Access to WebGUI with non-routing (private) IP
-
I have a pfSense with 3 providers (multi-Wan). One has a public IP, but unreliable. Other two do not have a public IP: they are behind a provider's NAT and I have a private (172/192) IP on appropriate WANs
Is there a way to provide access to the WebGUI ? Proxy server? VPN? Any other way?
I can run my own online PC with a public IP as an intermediary to aid a pfSense for that. But I do not want any internal (pfSense originated) traffic go through the tunnel/VPN for many reasons: performance, reliability, regional IP-based service, ttrans-atlantic loop etc.
IPv6 is not an option as well. Since AFAIK I have to have a routable IPv4 endpoint for a Tunnelbrocker tunnel. IACCU ? Unclear if it works
So some solution for a WebGUI only? Any hints or tutorials?
Thank you -
I assume you are asking about how to provide access to the webGUI for remote support. I would connect with OpenVPN. But for that you need to be able to define a port forward on the provider's front-end box to forward some fixed port number in to the pfSense WAN2 and/or WAN3. If that is possible, then add Dynamic DNS entry to the pfSense on WAN2 and/or WAN3 so you have a name available on the public internet that points to the provider's current public IP in front of you.
I had the trouble that a provider did not have any provision to port-forward anything to a site. In that case you would have to put an OpenVPN server at your home/office and have a client OpenVPN at the site that is making a connection out, back to your home/office. Then you bring up the server at your home/office, wait 1 or 2 minutes, the client will be trying to connect and then "bingo" a connection appears.
Then only add rules on OpenVPN for what you want to allow - to just manage the webGUI it would just be allowing the tunnel subnet only to talk, I expect.