Project

General

Profile

Actions
Copy link

Todo #15836

closed

Update MIM docs

Added by Marcos M about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Multi-Instance Management
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

https://docs.netgate.com/pfsense/en/latest/mim/design.html
  • The controller host must have a static IP address, the other instances can have dynamic addresses.
    An FQDN may now be used (with the Advertised Addresses option used by clients to know where to connect to), hence dynamic addresses are allowed.
https://docs.netgate.com/pfsense/en/latest/mim/options.html
  • Enabling Multi-Instance Management
    Should this section instead link to "https://docs.netgate.com/pfsense/en/latest/mim/setup.html#enable-multi-instance-management"?
  • The pfSense software GUI [...] the pfSense software WebGUI
    Should these use the same term? There are more references in other pages.
  • The MIM controller daemon uses multiple ports to accept connections. Two of these are configurable:
    The (VPN) Listening Port is now also configurable.
  • The controller picks a random port to use for the VPN.
    This may now be configured with the advanced option Listening Port.
  • IPv4 Address: [...] IPv6 Address:
    These options have been removed; Advertised Addresses is used instead.
  • JWT Session Expiry Time in Minutes:
    Renamed to JWT Session Expiry.
  • Permit Localhost: [...] Allow Cross-Origin API Requests:
    These have been removed from the GUI.
  • The Multi-Instance Management settings tab also includes status information for the controller daemon.
    May be worth clarifying that this is only shown once the controller has successfully started / is running.
In addition to these options, we now have:
  • Custom Options that allows specifying options not already available in the GUI. The field is new-line separated and options must use the format [section] name = value. For example, [controller] allow_cors = true.
  • Listening Address and Listening Port which allows binding the MIM VPN service to a specific IP address and port. It does not affect the MIM GUI/API service which still listens on *:8080, *:8443.
https://docs.netgate.com/pfsense/en/latest/mim/setup.html
  • The MIM controller does not have any automatic firewall rules
    This may lead to some confusion. There is an automatic rule when MIM is enabled to allow traffic on the controltun0 interface used for the MIM tunnel. The tunnel carries MIM traffic after instances have been registered/authenticated.
Grammar nits:
https://docs.netgate.com/pfsense/en/latest/mim/manage.html
  • enables administrators to managing individual -> use manage
  • and login, after which -> use log in
  • as if it were access directly via -> use accessed
https://docs.netgate.com/pfsense/en/latest/mim/registration.html
  • in the toolbox on right -> use on the right
Actions
Copy link
 #1

Updated by Jim Pingle about 1 year ago

  • Category changed from Administrivia to Multi-Instance Management
  • Status changed from New to Feedback
  • % Done changed from 0 to 100

This should cover all that and then some:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/c318481b82316deef50de649604dc21ab7daac12

It's been picked/deployed so will be public shortly.

Actions
Copy link
 #2

Updated by Marcos M about 1 year ago

  • Status changed from Feedback to Resolved

LGTM.

Actions
Copy link

Also available in: Atom PDF