Remote Administration

It is possible to access and control OpenRG not only from within the home network, but also from the Internet. This allows you to view or change settings while travelling. It also enables you to allow your ISP to change settings or help you troubleshoot functionality or communication issues from a remote location.

Remote access to OpenRG is blocked by default to ensure the security of your home network. However, remote access is supported by the following services, and you may use the 'Remote Administration' screen to selectively enable these services if they are needed.

To view OpenRG's remote administration options, click the 'Remote Administration' tab in the 'Security' management screen. The 'Remote Administration' screen will appear (see figure 6.25).

Figure 6.25: Remote Administration

Telnet Server

Used to create a command-line session and gain access to all system settings and parameters (using a text-based terminal).

Web-Management

Used to obtain access to the Web-based Management and gain access to all system settings and parameters (using a browser). Both secure (HTTPS) and non-secure (HTTP) access is available.

Diagnostic Tools

Used for troubleshooting and remote system management by you or your Internet Service Provider. The utilities that can be used are Ping and Traceroute (over UDP).

Note: Telnet and Web-Management may be used to modify settings of the firewall or disable it. The user may also change local IP addresses and other settings, making it difficult or impossible to access the gateway from the home network. Therefore, remote access to Telnet or HTTP services should be blocked and should only be permitted when absolutely necessary.

To allow remote access to OpenRG services:

1. Select the 'Remote Administration' tab in the 'Security' management screen. The 'Remote Administration' screen will appear (see figure 6.25).
2. Select the services that you would like to make available to computers on the Internet. The following should be taken in consideration:
   • Although Telnet service is password-protected, it is not considered a secured protocol. When allowing incoming access to a Telnet server, if port forwarding is configured to use port 23, select port 8023 to avoid conflicts.
   • When allowing incoming access to the Web-based management, if port forwarding is configured to use port 80, select port 8080 to avoid conflicts.
3. Click 'OK' to save the settings.

Encrypted remote administration is done using a secure SSL connection, that requires an SSL certificate. When accessing OpenRG for the first time using encrypted remote administration, you will be prompted by your browser with a warning regarding certificate authentication. This is due to the fact that OpenRG's SSL certificate is self-generated. When encountering this message under these circumstances, ignore it and continue. It should be noted that even though this message appears, the self-generated certificate is safe, and provides you with a secure SSL connection.

It is also possible to assign a user-defined certificate to OpenRG. To learn about certificates, see chapter 11.13.