Jump to content
RESET Forums (homeservershow.com)

Setting up Anywhere Access with pfSense


cpana
 Share

Recommended Posts

I have some odd issues regarding my DNS update on my server after changing out my router. I am using the Anywhere Access feature bundled with Windows Server 2012 Essentials R2, and it have been good to me up til I changed to pfSense. It depends on UPnP, so I had to activate that. The server opened the ports that it needs, but is not able to update the *.remotewebaccess.com DNS so that it forwards to my WAN.

 

Everything worked right with my Netgear N600 router. On the pfSense router I have tried UPnP & NAT-PMP and it did not work, I forwarded (NAT)pot 80 and 443, but I still get the error message on the Server that Anywhere Access to the your server is blocked.

 

Can someone please help me with this,

 

Thanks in advance! 

Link to comment
Share on other sites

Did you confirm the server has the same IP address from the old router to the new pfSense box?  UPnP is never required to make remote access work as you can do all of this manually.

Link to comment
Share on other sites

Check your settings for UPNP / NAT-PMP.  Make sure that the checkmark at the top of the page to allow UPNP port mapping is selected and check what the default behavior is set to, it might be deny all, in which case you'll need to either change that or add exceptions for your server's IP address and ports 80 and 443.

 

I used UPNP for a while, but eventually got tired of the occasional errors, and wanted to forward IPv6 as well, so I changed the settings to say that I'd manually configured my router and added the needed forwards under the Firewall:NAT:Port Forward section.

Link to comment
Share on other sites

Ran pfsense for a long time before switching to Sophos UTM. Anyway, it's definitely your port forwarding/NAT settings in pfsense. Their UI is clunky IMO and not straight-forward. Then again most non consumer routers offer so much flexibility it often takes a few steps to nail down port forwards.

  • Like 1
Link to comment
Share on other sites

Thanks for your replies,

 

Jmwills: The server Is using the same IP (192.168.1.17) I used in the old router.

Andne and Jason: I have disable UPnP & NAT-PNP. I have configured (Firewall: NAT: Port Forward) to allow Ports 80, 443 and I changed the setting on the server to say, skip router setup.  I want to setup my router manually. I still get the error message that say "The Set up Anywhere Access wizard completed with errors"

Link to comment
Share on other sites

Ok, it's completing with errors, but which errors is it completing with?  There are a lot of things that can generate any error during setup, not just the router part, so you should be able to see a list of all of the errors and/or warnings that occurred during setup.

 

One thing I've found is that if I run the setup without manually configuring the router (so the server uses UPnP), it seemed like I had to disable everything (so that the dialog said anywhere access is disabled) and then run setup again and select that I was going to configure the router manually.  Otherwise it seemed to pay more attention to the fact that I had once told it to configure the router than to me wanting to configure the router manually now.

Link to comment
Share on other sites

Andne,

 

I notice there were more errors:

1. Anywhere Access to your server is block

 

2. There may be more than one router on your network

 

3. UPnP is not enabled on the router

 

4. Your domain cannot be resolved to the IP address for your server

 

I think the last error is where my problem is.

Link to comment
Share on other sites

Error 3 looks like it's probably the cause of things, the server still wants UPnP to be enabled on the router.  I don't remember if it relies on UPnP to get the IP address to update the DNS with or not.  One thing you could maybe try is to enable the UPnP service, but keep the checkbox set to default deny and don't add any exceptions to the boxes.  I think that will allow the server to get the gateway address without allowing any of the port-forwarding behavior that people worry about.  I thought there was a fallback though to ping a web service and ask it what IP is pinging it that could be used.

 

Otherwise I'd say you need to completely disable Anywhere Access and try to set it up again from scratch, and make sure you pick 'I will manually configure my router'.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...