Is there any package available that could authenticate the remote user from WAN?



  • Dear Guru…. Is there any package available that could authenticate the remote user from WAN to web server  inside pfSense LAN? Please refer the following illustration. Any advices are highly appreciated.

    (WAN)            (LAN)
    Remote user------->pfsense------>Webserver.



  • Sounds like you want something like a reverse captive portal? That is not an available feature currently. I guess vpn is not the solution that you are looking for?



  • Or do your authentication at the webserver itself using htaccess.



  • I think what you're looking for is a so called webaccelerator.
    iChain comes to mind (Or Novell Access Manager as the new is called).
    Those will authenticate the user agains an LDAP, eDir or AD, and then after that allow the user access to the webserver (forwarding the request).

    I don't know any open source solutions for this.



  • You're talking about squid.  It does all those things (although the current pfSense package does not at the moment), but what you're talking about doesn't match what the OP indicated in his post.



  • VPN, I do not know how to setup of it. I don't know why VPN exists. I'm sorry, I dun mean VPN SHOULD NOT exists. I just do not know VPN's usage. I heard about VPN before. I heard VPN is used for security. only VPN clients could access to VPN servers…. am I expressed correctly?

    Back to topic..., The server side itself already had authentication. I wish to have dual authentications. I want pfSense has authentication 1st then after 1st authentication going to server authentication.

    Thank You !!!
    Best Regards,



  • Google VPN, beyond that pfSense doesn't have any type of authentication on the WAN like what you're talking about as there isn't really a need for it.



  • Thank you for your reply. Does reverse proxy can do the job, authenticate user from WAN ?

    Regards,



  • A reverse proxy could do this job, although there isn't a pfSense package for one.  Squid is technically able to act as a reverse proxy (although it sucks at the job).  Varnish is a much better reverse proxy, but there isn't a pfSense package for it.



  • Is there any way to install reverse proxy(varnish) on pfSense box?? ???  ??? Advice please….



  • @jamesseen:

    Is there any way to install reverse proxy(varnish) on pfSense box?? ???  ??? Advice please….

    Not currently.



  • Does RADIUS service can replace reverse proxy (varnish, squid, pound) functions?



  • I am building something like this. It's already working steady, howver I can't write the webgui pages for it. If anyone is interested we could make a package. I have to questions though, it works with lighthttpd (nog the webgui's) on the outside, is this dangerous?

    Is there a systemwide variable for the WAN interface, and if pptp is used do their need to be rules added on both the pptp interface and the WAN interface?


Locked