Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Ssh from shell

    General pfSense Questions
    2
    2
    490
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgw last edited by

      I would like to be able to login to my pfsense from remote and from there ssh to customer hosts via the configured IPSEC tunnels. Access to these customer hosts is restricted to my static IP (WAN of pfsense) and when I am travelling I would like to have that feature at hand.

      In earlier days I had a server running 24/7 in LAN, so I connected to this box via portforward and ssh-ed from there.
      Now I'd like to do it directly on the pfsense box.

      When I try that I can't get connections, no ping, no ssh.
      I assume I have to set specific firewall rules, could someone point out what to do exactly?

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        When you ssh from pfSense to a remote system over an IPsec tunnel, the connection is sourced from the firewall itself.

        Your IPsec tunnel has a phase2 entry that declares certain traffic interesting to IPsec and thus "routed" over the tunnel.

        Try using the -b IP-Address option to ssh with IP-address being an address on the firewall that is included in the phase 2 entry.

        If you have a LAN interface of 192.168.1.1/24 and a remote network of 172.16.1.1/24 and a phase 2 between those networks try ssh -b 192.168.1.1 172.16.1.1

        I do not know if this will work. I have never tried it.

        I generally have a management workstation on the network that is included in the IPsec Phase 2 entries from which I do these things. Doing it from the firewall can be problematic. Linux and FreeBSD are free. So is XenServer and ESXi.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy