Access to WEB GUI via WAN

Steffler · June 6, 2022, 8:48pm

Hi All,
I have completed by first pfSense build and am very happy with the router and it’s performance.
I am wondering if there is a way that I can connect through the WAN port to access the WEB GUI. The reason for this is I would like to bond all my 4 LAN ports to my switch. My switch supports LACP. I can create a LAGG interface without any issues with the unused LAN ports, but obviously not with the current LAN.

Any help would be greatly appreciated.
Cheers,
Ian

Paul · June 7, 2022, 7:41am

Why not setup pfsense with lagg of the 3 unused ports, so it is working.

When it is working, you can delete the network setting for the one port and then add it the the lagg.

neogrid · June 7, 2022, 7:52am

Well I’d say a better way would be to learn about vlans, then put those extra ports into a LAGG with your vlans, leaving your LAN port free, use it as an emergency option to access the router.

I’ve setup my router in this way, gives me the most flexibility.

Perhaps the only reason not to do it is if you have a lot of cross vlan traffic.

You can open up access to your web GUI via the WAN, but then anyone will be able to see what you see, an OpenVPN connection is the way to go if you want remote access to your network.

Paul · June 7, 2022, 10:45am

Have to agree with neogrid, configure the spare 3 ports into a lagg (configure vlans on the lagg interface if required) and have the existing port as a backup to access PFsense in an emergency.

Putting ports into a lagg does not increase speed across the ports (3GB) it just distributes the traffic across the ports , you still have 1GB connections.

Steffler · June 7, 2022, 11:12pm

HI All,
Thank-you all for your responses, very much appreciated.
I am planning on adding VLANS to separate my network.
Is there any advantage vs using LAGG or dedicated LANS for the VLANs.
I was planning on implementing VLANS once my Synology RT2600 receives the latest update later this year to allow VLANS over wifi.
Over the past 2.5 years (since COVID) I was sent to WFH. I would like to setup my Work Laptop on a separate VLAN & I am hoping for some better performance with my Work VPN and remote desktop. Since switching my pfSense router I have noticed better connectivity with my remote desktop, but still sometimes need to disconnect and reconnect due to it freezing.

I was thinking of the following VLANs
Work - Work Laptop to VPN to the office
Home
IoT
Game systems

Cheers,
Ian

neogrid · June 8, 2022, 7:57am

As you are a home user so to speak, the advantages are that you don’t have to think about any backup / redundancy if your “single LAN” fails, the LACP LAGG will switch over, if you swamp your network with traffic it will be spread over the LAGG instead of a single connection.

However, if you have a lot of cross-vlan traffic you might see some performance loss as the traffic has to be routed over the router not just the switch. In my experience I’ve not noticed anything.

Tom has a video on bufferbloat, you should find that and implement it, it made a massive difference in browsing for me.

You probably don’t but could ask for an OpenVPN cert from your employer, then setup your work_vlan to be routed through an OpenVPN gateway, benefit of that is you could then plug any device in and it will be routed to work. I’d guess that you probably have a single laptop with it all setup for work, in that case just create an isolated guest vlan and use that for work.

Steffler · September 20, 2022, 9:54pm

Hi all,
So my Synology RT2600 router that I use as an access point in my home network, finally has received the SRM 1.3 which allows VLANS over wireless. Yeah…
I have setup a LAGG LACP with em1-em3, DHCP enabled and left EM0 as a management port…thank GOD.
I setup the following (but reverted the LAN to 10.0.1.199 as I needed everything working again)
LAN interface set to 10.1.1.199
LAGG interface set to 10.0.1.199
Unfortunately, my Netgear GS724T wasn’t able to use the LAGG as DHCP, it should as i have my Synology DS1817+ with 2NICS uses LACP to my switch and it is working
I have MAC Address Static IPs for my switch, Diskstation, and RT2600 so it is easy to switch back… (management port thanks for the advice)

Yes I did setup the firewall rules the same as LAN

Just curious what I need to do to have my LAGG do DHCP to my switch?
Thanks
Ian

neogrid · September 21, 2022, 9:22am

I do not believe you need to do anything differently over the LAGG for DHCP to work, at least I didn’t. Perhaps you have some config setting enabled on the switch which ought not to be.