IPMI over WAN?

[suchamoneypit]

Can I not use IPMI from a different network? I've configured and got it working for my server via my local network connecting from my main PC by typing in 192.168.1.240 (my server IP) and it works, but if im not at my house, how can I connect? Can't find anything on it, it seems maybe I use IMPIcfg utility, but when i download it from SuperMicro and run it, the run window goes away and then nothing happens. 

 

Running Windows server 2012 standard.

[tt2468]

1 minute ago, suchamoneypit said:

Can I not use IPMI from a different network. I've configured and got it working for my server via my local network connecting from my main PC by typing in 192.168.1.240 (my server IP) and it works, but if im not at my house, how can I connect? Can't find anything on it, it seems maybe I use IMPIcfg utility, but when i download it from SuperMicro and run it, the run windows goes away and then nothing happens. 

 

Running Windows server 2012 standard.

As long as you have a good ipmi password, you can just port forward the web interface port of your ipmi's ip adress.

[suchamoneypit]

1 minute ago, tt2468 said:

As long as you have a good ipmi password, you can just port forward the web interface port of your ipmi's ip adress.

im new to this, mind explaining how to do that?

[leadeater]

33 minutes ago, suchamoneypit said:

im new to this, mind explaining how to do that?

Look up the documentation of your router for how to do it, you will need to know the IPMI port. Once you forward the port to the server IPMI IP address when you are off site you point the Supermicro utility to your public IP address and it will connect.

 

Also I don't mean to be rude, but I know this will seem so, but if you are studying for CCNA port forwarding should be something you know how to do without asking or looking up documentation. Certainly something that is much less complicated than what is in CCNA. 

[suchamoneypit]

7 hours ago, leadeater said:

Look up the documentation of your router for how to do it, you will need to know the IPMI port. Once you forward the port to the server IPMI IP address when you are off site you point the Supermicro utility to your public IP address and it will connect.

 

Also I don't mean to be rude, but I know this will seem so, but if you are studying for CCNA port forwarding should be something you know how to do without asking or looking up documentation. Certainly something that is much less complicated than what is in CCNA. 

I know how to port forward and do it all the time for various programs i run, I do not know how you want me to port forward and have it point to a host on a network (I can remote into my router without issues using my public IP). When you port forward I can specify the IP and the port. I do not have a port for IPMI, and the tools for advanced IPMI setup are not working correctly. because of this, I'll probably just use a VPN and to access it easier and more securely.

[yippy3000]

EVERYTHING on a network has a port.  If you aren't specifying one in the URL for IPMI then the port is 80 (if it says HTTP) or 443 (the URL has HTTPS)

[suchamoneypit]

47 minutes ago, yippy3000 said:

EVERYTHING on a network has a port.  If you aren't specifying one in the URL for IPMI then the port is 80 (if it says HTTP) or 443 (the URL has HTTPS)

What i mean't by I don't have a port was that I wasn't given a port anywhere, I didn't see it in bios when setting up IPMI and im not getting any luck using common ports like 80,443 as well as 623 (which i saw online IPMI can use). Im not sure why the supermicro utilities aren't working but It would be quicker to use a VPN (and more secure) so I will be doing that.

[yippy3000]

It is also WAY more secure to use VPN (IPMI software is usually pretty easily hackable) so I would use VPN from a security standpoint anyway.

[Guest]

Rule 1 of IPMI - don't have remote IPMI access via HTTP/HTTPS. Use a VPN. 

[suchamoneypit]

4 hours ago, yippy3000 said:

It is also WAY more secure to use VPN (IPMI software is usually pretty easily hackable) so I would use VPN from a security standpoint anyway.

 

4 hours ago, Windspeed36 said:

Rule 1 of IPMI - don't have remote IPMI access via HTTP/HTTPS. Use a VPN. 

yeah a quick look into IPMI and I decided not using a VPN is too much of a security risk which is why im not pursuing my original plan.

[leadeater]

@suchamoneypit

 

If for what ever reason you do need to find out the port that is being used install wireshark on the client and have a look at the outgoing connections to the IPMI IP address, quiet useful for finding out undocumented ports etc.

[Mikensan]

IPMI uses 443 for most newer versions (~2010+)... Otherwise it's 80. Also possibly look at what it is you want to do with IPMI and see if it can be done another way. If you just want to be able to turn the machine on.. then you have WOL, or if you need console then consider SSH. Unless you need to regularly make changes to the BIOS, raid controller, or install an OS while away from your network, I'd avoid it even over VPN.

[.:MARK:.]

I seriously doubt the need for setting up something like that for IPMI, I know Linus did a video on this because it was something new he discovered, but it's so insignificant.

I have a server, my friends have servers, and these servers have IPMI. Do you know how often we touch IPMI? Never. That doesn't mean a good IPMI is not appreciated however, virtual media and remote KVM is very useful when first initializing the server, but beyond that there is no real need to access it.

 

Like I mentioned in another thread, it's rather easy to set up OpenVPN with turnkeylinux, and it's very useful for a lot of reasons, and on the rare occasion for IPMI.

A VPN is especially nice if you do (or plan to do) remote management or access of your systems. Notice how many have SSH, FTP, RDP ... ports forwarded, just so that THEY can control or access home, but others can see those ports and try to break in on those services. The benefit of VPN is putting you in the LAN essentially, giving you the same access as if you were hardwired at home.

[Beskamir]

As already mentioned I'd recommend using a VPN to connect to you home network and then using IPMI as though it's over LAN.