Remote Administration

It is possible to access and control OpenRG not only from within the home network, but also from the Internet. This allows you to view or change settings while travelling. It also enables you to allow your ISP to change settings or help you trouble-shoot functionality or communication issues from a remote location.

Remote access to OpenRG is blocked by default to ensure the security of your home network. However, remote access is supported by the following services, and you may use the 'Remote Access Configuration' screen to selectively enable these services if they are needed.

Telnet

Used to create a command-line session and gain access to all system settings and parameters (using a text-based terminal).

Web-Management

Used to obtain access to the Web-based Management and gain access to all system settings and parameters (using a browser). Both secure (HTTPS) and non-secure (HTTP) access is available.

Allow SNMP Control and Diagnostic Requests

Used for granting access to incoming SNMP requests.

Diagnostic Tools

Used for troubleshooting and remote system management by you or your Internet Service Provider.

Note: Telnet and Web-Management may be used to modify settings of the firewall or disable it. The user may also change local IP addresses and other settings, making it difficult or impossible to access the gateway from the home network. Therefore, remote access to Telnet or HTTP services should be blocked and should only be permitted when absolutely necessary.

Figure 6.14: Remote Administration

• To allow remote access to OpenRG services:
  1. Click the 'Remote Administration' button. The 'Remote Access Configuration' screen will appear (see figure 6.14).
  2. Select the services that you would like to make available to computers on the Internet. These services include:
     • Telnet - grants command-line access to OpenRG. While this service is password-protected, it is not considered a secured protocol. If a local server is configured to use port 23 select port 8023 to avoid conflicts.
     • Web-based Management - grants access to password-protected Web-based management. If a local server is configured to use port 80 select port 8080 to avoid conflicts.
     • Allow SNMP Control and Diagnostic Requests - grant access to incoming SNMP requests.
     • Diagnostic tools - includes Ping and Traceroute (over UDP). These services may be used for troubleshooting and remote system management by the service provider.
  3. Click the 'OK' button to save your changes and return to the 'Security Settings' screen.

Encrypted remote administration is done using a secure SSL connection, that requires an SSL certificate. When accessing OpenRG for the first time using encrypted remote administration, you will be prompted by your browser with a warning regrading certificate authentication. This is due to the fact that OpenRGs SSL certificate is self generated. When encountering this message under these circumstances, ignore it and continue. It should be noted that even though this message appears, the self generated certificate is safe, and provides you with a secure SSL connection.

It is also possible to assign a user-defined certificate to OpenRG. To learn about certificates, see Chapter 9.9.