Ssh from shell



  • I would like to be able to login to my pfsense from remote and from there ssh to customer hosts via the configured IPSEC tunnels. Access to these customer hosts is restricted to my static IP (WAN of pfsense) and when I am travelling I would like to have that feature at hand.

    In earlier days I had a server running 24/7 in LAN, so I connected to this box via portforward and ssh-ed from there.
    Now I'd like to do it directly on the pfsense box.

    When I try that I can't get connections, no ping, no ssh.
    I assume I have to set specific firewall rules, could someone point out what to do exactly?


  • LAYER 8 Netgate

    When you ssh from pfSense to a remote system over an IPsec tunnel, the connection is sourced from the firewall itself.

    Your IPsec tunnel has a phase2 entry that declares certain traffic interesting to IPsec and thus "routed" over the tunnel.

    Try using the -b IP-Address option to ssh with IP-address being an address on the firewall that is included in the phase 2 entry.

    If you have a LAN interface of 192.168.1.1/24 and a remote network of 172.16.1.1/24 and a phase 2 between those networks try ssh -b 192.168.1.1 172.16.1.1

    I do not know if this will work. I have never tried it.

    I generally have a management workstation on the network that is included in the IPsec Phase 2 entries from which I do these things. Doing it from the firewall can be problematic. Linux and FreeBSD are free. So is XenServer and ESXi.


Log in to reply