OPNsense Forum

English Forums => General Discussion => Topic started by: norspang on June 04, 2015, 10:04:23 am

Title: WebGUI access from WAN??
Post by: norspang on June 04, 2015, 10:04:23 am
I'd like to access the WebGUI from the webinterface but can't get it to work

Does anyone know how to get it to work?
(Just installed my box yesterday, came from PfSense)
Title: Re: WebGUI access from WAN??
Post by: chol on June 04, 2015, 11:43:02 am
Hello,
it is nice that you tried OPNsense.

If you come from pfSense, the set-up of OPNsense should not be much different.

Do you still have your OPNsense appliance connected to a monitor/console? If so please configure the network interface(s) first. If not please go back and connect your monitor/console, it is the easiest and fastest way to get your initial connection problem solved. The configuration through the OPNsense console menu is also highly recommended for virtual machine installs. In the console menu one can ping out to a IP address to see if the WAN is set-up right.

See:
Setup wizard (https://wiki.opnsense.org/index.php/GUI/Setup_wizard)

and

How To Install OPNsense on VirtualBox (https://www.youtube.com/watch?v=uob0zr1MPQc)P

Hope that helps.
Title: Re: WebGUI access from WAN??
Post by: norspang on June 04, 2015, 01:42:50 pm
I got it all configured, i got WAN, WWAN and a BRIDGE with LAN and WIRELESS, I got internet connection through the BRIDGE, so all is working fine.... except that i need to be able to access the WUI from the WAN..
some of the errors i found at pfsense i have not found here YET...... hope not to find them at all....
Title: Re: WebGUI access from WAN??
Post by: franco on June 04, 2015, 05:54:23 pm
This isn't really recommended, but you can enable access to the GUI from the WAN. If you can, you should:

o Do a NAT from a higher port from WAN (e.g. 12345) to LAN 443
o Use a password that meets today's standards
o Pin access to the GUI by restricting WAN port access by IPs

We do have bugs, but we enjoy fixing them as they come up. :)
Title: Re: WebGUI access from WAN??
Post by: norspang on June 05, 2015, 06:15:26 pm
I'll try that Monday.
Of course I'll will make a restriction that only allow a few trusted IP adresses
Title: Re: WebGUI access from WAN??
Post by: norspang on June 09, 2015, 08:17:16 am
no luck :-(

I tried to NAT 12345 to 192.168.1.1 without any FW Rules but the one for NAT.
Then I tried to NAT to 127.0.0.1. Still no luck :-(
Title: Re: WebGUI access from WAN??
Post by: ristridin on June 09, 2015, 12:38:23 pm
Hi,

in order to gain access to your opnsense via wan, you just need to configure a firewall rule
External IP/Host -> WAN address -> OPNsense Managment Port (443)

best regards,
Boris
Title: Re: WebGUI access from WAN??
Post by: norspang on June 09, 2015, 01:39:38 pm
Hi Boris

That is the roule made by the NAT
Title: Re: WebGUI access from WAN??
Post by: chol on June 09, 2015, 03:02:52 pm
Maybe an IP alias > virtual IP address would help? It's a extra virtual IP added to an network interface (WAN), that could be used or forwarded by the firewall
Title: Re: WebGUI access from WAN??
Post by: DoubleJ on August 20, 2015, 11:41:06 am
In general it is not a good idea to open up web UI access on WAN to your router.
However sometimes you find yourself in a situation where you need it temporary.

This is from some pfsense forum and also works in opnsense.
Console access is required though...

Go into the shell and type: pfctl -d

This disables the firewall completely, and you should be able to access the web UI via WAN interface.
Turning it back on: pfctl -e

Take note that any change you make in the web UI, will result in opnsense immediately enabling the firewall again. So you might have to disable it many times, during one session.
Title: Re: WebGUI access from WAN??
Post by: franco on August 20, 2015, 12:06:51 pm
A small caveat with 'pfctl -d' is that this also disables NAT, so be careful not to annoy your LAN users. ;)
Title: Re: WebGUI access from WAN??
Post by: Xames81 on December 06, 2018, 10:13:15 pm
Wich are the best secure option to access on gui of firewall outside? VPN? can help on rules of VPN then web gui?

Thanks.
Title: Re: WebGUI access from WAN??
Post by: cerien on March 06, 2020, 08:20:04 pm
sorry to revive an old thread, but it is really related. i've just installed OpnSense 20.1, and trying to access the gui from the wan interface
- in the system /  settings / administration / webgui, listen is to any interface
- I've created a fw rule to accept any source, destination wan address (or this firewall), https, not working
- I've created a nat rule, to accept any source, destination wan address (or this firewall), 8443, redirect 192.168.1.1/443, not working
- if I stop the firewall via pfctl -d, I can access the gui from the lan - but it is too radical

What could be wrong ?

J.
Title: Re: WebGUI access from WAN??
Post by: jwright on March 15, 2020, 10:42:53 pm
Try disabling reply-to on WAN rules (Firewall > Settings > Advanced)
Title: Re: WebGUI access from WAN??
Post by: mfedv on March 16, 2020, 04:23:20 pm
No need for the NAT rule if you change the TCP port for the Web GUI to a different port that is not overlapping with 1:1 NAT or nginx or haproxy usage (e.g. try 4443). You need to add this port number to the URL for all access then, even from LAN.

Then add filter rule to allow access to this port from WAN.

Might still be some other filter rule forbids this; with luck it is a rule with logging; even better luck if it has a description, this helps finding the culprit in the firewall log.
Title: Re: WebGUI access from WAN??
Post by: banym on March 16, 2020, 07:28:39 pm
If I need access to a WAN Port I change the port of the management and open the Port from my fixed IP to the WAN Interface. The rule belongs on WAN Interface. That's it.

Never open it for the complete Internet.