How to implement remote management in pfSense 2.4.4 by using a DuckDNS Dynamic DNS domain

The following article explains the steps necessary to enable external access to pfSense GUI using a Dynamic DNS domain from DuckDNS.org.

STEP 1 – Create a new DuckDNS domain

Log in to https://www.duckdns.org with your credentials.

Then type the desired domain name for your pfSense router and press the ‘Add Domain’ button.

Example:

 

STEP 2 – Change pfSense password

As you’re planning to allow remote access to pfSense GUI, one of the very first steps is to put it behind a strong password.

I recommend using https://strongpasswordgenerator.com to generate a strong password, and change the admin as well as any user account passwords on the pfSense System \ User Manager \ Users page.

 

STEP 3 – Allow remote access to WAN port 443

By default, all incoming connections to the pfSense interface on WAN are blocked until pass rules are added.

To allow the remote management, we’ll need to add a new rule allowing remote access on HTTPS port 443 only.

 

In pfSense, go to:

Firewall > Rules, WAN Tab and click ADD button at the bottom of the screen. Then select the following options.

  • Actionpass
  • InterfaceWAN
  • ProtocolTCP
  • Address Family: IPv4
  • SourceAny (or restrict by IP/subnet)
  • DestinationWAN Address
  • Destination port rangeHTTPS (Or the custom port)
  • DescriptionAllow remote management from anywhere (Dangerous!)

 

This is what the rule should look like:

Press ‘Save’.

This is what you should see:

STEP 4 – Add DuckDNS as a DynDNS service in pfSense

Go to: https://www.duckdns.org/install.jsp?tab=pfsense, choose your domain at the bottom and grab the Update URL. it’ll look something like this:

 

Then, go to pfSense GUI: Services / Dynamic DNS / Dynamic DNS Clients and press the ADD button to add a new dynamic DNS client.

On the new screen select: CUSTOM as a service type, leave everything as is, except the ‘Update URL’ part where you need to paste the above URL.

Then type in ‘OK’ into the ‘Result Match’ box, the screen should look like this:

Once done, press the SAVE button.

You should see the new Dynamic DNS Client for DuckDNS to appear in your list with your external IP address:

STEP 5 – Add DuckDNS domain as a pfSense hostname and domain

In pfSense, go to: System / General Setup, then change the Hostname to the domain name you’ve registered in DuckDNS and for the Domain option type in duckdns.org:

Press ‘Save’

 

STEP 6 – Change pfSense port to 443

Also, make sure your pfSense is running

System / Advanced change port to HTTPS if not already set.

 

STEP 7 – Confirm that you can access pfSense in browser externally

Using external connection (e.g. phone in LTE mode) navigate to your DuckDNS domain at https://exampledomain.duckdns.org.

The pfSense web GUI should load:

Hope you’ve enjoyed this tutorial.

Facebook Comments