- Frequently Asked Questions
- 1. I don’t know the password to the web GUI. How do I find out what it is?
- 2. I don’t like the random password that was selected. How can I change it?
- 3. How do I access my instance?
- 4. How do I connect a VPN client to my instance?
- 5. Why does the pfSense Dashboard say my WAN address is 10.X.Y.Z?
- 6. I added custom firewall rules to allow some traffic to my instance, but I am not seeing the packets arrive. What the hell is happening?
- 7. I want all the traffic from my entire home network to be routed over a VPN. How do I do that without having to configure an OpenVPN client app on every computer and device?
The first time the instance boots, it looks for a user-defined password set in the User Data box when the instance was created. If you didn’t set one, it chooses one randomly so that the instance is not accessible via a default password to malicious users. You can find out the random password that was set by choosing
Get System Log from the
Actions Menu for the instance in the EC2 Management Console. A message should appear after the system boot messages that looks like the following:
*** *** *** Admin password changed to: abcdefg *** ***
It may take 5-10 minutes after the instance boots for this message to appear in the system log. If you would like to find out the password sooner, you can log in via SSH using the SSH key that was selected when the instance was created. The same message that will be written to the system log will be written to the file /etc/motd. Running the command
cat /etc/motd will show you what the password is.
The password can be changed via the web GUI. Log in with the username admin and the existing password. Under the
System category, click on
User Manager. The admin account should appear in a list of accounts. Unless you’ve added other accounts, it should be the only account present. Click on the Edit button (the icon with the
e in it) to the right of the account listing. Type your choice for a new password into the two boxes labeled
Password. Click the
Save button at the bottom of the screen.
There are several ways that you can manage or use your instance. You should be able to connect via SSH or HTTPS in order to manage the configuration of your instance. If you connect via SSH, you will either need to know the password of the admin account and login with that account, or use the SSH key that was selected when the instance was created. Here is a sample command line to log in with an SSH key from a Unix or Linux host:
ssh -i ~/.ssh/my-ec2-key admin@ec2-A-B-C-D.compute-1.amazonaws.com
You would substitute the actual location of your SSH private key for
~/.ssh/my-ec2-key and the real hostname, which you can retrieve from the EC2 Management Console by looking at the data for the instance, for
ec2-A-B-C-D.compute-1.amazonaws.com. If you know the password for the admin account, you could use a command similar to the one above, but omit the -i
To connect via HTTPS, you need to know the password to the instance, either by setting it explicitly in the User Data when the instance is created or by retrieving it from the instance. Once you know the password, you should be able to connect to the instance with any web browser by typing in the hostname of the instance to the URL field.
Amazon AWS instances use DHCP to assign private addresses to the public-facing interfaces of an instance. The publicly routable IP address that you use to acces the instance is NATed by Amazon to the private address that you see configured on the WAN interface of your instance.
6. I added custom firewall rules to allow some traffic to my instance, but I am not seeing the packets arrive. What the hell is happening?¶
Amazon AWS provides packet filtering in addition to the Netgate Appliance itself being a stateful firewall. If you allowed traffic on the Netgate Appliance but have a security group configuration in the settings for the instance that is restricting traffic, you will need to also add your rules to the security group in the EC2 Management Console.
Given that the Netgate Appliance is a fully functional firewall, you may assign an AWS security group that allows all traffic and perform whatever filtering you desire with rules on the Netgate Appliance.
7. I want all the traffic from my entire home network to be routed over a VPN. How do I do that without having to configure an OpenVPN client app on every computer and device?¶
If your home gateway/router has support for OpenVPN, you can connect a site to site tunnel from your home network to the Netgate VPN Appliance and configure your routing so that all Internet traffic is sent over the encrypted tunnel. See the user guide section on Connecting a local pfSense device at a home or small office to a Netgate pfSense certified firewall and VPN appliance.
This may provide for simpler administration at home, but your mobile devices and laptops that get used outside the home should have an OpenVPN client installed and configured anyway so that you are always receiving the benefits of sending your traffic through a VPN.