WebVPN
From Wiki of WFilter NG Firewall
				
								
				(Difference between revisions)
				
																
				
				
								
				|  (Created page with "{{DISPLAYTITLE:WebVPN}} == WebVPN ==  WebVPN offers clientless VPN access to an organization's internal websites and web applications through a browser, without any need of ad...") |  (→TCP Server) | ||
| (9 intermediate revisions by one user not shown) | |||
| Line 11: | Line 11: | ||
| * Protocol: HTTP or HTTPS access to the WebVPN service. | * Protocol: HTTP or HTTPS access to the WebVPN service. | ||
| * Port: Port of the WebVPN system. Please do not conflict with other service ports. Please note that 80 and 443 ports are occupied by the WebUI system. If you want to run WebVPN on these two ports, you might setup "port forwarding" to forward 80/443 port to the WebVPN service. | * Port: Port of the WebVPN system. Please do not conflict with other service ports. Please note that 80 and 443 ports are occupied by the WebUI system. If you want to run WebVPN on these two ports, you might setup "port forwarding" to forward 80/443 port to the WebVPN service. | ||
| + | |||
| + | [[File:webvpn001.png|800px]] | ||
| + | |||
| + | * Edit Login | ||
| + | Edit the login page when visiting the WebVPN system. | ||
| + | |||
| + | [[File:webvpn002.png|600px]] | ||
| + | |||
| + | == Authentication == | ||
| * Timeout: the maximum session timeout when browser is not closed. A session always timeout immediately if browser is closed. | * Timeout: the maximum session timeout when browser is not closed. A session always timeout immediately if browser is closed. | ||
| − | *  | + | * User & Pass Auth: authenticate by username and password, supported authtype: | 
| ** "Local Auth": authenticate with username and password of local accounts. Only "local users" with "VPN" priviledge have VPN access. | ** "Local Auth": authenticate with username and password of local accounts. Only "local users" with "VPN" priviledge have VPN access. | ||
| ** "Email Auth": send credentials to a pop/imap email server for authentication. | ** "Email Auth": send credentials to a pop/imap email server for authentication. | ||
| ** "Ldap Auth": send credentials to a ldap server for authentication. | ** "Ldap Auth": send credentials to a ldap server for authentication. | ||
| ** "Radius Auth": send credentials to a remote radius server for authentication. | ** "Radius Auth": send credentials to a remote radius server for authentication. | ||
| + | * Third Party Auth: authenticate via a third party service: dingtalk, business wechat. | ||
| − | [[File: | + | [[File:webvpn001_2.png|800px]] | 
| − | |||
| − | |||
| − | + | == SSL Certificate == | |
| − | + | For https access, you can upload your website SSL certificate files in "Certificate" settings. | |
| − | + | ||
| − | [[File: | + | [[File:webvpn_certificate.png|600px]] | 
| == Contents Settings == | == Contents Settings == | ||
| Line 37: | Line 44: | ||
| * Content Settings | * Content Settings | ||
| − | |||
| ** Name: alias for this web service. | ** Name: alias for this web service. | ||
| − | ** Target URL: target URL of local network web service, both http and https can be supported. For example: http://192.168.10.100 | + | ** Target Type:  | 
| + | *** Web Server, redirect to a web server, you need to define a subdomain for each web server. | ||
| + | *** TCP Server, redirect to a TCP server, you need to define a listening port for each server. | ||
| + | === Web Server === | ||
| + | Redirect to a web server, you need to define a subdomain for each web server. | ||
| + | * Domain: subdomain for this internal web service. | ||
| + | * Content replacement: search and replace content in webpages. For example, you can replace hardcoded local web resources to webvpn domain URL. | ||
| + | * Target URL: target URL of local network web service, both http and https can be supported. For example:   | ||
| + | <code> | ||
| + | http://192.168.10.100 | ||
| + | |||
| + | https://192.168.10.200:8443 | ||
| + | </code> | ||
| [[File:webvpn005.png|800px]] | [[File:webvpn005.png|800px]] | ||
| + | |||
| + | === TCP Server === | ||
| + | |||
| + | Redirect to a TCP server, you need to define a listening port for each server. | ||
| + | * Listen Port, a local listening port | ||
| + | * Target, target host and port, syntax: "192.168.1.1:22, www.wfiltericf.com:443". | ||
| + | * For successful connection, authentication is required in the webportal. | ||
| + | |||
| + | [[File:webvpn006.png|800px]] | ||
| + | |||
| + | == Edit Portal == | ||
| + | Edit the portal page which will be displayed upon successful login. | ||
| + | |||
| + | [[File:webvpn003.png|600px]] | ||
| + | |||
| + | == External Links == | ||
| + | * [http://blog.wfilterngf.com/?p=645 WFilter WebVPN introduction and example] | ||
| + | |||
| + | |||
| [[Category:VPN]] | [[Category:VPN]] | ||
Latest revision as of 10:42, 18 March 2022
| Contents | 
[edit] 1 WebVPN
WebVPN offers clientless VPN access to an organization's internal websites and web applications through a browser, without any need of additional client software.
[edit] 2 Settings
- WebVPN: whether to enable WebVPN service.
- Debug: whether to enable debug log. When enabled, you can click "Check Log" to check error log.
- Domain: The WebVPN system shall be accessed via a domain name. For example: wfilterngf.com( no "www." required.). Dynamic domains are also supported. Please note: you need to apply the domain from a domain registration provider.
- Protocol: HTTP or HTTPS access to the WebVPN service.
- Port: Port of the WebVPN system. Please do not conflict with other service ports. Please note that 80 and 443 ports are occupied by the WebUI system. If you want to run WebVPN on these two ports, you might setup "port forwarding" to forward 80/443 port to the WebVPN service.
- Edit Login
Edit the login page when visiting the WebVPN system.
[edit] 3 Authentication
- Timeout: the maximum session timeout when browser is not closed. A session always timeout immediately if browser is closed.
-  User & Pass Auth: authenticate by username and password, supported authtype:
- "Local Auth": authenticate with username and password of local accounts. Only "local users" with "VPN" priviledge have VPN access.
- "Email Auth": send credentials to a pop/imap email server for authentication.
- "Ldap Auth": send credentials to a ldap server for authentication.
- "Radius Auth": send credentials to a remote radius server for authentication.
 
- Third Party Auth: authenticate via a third party service: dingtalk, business wechat.
[edit] 4 SSL Certificate
For https access, you can upload your website SSL certificate files in "Certificate" settings.
[edit] 5 Contents Settings
List of available internal web services. Please note: only web services are available.
-  Content Settings
- Name: alias for this web service.
-  Target Type: 
- Web Server, redirect to a web server, you need to define a subdomain for each web server.
- TCP Server, redirect to a TCP server, you need to define a listening port for each server.
 
 
[edit] 5.1 Web Server
Redirect to a web server, you need to define a subdomain for each web server.
- Domain: subdomain for this internal web service.
- Content replacement: search and replace content in webpages. For example, you can replace hardcoded local web resources to webvpn domain URL.
- Target URL: target URL of local network web service, both http and https can be supported. For example:
[edit] 5.2 TCP Server
Redirect to a TCP server, you need to define a listening port for each server.
- Listen Port, a local listening port
- Target, target host and port, syntax: "192.168.1.1:22, www.wfiltericf.com:443".
- For successful connection, authentication is required in the webportal.
[edit] 6 Edit Portal
Edit the portal page which will be displayed upon successful login.








