WEBGUI access from VPN

hajdeo · Jul 24, 2023, 4:08 PM

Hi guys,

I have successfully launched the VPN client, the connection is active and working.

Suppose the external VPN address is XXX.XXX.XXX.XXX.XXX and I would need to access the router or WebGui through this address.I already managed to get it to work once, but I had to reset the settings and I can't do it again.

Do I need to configure somehow the interface, port forward?

Here si pics of config :

thank you!!!

viragomann · Jul 24, 2023, 4:23 PM

@hajdeo
Generally you should not allow webGUI access on WAN. But this is, what your Anti-Lockout rule does.
Note that this setting allows webGUI access without VPN.

Also your manually added WAN rule allows any TCP traffic to the WAN interface.

Add a rule to the OpenVPN interface allow access. Then access it by using the OpenVPN server IP.
Or assign a virtual private IP to WAN (Firewall > virtual IPs) of type "IP alias" and add this in the OpenVPN server settings to the "Local Networks". Then you can use this to access the webGUI. Consider to add a proper rule on the OpenVPN tab.

hajdeo · Jul 24, 2023, 4:48 PM

@viragomann Hi, thanks for your time.

added but nothing happend....any sugestion?

viragomann · Jul 24, 2023, 5:00 PM

@hajdeo
You cannot access the WAN address through the VPN. So this rule is pretty useless.
The WAN address cannot be routed through the VPN, otherwise the VPN wouldn't stay alive.

I recommended to access the webGUI either by the OpenVPN servers virtual IP or by a manually virtual, which you've to assign to the WAN interface before.
The OpenVPN servers IP is the first usable IP out of the tunnel network.
You can also assign an additional virtual IP to the VPN interface, however, you would have to assign an interface to the OpenVPN instance and enable it at before.

hajdeo · Jul 24, 2023, 8:01 PM

@viragomann

hm...can you please provide me step-by-step how add virtual IP?.....if you have a time?

tahnk you so much!

viragomann · Jul 24, 2023, 9:29 PM

@hajdeo
I just noticed, that you're running an OpenVPN client. I was thinking about a server.
What is the goal of this setup, running a vpn client on a router, which only has a single WAN.
And obviously this WAN interface has a private IP. So pfSense might be behind another router.

So you I'm wondering from where you want to access it. From the server network?
You should be able to access it simply by the clients virtual IP.

Do you have a CSO on the server for this client? This would be needed to access any other IP that the clients virtual IP from the server side.

hajdeo · Jul 24, 2023, 9:47 PM

@viragomann I want to access it from the internet. I don't have a public public IP, this way I can access pfsense webgui directly using the client. I already had it set up this way once, but I had to reset the router and I can't get it set up

hajdeo · Jul 25, 2023, 1:04 AM

@hajdeo said in WEBGUI access from VPN:

@viragomann I want to access it from the internet. I don't have a public public IP, this way I can access pfsense webgui directly using the client. I already had it set up this way once, but I had to reset the router and I can't get it set up

hi frien...is done :) my opsense webgui is accessable from internet, just added this to port forwarding :)

Do you think, is possible add rule to access another LAN IP adress (where is plex) from internt through this VPN connection?