WebVPN

From Wiki of WFilter NG Firewall
(Difference between revisions)
Jump to: navigation, search
(TCP Server)
 
Line 66: Line 66:
 
* Listen Port, a local listening port
 
* Listen Port, a local listening port
 
* Target, target host and port, syntax: "192.168.1.1:22, www.wfiltericf.com:443".
 
* Target, target host and port, syntax: "192.168.1.1:22, www.wfiltericf.com:443".
 +
* For successful connection, authentication is required in the webportal.
  
 
[[File:webvpn006.png|800px]]
 
[[File:webvpn006.png|800px]]
 
  
 
== Edit Portal ==
 
== Edit Portal ==

Latest revision as of 10:42, 18 March 2022

Contents

[edit] 1 WebVPN

WebVPN offers clientless VPN access to an organization's internal websites and web applications through a browser, without any need of additional client software.

[edit] 2 Settings

  • WebVPN: whether to enable WebVPN service.
  • Debug: whether to enable debug log. When enabled, you can click "Check Log" to check error log.
  • Domain: The WebVPN system shall be accessed via a domain name. For example: wfilterngf.com( no "www." required.). Dynamic domains are also supported. Please note: you need to apply the domain from a domain registration provider.
  • Protocol: HTTP or HTTPS access to the WebVPN service.
  • Port: Port of the WebVPN system. Please do not conflict with other service ports. Please note that 80 and 443 ports are occupied by the WebUI system. If you want to run WebVPN on these two ports, you might setup "port forwarding" to forward 80/443 port to the WebVPN service.

Webvpn001.png

  • Edit Login

Edit the login page when visiting the WebVPN system.

Webvpn002.png

[edit] 3 Authentication

  • Timeout: the maximum session timeout when browser is not closed. A session always timeout immediately if browser is closed.
  • User & Pass Auth: authenticate by username and password, supported authtype:
    • "Local Auth": authenticate with username and password of local accounts. Only "local users" with "VPN" priviledge have VPN access.
    • "Email Auth": send credentials to a pop/imap email server for authentication.
    • "Ldap Auth": send credentials to a ldap server for authentication.
    • "Radius Auth": send credentials to a remote radius server for authentication.
  • Third Party Auth: authenticate via a third party service: dingtalk, business wechat.

Webvpn001 2.png


[edit] 4 SSL Certificate

For https access, you can upload your website SSL certificate files in "Certificate" settings.

Webvpn certificate.png

[edit] 5 Contents Settings

List of available internal web services. Please note: only web services are available.

Webvpn004.png

  • Content Settings
    • Name: alias for this web service.
    • Target Type:
      • Web Server, redirect to a web server, you need to define a subdomain for each web server.
      • TCP Server, redirect to a TCP server, you need to define a listening port for each server.

[edit] 5.1 Web Server

Redirect to a web server, you need to define a subdomain for each web server.

  • Domain: subdomain for this internal web service.
  • Content replacement: search and replace content in webpages. For example, you can replace hardcoded local web resources to webvpn domain URL.
  • Target URL: target URL of local network web service, both http and https can be supported. For example:

http://192.168.10.100

https://192.168.10.200:8443

Webvpn005.png

[edit] 5.2 TCP Server

Redirect to a TCP server, you need to define a listening port for each server.

  • Listen Port, a local listening port
  • Target, target host and port, syntax: "192.168.1.1:22, www.wfiltericf.com:443".
  • For successful connection, authentication is required in the webportal.

Webvpn006.png

[edit] 6 Edit Portal

Edit the portal page which will be displayed upon successful login.

Webvpn003.png

[edit] 7 External Links

Personal tools
Namespaces

Variants
Actions
Navigation
Tools