RMU build Gen-1.5: IV. Best Practices - F. Enable GUI Access to OPNsense devices

From Internet Computer Wiki
Revision as of 18:47, 1 March 2024 by Katie.peters (talk | contribs) (Created the page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page is part of the Gen-1.5 RMU build runbook.

Go back to the previous section: E. Enable Remote Access to Servers Console

F. Enable GUI Access to OPNsense devices (Recommended)

This process will guide you through adding access to the OPNsense GUI for device management over Teleport.

Add Teleport Entries For GUI access to OPNsense firewalls

  1. Edit the /etc/teleport.yaml file on the RMU and add the following:
    - name: <dc>-fw01
    uri: https://[<IPv6_of_1st_OPNsense_device>]:443
    public_addr: "<dc>-fw01.teleport.<dc>.<domain>"
    insecure_skip_verify: true
    rewrite:
      redirect:
      - "[<IPv6_of_1st_OPNSense_device>]"
      - "<dc>-fw01.teleport.<dc>.<domain>"
    labels:
      dc: "<dc>"

- name: <dc>-fw02
    uri: https://[<IPv6_of_2nd_OPNSense_device>]:443
    public_addr: "<dc>-fw02.teleport.<dc>.<domain>"
    insecure_skip_verify: true
    rewrite:
      redirect:
      - "[<IPv6_of_2nd_OPNsense_device>]"
      - "<dc>-fw02.teleport.<dc>.<domain>"
    labels:
      dc: "<dc>"
  2. Reload the teleport server:
    sudo systemctl reload teleport
  3. Now, the GUI access should be visible inside the teleportScreen 1 teleport.jpg
  4. And the OPNsense login page Screen 2 teleport.png
Retrieved from "https://wiki.internetcomputer.org/w/index.php?title=RMU_build_Gen-1.5:_IV._Best_Practices_-_F._Enable_GUI_Access_to_OPNsense_devices&oldid=7566"