Senior Member
Posts: 3,797
Registered: ‎09-12-2010
Kudos: 1327
Solutions: 31
Accepted Solution

Quickly Enable Remote Access to EdgeMAX GUI?

Hi guys,

I just installed an ER Pro and got things online quickly using the WAN+2LAN Wizard.  I have LAN1 on ETH0 and WAN on ETH1 (as the Wizard configures)

Thing now is I need to leave soon and can't do any more local configuration.  I still have some things to configure (static leases, etc) as it's replacing a RB.  This is my first ER, and since I don't have a whole ton of time learning the CLI and GUI, could someone please give me a quick step by step on how to enable remote access to the GUI over the WAN port?

I'd appreciate it!

TicoBytes.com | www.ticobytes.com
Ubiquiti Solutions and English / Spanish IT Support in Costa Rica
UBRSS, UBWA, UEWA - Ubiquiti Certified Trainer

Accepted Solutions
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 386
Solutions: 40

Re: Quickly Enable Remote Access to EdgeMAX GUI?

[ Edited ]

Add a rule to ruleset WAN_LOCAL to accept tcp port 80,443.

 

Go to the 'Security' tab...

Click the button on the right under WAN_LOCAL and select 'edit ruleset'.  (Pic 1)

This will bring up the 'Ruleset Configuration fro WAN_LOCAL' dialog box.  (Pic 2)

Click on the button for 'Add New Rule'.  (Pic3)

Under 'Basic', give the rule a name, choose the 'Accept' bullet, Protocol 'tcp' bullet, & check the box for logging.  (pic 4)

On the destination tab, enter port 80,443 (no spaces)  (Pic5)

Click the 'Save' button.

Done.

View solution in original post

step1.png
step2.png
step3.png
step4.png
step5.png

All Replies
Emerging Member
Posts: 108
Registered: ‎11-04-2013
Kudos: 79

Re: Quickly Enable Remote Access to EdgeMAX GUI?

You should be able to upgrade to ER FW 1.5 wich has a GUI for remote access VPN and site to site vpn

Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 386
Solutions: 40

Re: Quickly Enable Remote Access to EdgeMAX GUI?

[ Edited ]

Add a rule to ruleset WAN_LOCAL to accept tcp port 80,443.

 

Go to the 'Security' tab...

Click the button on the right under WAN_LOCAL and select 'edit ruleset'.  (Pic 1)

This will bring up the 'Ruleset Configuration fro WAN_LOCAL' dialog box.  (Pic 2)

Click on the button for 'Add New Rule'.  (Pic3)

Under 'Basic', give the rule a name, choose the 'Accept' bullet, Protocol 'tcp' bullet, & check the box for logging.  (pic 4)

On the destination tab, enter port 80,443 (no spaces)  (Pic5)

Click the 'Save' button.

Done.

step1.png
step2.png
step3.png
step4.png
step5.png
Emerging Member
Posts: 108
Registered: ‎11-04-2013
Kudos: 79

Re: Quickly Enable Remote Access to EdgeMAX GUI?

Oh.. you mean how do you open up the firewall for management and ssl ports.. yeah the guy above me did a pretty good explanaition for that.  If you mean remote access like a vpn then defintely check out FW 1.5

Senior Member
Posts: 3,797
Registered: ‎09-12-2010
Kudos: 1327
Solutions: 31

Re: Quickly Enable Remote Access to EdgeMAX GUI?

Thank you both!  

@CowboyJed 's solution is really what I was looking for but VPN is on my to-do list.  Thanks for taking the time to help set that up - I figured it was going to be much more complicated (CLI forcing the GUI to listen to the WAN interface)!  This should be a checkbox option in the setup wizard :-)

I didn't get to set it up while I was there, but I just did it by commandeering someone's laptop behind the router and it worked like a charm.  Only difference is I had already upgraded to v1.5.

If you just found this thread looking to enable remote access and are using v1.5 or above of the firmware, follow the instructions above, but instead of looking for a Security tab, you want to click on the Firewall/NAT tab, and then on Firewall Policies and pick up from the step in Pic 1.

Thanks!

TicoBytes.com | www.ticobytes.com
Ubiquiti Solutions and English / Spanish IT Support in Costa Rica
UBRSS, UBWA, UEWA - Ubiquiti Certified Trainer
Regular Member
Posts: 367
Registered: ‎05-09-2014
Kudos: 128
Solutions: 7

Re: Quickly Enable Remote Access to EdgeMAX GUI?

i will recommend, that if you are going to be accessing the thing remotely, that you also add a source address filter in that same rule; under "source", in the "address" field, type the remote public IP address from which you are connecting. this way, you haven't opened up your router to just any IP out there.

that said, if you plan on connecting in from many different locations/IPs, then this may not be feasible, in which case a VPN would be ideal Man Happy

Senior Member
Posts: 3,797
Registered: ‎09-12-2010
Kudos: 1327
Solutions: 31

Re: Quickly Enable Remote Access to EdgeMAX GUI?

Thanks, I'll keep that in mind.  Have you figure out how to set up the VPN now Man Happy

TicoBytes.com | www.ticobytes.com
Ubiquiti Solutions and English / Spanish IT Support in Costa Rica
UBRSS, UBWA, UEWA - Ubiquiti Certified Trainer
Established Member
Posts: 1,043
Registered: ‎02-17-2014
Kudos: 386
Solutions: 40

Re: Quickly Enable Remote Access to EdgeMAX GUI?

[ Edited ]

You said you needed a quick setup for remote access.  That's what this was.  There are better options for long-term connectivity, but this is a quick setup.

I use SSH with a non-standard port and if I need the GUI, I use the CLI to open the GUI port temporarily and close it again when I'm done.  However, the more time I spend with the ERL, the more I end up doing from the CLI.

Regular Member
Posts: 367
Registered: ‎05-09-2014
Kudos: 128
Solutions: 7

Re: Quickly Enable Remote Access to EdgeMAX GUI?


@CodyLoco wrote:

Have you figure out how to set up the VPN now Man Happy


openvpn, yes, and it work just as normally as it does anywhere else.. strongswan, with some manual configuration changes, and even then i haven't figured out why the Win7 ipsec client can't handle quick mode re-authentication. (btw, strongswan has to be one of the WORST pieces of software i've ever used, in terms of documentation/configuration. sooo many errors with 2 pages of results for them on google.)

New Member
Posts: 16
Registered: ‎01-03-2014
Kudos: 1

Re: Quickly Enable Remote Access to EdgeMAX GUI?

Any way to do this with a different external port?  Basically I want to portforward exteral:9999 to router's 127.0.0.1:80.  I'd prefer not to have to change the internally access port (80).

New Member
Posts: 19
Registered: ‎08-07-2015

Re: Quickly Enable Remote Access to EdgeMAX GUI?

[ Edited ]

I may be replying to this too late, I did the steps in that graphic post, my wan IP is 4.2.2.1, and when I type my WAN IP into my browser from another network, say 4.2.2.1:80, the returns with 4.2.2.1 takes to long to respond, and somethimes 4.2.2.1 refused to connect.

 

What do I do?

New Member
Posts: 1
Registered: ‎09-05-2016

Re: Quickly Enable Remote Access to EdgeMAX GUI?

Any updates to this procedure since 2014?  I'm trying to configure remote access to my EdgeMAX, and it doesn't seem to be allowing me in when I follow this procedure.

Member
Posts: 300
Registered: ‎07-30-2013
Kudos: 56
Solutions: 14

Re: Quickly Enable Remote Access to EdgeMAX GUI?

This is what I do for remote access to the router and any device behind the router using l2tp/ipsec

 

*******  edge router enable remote access

#Enter configuration mode.

configure

#Define the interface ipsec will use for internet connections (eth1 in this example).

set vpn ipsec ipsec-interfaces interface eth1

#Enable NAT traversal (this is mandatory).

set vpn ipsec nat-traversal enable

#Set the allowed subnet (allowing all subnets).

set vpn ipsec nat-networks allowed-network 0.0.0.0/0

#Show the ipsec configuration.

show vpn ipsec

# DHCP ONLY:  If you obtain your IP address from your internet service provider via DHCP, use this

# command:
set vpn l2tp remote-access dhcp-interface eth1


# STATIC IP ONLY:  If you have a static IP address and do NOT obtain your IP address from your 

# internet service provider via DHCP, then use this command instead of the one above:

set vpn l2tp remote-access outside-address STATICIP

# Replace "STATICIP" in the command above with your actual static IP address!

#Set up the pool of IP addresses that remote VPN connections will assume.

# In this case we make 10 addresses available (from.191 to .200) on subnet #192.168.12.0/24. 

# You can also issue IP addresses used in your subnet, but make sure that

# They do not overlap with IP addresses issued by your DHCP Server or used by

# other devices on your network with static IP.

set vpn l2tp remote-access client-ip-pool start 192.168.12.191
set vpn l2tp remote-access client-ip-pool stop 192.168.12.200

#Set the IPsec authentication mode to pre-shared secret.

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret

#Set the pre-shared secret (replace "secret phrase" with your desired passphrase)

set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret "secret phrase"

#Set the L2TP remote access authentication mode to local.

set vpn l2tp remote-access authentication mode local

#Set theL2TP remote access username and password.  

#Replace testuser with your desired username and testpassword with your desired password.

#Repeat this line as needed.

set vpn l2tp remote-access authentication local-users username testuser password testpassword

#Set the MTU  - enable and change if needed

#set vpn l2tp remote-access mtu 1492

#Set DNS Servers:

set vpn l2tp remote-access dns-servers server-1 8.8.8.8
set vpn l2tp remote-access dns-servers server-2 8.8.4.4

#Commit the change.

commit
#Show the l2tp remote access configuration.

show vpn l2tp remote-access

#Save the settings

save

**************************
#Open the required ports using the Web UI.

#Access the Web UI.  Click on the "Security Tab" or “Firewall/Nat” depending on software release.  Find the "WAN_LOCAL" rule (or whatever you called the rule that controls access to the router), and click "Actions" to the right of it.  Select "Edit Ruleset" from the pull-down.  Add a new rule somewhere before you drop invalid packets as follows:

Basic Tab:  

  • Description:  Allow L2TP

  • Check Enable.  

  • Action:  Accept.  

  • Protocol:  Choose a protocol:  udp

Destination Tab:  

  • Port:  500,1701,4500

Click Save.

# Create another rule
 
Basic Tab:

   • Description:  Allow ESP

   • Check Enable.

   • Action:  Accept.

  • Protocol:  Choose a protocol by name:  esp

Click Save.
Regular Member
Posts: 540
Registered: ‎08-25-2009
Kudos: 94
Solutions: 4

Re: Quickly Enable Remote Access to EdgeMAX GUI?

 

Nice thanks

 

How about a quick remote for 443?  we have it behind our CPE , its not exposed to the internet, but since we can reach ever cpe via https, it would be much simpler this way.

 

I have tried the dNAT and WAN_local examples with no luck.

 

please advice, thanks

 

New Member
Posts: 2
Registered: ‎09-28-2015

Router x er remote access

Am trying to access a network behind the router and that's a leg that is coming in as Wan 1 and there is a Wan 2 which is another network separately from Wan 1 because am using load balancing mode... Wan 1 network is: gateway 192.168.5.6 with subnet 255.255.255.0 its a static network bUT this line is coming in to me as DHCP that's what I set it  it to come in as in the router x er and I have 3 Lan giving out DHCP with a Static in eth0 as 192.168.0.0/19 and the gateway is 192.168.0.1 but I want to stay infront of the Router and access 192.168.5.6 network from any of the Lan 3,4,5.  Am now using Lan 3 which is giving me DHCP to my Customers and i want to Can access the Other Line from any of the customers radios and all of the customers are in DhCp and the airgateway is Soho router mode.... so can u help me plzzz and begging you.. anyone that is asisting me can u give me a number to call u on plzz so u can better help me plzz... and not good at command promt and better with the Router x GUI....

New Member
Posts: 2
Registered: ‎09-28-2015

Re: Router x er remote access

I don't want Wan 2 to see into my network and I have no need seeing in that network either... I just want to communicate with Wan 1 behind and in front I don't mean if I use my discovery tool and scan on either side I'll see all the radios that is in front and behind the router x er.. I just want to write a ip in my browser that follows 192.168.5.6 gateway and I get access to the radios on the other side of Wan1... so that's what I need help in doing right now ASAP cause cu somers need my assistance on network 192.168.5.6 and am in front the edgerouter x er.... so help plzzz plzzzz

Emerging Member
Posts: 41
Registered: ‎11-25-2016
Kudos: 1

Re: Quickly Enable Remote Access to EdgeMAX GUI?

It should work using the steps above even now at v1.9.1.1 but now I've enabled an L2TP Ipsec VPN and if I remove this rule from the firewall I can no longer get in so there's something not quite right with the L2TP setup allowing me to see the GUI

Emerging Member
Posts: 53
Registered: ‎02-14-2014
Kudos: 4

Re: Quickly Enable Remote Access to EdgeMAX GUI?

I'm curious about this too. Non-standard ports offer at least a little bit more security but in this case I already have a web server with traffic being directed to it so 443 and 80 are out.  

 

Did anyone ever tell you how to do it?

Emerging Member
Posts: 53
Registered: ‎02-14-2014
Kudos: 4

Re: Quickly Enable Remote Access to EdgeMAX GUI?

I am referring to setting up the above but using say Port 8888 or something obscure rather than 80 & 443
New Member
Posts: 1
Registered: ‎11-11-2018

Re: Quickly Enable Remote Access to EdgeMAX GUI?

So I'm pretty much wondering the same thing: How to enable remote management using non-standard ports? I added a rule in the forwarding section to forward 50443 to port 443 on the IP-address of my ER-X on top of the firewall rules described above openinng WAN_LOCAL for 443.

 

However, this opens the ER-X to 443 instead of 50443, which still doesn't work.

 

I'd be very grateful for any helpful pointers.