Recommended way to remotely access web GUI

[CraftyClown]

Afternoon boys and girls,

I have noticed that every now and then, the Plex media server plugin crashes and needs restarting. This is frustrating as I may be away and loose the ability to access my media until I return home.

I am wondering if there is a way I can enable remote connection to my WebGUI that allows a balance between safe, free and not too mind numbingly difficult to set up (obviously I will accept the mind numbingly difficult route if necessary)

I am very much a beginner when it comes to networking, however I am methodical and more than happy to read/research.

@cyberjock, I'm pretty sure this falls into the remit of a beginner Freenas question, yes? ;)

 

[Ericloewe]

The standard answer is to set up a VPN connection.

 

[CraftyClown]

Thanks Eric.

I'm new to VPN, so would this be a case of me installing a client such as OpenVPN onto my Freenas machine?

I'm aware there is a plugin for this currently available.

 

[Ericloewe]

Thanks Eric.

I'm new to VPN, so would this be a case of me installing a client such as OpenVPN onto my Freenas machine?

I'm aware there is a plugin for this currently available.

Something of the sort - or you could also do so on a different device, like your router (depending on its capabilities).

You'll have to research the specifics of the solution you end up using, but once you're connected, it's a simple matter of working like you would on your home network.

 

[saurav]

Sorry to jump in here, but I have to ask this:

Why don't people suggest using ssh to access a freenas box remotely? For webgui, one can do "ssh -D <port> freenas-box-external-address" and then use the socks proxy at localhost:port for browser traffic?

There is a Firefox plugin which can be configured to send only your home IP traffic via the proxy and bypass it for everything else.

This has the advantage that not all of your traffic has to go via your home router, unlike openvpn.

What am I missing here?

 

[ewhac]

Sorry to jump in here, but I have to ask this:

Why don't people suggest using ssh to access a freenas box remotely? For webgui, one can do "ssh -D <port> freenas-box-external-address" and then use the socks proxy at localhost:port for browser traffic?

IIRC, the basic issue is that FreeNAS was written to assume it's on a relatively secure network, i.e. not being constantly assaulted by skr1pt k1dd13s and the ${EXPLETIVE} ${EXPLETIVE} traitors at the NSA. The focus of FreeNAS development is to create rock solid and reliable file serving and storage. If you put a stock FreeNAS box on an Internet-facing address, it will probably withstand the most primitive and ham-handed of attacks (at the cost of unknowable amounts of CPU) but, since it hasn't been especially tuned for that sort of job, it will probably fall at some point. (Also, if you add media-serving plugins, you vastly increase the attack surface, particularly since media-serving plugins receive almost no thought to system security.)

Hence, the recommendation has been to keep FreeNAS behind a firewall (why, hello, pfSense), and configure a VPN on the firewall to allow yourself into it. That's how I've interpreted the prevalent advice, anyway...

 

[SirMaster]

IIRC, the basic issue is that FreeNAS was written to assume it's on a relatively secure network, i.e. not being constantly assaulted by skr1pt k1dd13s and the ${EXPLETIVE} ${EXPLETIVE} traitors at the NSA. The focus of FreeNAS development is to create rock solid and reliable file serving and storage. If you put a stock FreeNAS box on an Internet-facing address, it will probably withstand the most primitive and ham-handed of attacks (at the cost of unknowable amounts of CPU) but, since it hasn't been especially tuned for that sort of job, it will probably fall at some point. (Also, if you add media-serving plugins, you vastly increase the attack surface, particularly since media-serving plugins receive almost no thought to system security.)

Hence, the recommendation has been to keep FreeNAS behind a firewall (why, hello, pfSense), and configure a VPN on the firewall to allow yourself into it. That's how I've interpreted the prevalent advice, anyway...

It's good advice. Obviously you should not put the FreeNAS directly behind a public IP or in a DMZ.

Though If you put FreeNAS behind a firewall and only open the port to SSH and then disable password authentication via SSH and use only private key I don't see where this would be a problem. No matter what FreeNAS is designed for, SSH (which is the only thing you are opening access to) is designed to be secure directly and FreeNAS uses recent versions of OpenSSH which they seem to keep up to date.

I don't see how OpenSSH would be any less secure than something like OpenVPN. They should be equally secure. The only thing I can think of is that OpenVPN has server authentication built-in preventing MITM attacks. Though with OpenSSH you can preload the server key on the client so you don't have to accept the key the first time.

Then tunneling everything through the OpenSSH connection should be just as good as tunnelling everything through OpenVPN.

 

[louieheaton17]

Hi CraftClown,

If you're still looking for an answer to this question then I have an alternate way. Yes, I agree, the proper and right way to do it would be to set up a VPN connection but I know me along with others have had problems trying to set up VPN's. So here's an alternate way but again is if you can't get your VPN working.

SOLUTION:

Login to FreeNas Web GUI (Legacy Mode) and you should be presented with your machine information. Along the top bar, you should see that Information is highlighted, along that same row click on the one next door labeled General.

Now you should see ' WebGUI HTTP Port: 80 ' - What you want to do is change that port to whatever number you want (just don't forget it!) in this example I'm going to change it to 400. Once you change it click save. (There is no need to change HTTPS port). Now to access your FreeNas from home you will have to go to its Local IP followed by :(the port you chose) in my case 192.168.0.31:400 this will then boot the GUI and you'll see a login screen as usual.

Right, now login to your router and port forward the port you chose, in my case 400.

Once you've done that you can access your FreeNas from anywhere! To access it find your IP address where the server is located by going to a website such as https://whatismyipaddress.com/ (make sure your not connected to a VPN when you do this) and then take that IP and then put :400 on the end.

Example:

If my IP was 90.10.90.10 I would go to my URL anywhere in the world and type 90.10.90.10:400 and I will be able to login to my FreeNas GUI

I hope this helps anyone who needs it :)