not then there is something else going on in your network, like your VM is behind a nat on your vm software, or its not actually bridged to your physical network, etc
-
I’m using VirtualBox on OS X, and I have two adapters specified for it. Adapter 1 is “bridged” as “en0:ethernet”, and Adapter 2 is “Internal Network” as “intent”.
-
Which setting would you recommend for only one interface? Bridged adapter or internal network?
-
@pfsense_forum_user I haven't used virtual box in long time.. It sure wouldn't be internal network, you need to bridge it to your normal network so you can access it.
Here I just set this up as vm on my nas. Its on my lan network 192.168.9/24 it got an IP from my dhcp server on my network.
I accessed the IP from my pc on the network that it got, walked thru the wizard and changed the password and there you go I am in. As you can see the default rules are anti lock out for gui with source of any. And it even auto disabled the block rfc1918 because its on a rfc1918 network.
-
Sorry I guess these are pretty basic questions. I presume I should use bridged.
-
Thanks, I'll do some experimentation, it is good to know that the two adapters were causing issues.
-
Awsome.. that works. I can now access it from the computers on the hardware network. Do you think it will work unmodified with Freeradius in the same way?
-
@pfsense_forum_user well the default rules only allow access to the web gui, you would need to create a rule to allow your freerad ports.. 1812 is common, but since its not really doing anything other then webgui and freerad you could prob just set an any rule..
-
That’s great. Thanks for your help.