Best way to remotely connect to my server

[djdwosk97]

I'm looking for a stable/secure way of connecting to my server (mainly the online GUI). I originally had openVPN running on my Asus router and it was fine, except that I had to use an older version of openVPN since the router didn't support the current version. I also tried to setup and run openVPN on my server, but I was never able to successfully do that.

I'm running Plex and Bittorrent Sync, so not having access to the shares really isn't a big deal to me. What I really need is access to the GUI so I can restart jails/do maintenance when I'm not around (since my plex jail seems to need to be restarted occasionally).

I can SSH into my network and then I can SSH into the server, but that just gets me to the command line of the server. Is there a way for me to get to the GUI via SSH?

 

[Gnome]

You can also tunnel traffic over SSH

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-tunneling-on-a-vps

 

[zoomzoom]

All you need to do is add a tunnel in the ssh client config. I'm not sure what OS or SSH client you're using, but if you're using Windows and PuTTY, see this post I made a few days ago on a similar thread.

 

[djdwosk97]

All you need to do is add a tunnel in the ssh client config. I'm not sure what OS or SSH client you're using, but if you're using Windows and PuTTY, see this post I made a few days ago on a similar thread.

I was just SSH'g through terminal on OSX, but I don't mind using an SSH client.

 

[zoomzoom]

I've never used a Mac before, however you should be able to natively configure the tunnel options. The essentials from the post I linked to will apply, Local Port and Remote IP : Port [i.e. L5000 192.168.1.20:443]. You should be able to determine how to set that tunnel option via Google.

 

[Mirfster]

Curious, if you did (maybe still do?) have OpenVPN working fine on your router; then why not just VPN in and then browse to the Web GUI via HostName (if you have proper Name Resolution configured) or the IP Address?

For "Remote Sites" I even like to setup a "Jump Box" that I will use to RDP to once VPN'd in. That way I have a box there locally that already has any tools/applications I need and can kick off tasks/scripts/commands/etc. without worrying about if my VPN gets dropped since those things are now running locally.

 

[djdwosk97]

Curious, if you did (maybe still do?) have OpenVPN working fine on your router; then why not just VPN in and then browse to the Web GUI via HostName (if you have proper Name Resolution configured) or the IP Address?

For "Remote Sites" I even like to setup a "Jump Box" that I will use to RDP to once VPN'd in. That way I have a box there locally that already has any tools/applications I need and can kick off tasks/scripts/commands/etc. without worrying about if my VPN gets dropped since those things are now running locally.

I got openvpn on my router to work, but I had to use an older version of the client that didn't require a high level of encryption (because Asus is filled with a bunch of jackasses who decided to put a years old version of openvpn on their routers). I was honestly fine with it until recently when it suddenly stopped working for some reason and I've been unable to get it working again.

 

[Mirfster]

Hmm.. Might want to check and see if your router is compatible with OpenWRT or DDWRT then. May be a route you could consider.

 

[djdwosk97]

Hmm.. Might want to check and see if your router is compatible with OpenWRT or DDWRT then. May be a route you could consider.

It is, I'm just hesitant to go down that route since everything else is working properly and because the last time I tried flashing a router with DDWRT it ended up bricked.

 

[Mirfster]

I get it, "one bitten, twice shy". If you wanted to you can grab a decent cheap router that is compatible with either OpenWRT or DDWRT like the DLink DIR-825 for ~ $18.00 (it has 4 GB Ports to boot; can even use the WAN Link as a 1GB Port as well for 5 total) and give it another whirl. I have four (4) of these and use them as APs (for each level of my house and one in the garage). All are running DD-WRT and have been flawless for years.

*** If thinking about DDWRT, then the DIR-825 has to be Rev B1 or above from what I recall.

 

[Gnome]

If you are running a Mac, then save yourself some effort and do this with SSH only.
No need for anything complicated.

Step 1: Get Firefox
Step 2:

• Install the FoxyProxy extension for Firefox (google FoxyProxy). Once that is set up and installed, you will see a new Fox icon next to the URL bar
• Right-click that link and choose “Options”.
• Click “Add new proxy”. You can give this new proxy connection a name if you want to on the "General" tab
• On the “Proxy Details” tab, check “Manual Proxy Configuration”.
• In “Host or IP” enter: localhost
• Choose a port number, such as 8888 for the Port field. Remember that number (used below)
• Click the “SOCKS Proxy?” checkbox. ( Select SocksV5)
• Click OK to close the settings tab.
• Right click on the Fox icon again and select "Use proxy '<Name you specified>' for all URLS"

Step 3: Open a terminal and run this command:

Code:

ssh -D 8888 -q -N username@host

Please use SSH keys for your own safety.
Leave the terminal with SSH open in the background.

All your HTTP traffic will be transferred over SSH as if you are running from the computer you SSH'd to
Any application that allows a SOCKSV5 proxy and uses TCP can also do this.
You don't need to use Firefox, it is just really simple to set this up using Firefox

 

[Mirfster]

If you are running a Mac, then save yourself some effort:...

Maybe it is just me, but this just *feels* wrong...

What happens if you are remote and FreeNas needs to reboot?

 

[Gnome]

Maybe it is just me, but this just *feels* wrong...

What happens if you are remote and FreeNas needs to reboot?

From OPs original post:

I can SSH into my network and then I can SSH into the server, but that just gets me to the command line of the server. Is there a way for me to get to the GUI via SSH?

This indicates the user has a router that is publicly accessible with some port open for SSH.
The OP then SSH form there to his FreeNAS box.

Instead of that he can simply open a SSH SocksV5 tunnel to his router and use that to access anything on his network (TCP wise).

SSH is prolific, very portable and super secure (assuming you use SSH keys)
The reboot problem is a general problem with any router however.
If it is your gateway and you reboot it, your connection will drop until the router comes back up.

The only time I would recommend VPN instead of SSH is if you want higher throughput where I find SSH lacking.
From all other aspects it is pretty solid.
(Ok and possible if you have UDP requirements, then SSH tunneling can become messy)

EDIT: I should point out, you create the tunnel between the Mac and your Router.
You don't need to SSH tunnel to every host you want to access. (eg. you don't need to tunnel specifically to the FreeNAS host)
Once you created the tunnel to your Router, you have a tunnel "into" your network and any TCP traffic will run over that SSH session.
It is a TCP VPN, so to speak.

 

[Mirfster]

Understood, not knocking your suggestion just is not my personal "Cup of tea". ;)

 

[DrKK]

I hear this frequently. A (usually new) user of FreeNAS wants to access the GUI of FreeNAS remotely.

May I ask, why? What is it that you would like to do on the GUI remotely? Once your FreeNAS is set up, there is nothing you need on the GUI that can't wait until the next time you are on the LAN. At least as far as I know. Hell, @cyberjock himself once went something like 5 months without accessing the GUI....AT ALL....much less from the WAN.

So I am intellectually curious what people are after, on a day-to-day basis, that they would go through some hassle to expose it to the internet. If it's properly configured, nothing should require your tweaking in the GUI, nothing should need to be "fixed" in the GUI. At least nothing that can't wait until you get back to the local network.

 

[zoomzoom]

It is, I'm just hesitant to go down that route since everything else is working properly and because the last time I tried flashing a router with DDWRT it ended up bricked.

Whenever one chooses to flash an open source firmware for their router, the user needs to buy a USB-TTL cable prior to doing so, as this allows one to TFTP flash if they brick the router from a bad flash.

• There are a myriad of ways to TFTP flash, from breakout-boards, to Serial to USB boards, to USB-TTL cables; however, a USB-TTL cable is the best, easiest, and, generally, most convenient way for new users.
  • Prior to purchasing a USB-TTL cable, I recommend verifying the pitch of the header pins on the router's board, as some routers utilize a 2.54mm pitch, while others utilize a 2.0mm pitch. Googling your router's model should provide the header connector size and pitch size you'll need.
• If you're feeling particularly creative, you can buy a 3 pin 3.5mm PCB female audio jack and a USB-TTL AJ [Audio Jack] cable. You can follow this wiki I, and others, wrote on OpenWrt for the Linksys WRT1x00AC/S Series of routers for the general idea on how to accomplish this.

If OpenWrt is available for the router, it should be flashed in lieu of DD-Wrt due to the lack of functionality of DD-Wrt and it's limited customization options. Due to internal politics at OpenWrt, similar to what's occurred at ownCloud, you may also want to check out LEDE... but I would avoid DD-Wrt unless it's the absolute last alternative.

If you do decide to flash and configure OpenVPN, this is a wiki I wrote for configuring OpenVPN servers and clients on OpenWrt. I also strongly encourage utilizing OpenSSL directly via the openssl.cnf in my signature in lieu of creating certs with Easy-RSA (all commands required are at the bottom of the cnf, starting at line 321)

 

[DrKK]

I thought about this post last night. I realized I do this all the time, but just didn't think much of it.

My friend (who barely knows what a computer is) has a FreeNAS. He texted me to shut it down because he is moving to a new place. So, in order to do that, I went to his FreeNAS GUI, and shut it down. How did I do that?

Well, I of course have ssh (with certificates! not passwords!!!) listening on a fancy high-numbered port on his FreeNAS, *with* forwarding enabled (Services->SSH->properties->Allow TCP Port Forwarding). I connect to his client using an ssh client that supports port forwarding/tunnel via SSH (I use Bitvise on Windows). I have "foxyproxy" installed on Firefox, to make use of that tunnel. So now, as far as Firefox is concerned, I am on his LAN once I click the appropriate button in foxyproxy. Then I just point my browser at the correct LAN IP address, as if it were my FreeNAS.

This is a pretty secure---but not entirely hassle-free---method for accessing a FreeNAS GUI remotely.

 

[Robert Trevellyan]

He texted me to shut it down

 

[DrKK]

He's quite computer illiterate. He truly uses it as an "appliance". I am the repairman. He doesn't even know how to shut it down. He's a photographer that takes a lot of photographs that need a NAS. So I made him a NAS.

So he texts me when he needs something done. I log in maybe once per month to make sure everything looks good.

 

[Jailer]

You sir are a very good friend.

Me, I'm a "teach a man to fish" kinda guy. I don't mind helping someone get going but definitely don't want to be long term tech support. Figured that one out the hard way.