Whats the best way to be able to maintain the network while out of town?

belikeyeshua

A couple things…

First, I've been unable to connect to the #pfsense irc chat room on freenode... for about a week now. I've tried it on different computers, but that did not help. I've tried connecting to other freenode chat rooms... and I connected without any problems. I even entertained the idea that maybe I somehow got blocked from the chat room. So, I connected via a proxy server so that it would change my ip address... and still, I'm unable to connect. It says this:

Connecting... 
Logging in... 
-- *** Looking up your hostname... 
-- *** Checking ident 
-- *** Couldn't look up your hostname 
-- *** No identd (auth) response 
Welcome to the freenode IRC Network ShawnG 
Your host is leguin.freenode.net[leguin.acc.umu.se/6667], running version hyperion-1.0.2b 
-- *** Your host is leguin.freenode.net[leguin.acc.umu.se/6667], running version hyperion-1.0.2b 
This server was created Mon Dec 10 19:00:19 UTC 2007 
leguin.freenode.net hyperion-1.0.2b aAbBcCdDeEfFGhHiIjkKlLmMnNopPQrRsStTuUvVwWxXyYzZ01234569*@ bcdefFhiIklmnoPqstv 
IRCD=dancer CAPAB CHANTYPES=# EXCEPTS INVEX CHANMODES=bdeIq,k,lfJD,cgijLmnPQrRstz CHANLIMIT=#:20 PREFIX=(ov)@+ MAXLIST=bdeI:50 MODES=4 STATUSMSG=@ KNOCK NICKLEN=16 are supported by this server 
SAFELIST CASEMAPPING=ascii CHANNELLEN=30 TOPICLEN=450 KICKLEN=450 KEYLEN=23 USERLEN=10 HOSTLEN=63 SILENCE=50 are supported by this server 
There are 33691 listed and 25014 unlisted users on 28 servers 
54 flagged staff members 
26753 channels formed 
I have 4187 clients and 0 servers 
Current local  users: 4187  Max: 4187 
Current global users: 58705  Max: 61467 
Highest connection count: 4187 (4186 clients) (80515 since server was (re)started) 
- leguin.freenode.net Message of the Day - 
- Welcome to leguin.freenode.net in Umeå, Sweden, EU! Thanks to 
- the Academic Computer Club at Umeå University for sponsoring 
- this server! 
- 
- URSULA K. LEGUIN (1929-)  The author of the Earthsea 
- trilogy, City of Illusions and The Dispossessed. 
- 
- You're using freenode, a service of Peer-Directed Projects 
- Center Ltd (http://freenode.net/pdpc.shtml). 
- 
- Thanks to everyone who helped us make the 2008/2009 fundraiser 
- a success: individual donors, hardware and bandwith sponsors and 
- our corporate sponsor Canonical Ltd (http://www.canonical.com). 
- 
- By connecting to freenode you indicate that you have read 
- and agree to adhere to our policies and procedures as per 
- the website (http://freenode.net). We would like to remind 
- you that unauthorized public logging of channels on the 
- network is prohibited. Public channel logging should only 
- take place where the channel owner(s) has requested this 
- and users of the channel are all made aware (if you are 
- publically logging your channel, you may wish to keep a 
- notice in topic and perhaps as a on-join message). 
- 
- By registering your nickname with Nickserv you agree that you 
- are 13 years of age, or older. For more information about the 
- Children's Online Privacy Protection Act please see their 
- website at (http://www.coppa.org). 
- 
- freenode runs an open proxy scanner. Your use of the network 
- indicates your acceptance of this policy. For details on 
- freenode network policy, please take a look at our policy 
- page (http://freenode.net/policy.shtml). Thank you for using 
- the network! 
- 
- The PDPC and freenode now do a fortnightly podcast, which you 
- can find over at http://podcast.freenode.net and throughout the 
- summer months we will be arranging geeknics - Picnics for Geeks 
- across the globe! More information can be found over at 
- http://www.geeknic.org 
- 
- freenode is a service of Peer-Directed Projects Center Ltd, 
- a not for profit organisation registered in England and Wales. 
- 
- Our 2009/2010 fundraiser will be starting soon, more information 
- will be available here and on the website! If you wish to donate 
- you can help out over at http://freenode.net/pdpc_donations.shtml 
- 
- Thank you for using freenode! 
- 
End of /MOTD command. 
-NickServ- This nickname is registered. Please choose a different nickname, or identify via /msg NickServ identify <password>. 
##pfsense You need to be identified to join that channel</password> 

Next, we are going to Michigan in February and our Next door neighbor who we share internet with will still need a good internet connection while we are gone. Although nothing bad has happened yet… even with Videocache. Its been very, very stable. Still, if something were to happen, I would love to be able to both ssh and log into the gui from anywhere in the world. Otherwise, if something went bad, it would be really hard for me to fix it let alone know whats wrong with it.

Thanks a lot,
~Shawn

mhab12

Set your webGUI to HTTPS and pick a port (or leave on 443, but this is less secure).  Set up a NAT forward o the WAN side to your internal pfSense IP LAN IP on this port.  Now you can access the webGUI from anywhere.  You can do the same procedure with your SSH port as well.

belikeyeshua

@mhab12:

Set your webGUI to HTTPS and pick a port (or leave on 443, but this is less secure).  Set up a NAT forward o the WAN side to your internal pfSense IP LAN IP on this port.  Now you can access the webGUI from anywhere.  You can do the same procedure with your SSH port as well.

Don't I need some kind of dynamic dns and/or virtual ip address for that to work? I mean, I can't just be at the library and type in 192.168.1.1:443 for me to access my web gui.

mhab12

Yes, you can use dynamic DNS but more than likely your IP does not change very often, even if your ISP assigns you a dynamic address.  At the library, type in https://your.wan.ip.addr:port and all should work.  In the days leading up to your trip, verify your IP every day and see if it changes often.  If it does, pfSense has built in clients for some of the popular dynamic DNS services.

belikeyeshua

One thing I noticed is that we have a different IP address today than what we did have yesterday. Plus, we have Satellite  internet and we use a modem with the ip address 192.168.0.1. My pfsense WAN IP address is 192.168.02 and my pfsense LAN IP address is 192.168.0.1. So, I'm thinking that just connecting to our IP address won't work. How can I make it so that I can connect even if/when the IP address changes?

rpsmith

LogMeIn has a free remote control service that you can run on your home PC that will allow you to connect to it remotely.  this will allow you to manage your firewall from your home PC via LogMeIn.  you connect to logmein.com via your web browser and start the remote control session so you don't even need to know your home WAN IP.

Roy…

wallabybob

@mhab12:

Yes, you can use dynamic DNS but more than likely your IP does not change very often, even if your ISP assigns you a dynamic address.

I have a dynamic IP address. Sometimes it stays the same for days, but I've seen it change at least 4 times the one day.

jimp

Do not leave your WebGUI port – even HTTPS -- exposed to the world if you can help it. Setup OpenVPN and put the client and certs on a USB key, or a laptop, that way you can start a VPN session from the other location.

Using dyndns is essential if your IP changes at all, and OpenVPN client configurations can reference a host by name.

Once you are connected to the VPN, you can ssh, use the WebGUI, route to machines on your LAN, whatever.

As for the IRC channel, there was a spambot attack on freenode so the channel was set to only allow registered and identified freenode users into the channel to keep out the bots. I removed that channel mode for now, it seems like the spammers have stopped hitting so hard. You should be able to get back in. To avoid that problem in the future, register your nickname with freenode and then identify to nickserv once you connect.

rpsmith

@jimp:

Setup OpenVPN and put the client and certs on a USB key

Is it possible so run your OpenVPN client from a USB thumb drive without installing anything on the host PC?  If so, can you point me to link that describes how to accomplish this?

Roy…

jimp

Not that I'm aware of, but you'd want to have the installer handy so you don't have to track it down. :-)

There might be a portable version somewhere but I'm not sure it's possible, it needs to install network drivers.

You could always setup a bootable USB key with ubuntu or similar that has the VPN pre-configured.

kpa

@rpsmith:

@jimp:

Setup OpenVPN and put the client and certs on a USB key

Is it possible so run your OpenVPN client from a USB thumb drive without installing anything on the host PC?   If so, can you point me to link that describes how to accomplish this?

Roy…

The OpenVPN client on windows needs the TUN/TAP device installed so no unfortunately.

rpsmith

That's to bad.  was hoping that might be possible.  Anyway, thanks for the replies!

Roy…