-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
How to set the self signed certificate for public IP access?
- Thread starter 3038922
- Start date
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Yes.
Yorick
Wizard
- Joined
- Nov 4, 2018
- Messages
- 1,912
But not because of the cert, to clarify. It’s unsafe to expose the UI to the Internet at large because a) it uses root / password for login, though 2FA in TrueNAS Core will help with that and b) isn’t typically deployed like that, and so not designed for being exposed.
I’d expect management interfaces like this to be remote-accessed via a VPN gateway on the Internet-facing router. Inexpensive options for that are a good question - the fortigate 40f comes to mind, and, there might be even lower cost and yet solid options.
What kind of hardware do people run pfSense on? That seems like a complete solution, see https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html .
I’d expect management interfaces like this to be remote-accessed via a VPN gateway on the Internet-facing router. Inexpensive options for that are a good question - the fortigate 40f comes to mind, and, there might be even lower cost and yet solid options.
What kind of hardware do people run pfSense on? That seems like a complete solution, see https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html .
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Pretty much anything x86. I use the Netgate hardware, though last time I looked it had gone up $200 in price and couldn't be described as cost-effective. But units like this have been pretty popular for new hardware purchases:
Amazon.com: Barebone Mini PC with Intel Celeron j1900 Processor, Quad core 2.42 GHz, AES-NI Fanless Dual LAN Support Linux Windows OS: Computers & Accessories
Amazon.com: Barebone Mini PC with Intel Celeron j1900 Processor, Quad core 2.42 GHz, AES-NI Fanless Dual LAN Support Linux Windows OS: Computers & Accessories
www.amazon.com
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Though it's worth pointing out that the actual issue is almost certainly that the public IP address isn't listed on the cert, but the private IP address is. That would explain a certificate error when accessing externally, but not internally. That's easy enough to fix by making a new cert, but it doesn't solve the problem of exposing a system that isn't designed to be on the public internet to the public internet.
3038922
Dabbler
- Joined
- Apr 23, 2020
- Messages
- 27
The certificate address is the same as the actual public address. As a result, the intranet access is correct.
CN =61.XXXXX
Do you want to write the port number?
3038922
Dabbler
- Joined
- Apr 23, 2020
- Messages
- 27
yes,Private is automatically generated by the system.
another option is Sophos XG firewall/router
I run it on picoPC (only 6W consumption) that is smaller than some commercial routers.
Sophos XG is free for personal use and, almost full of features but the free edition uses up to 4 cores and 6 Gb ram.
It is super easy to setup the VPN server (in reality just to setup users and permissions) and can have 2 FA if someone wants to.
Only downside (for some of us) that it is not open source.
Related topics on forums.truenas.com for thread: "How to set the self signed certificate for public IP access?"
Similar threads
- Locked
