Conditional Connection Daemon {Now $400}
-
Well I didn't set a price because I wanted to see if this feature would be of any interest first. If not, the post can then be removed.
-
I kind of dont see the sense in such a complicated setup that doesnt add more security.
If it's about the authentication you could do that on the webserver directly.
Or if you really WANT to authenticate on the firewall why not just use a reverse captive portal?–> That might be a better bounty:
"add the functionality of a reverse captive portal to the current captive portal"Or can you elaborate what the benefit of your text above is over existing systems that do the same but a lot easier?
-
What headhunter was describing is what many call SSL VPN, and it get's more and more popular, b/c it simply easy to setup and use.
So you have my vote for this feature. -
You are aware that pfSense already includes an SSL VPN solution, in the form of OpenVPN? What he described was most definitely not a VPN.
-
I believe what this bounty is describing is a replication of the SSL VPN tool that Cisco has in their ASA devices. If anyone has ever played with it before, its very easy to use and a nice substitute for installing clients on all remote user machines. Its complicated, but very useful. That said, this would be a considerable bounty project assuming that someone hasn't already written many of the tools for FreeBSD.
-
User space I assume then, like SSLexplorer? Not a brilliant solution IMO, but better than nothing.
-
Right submicron,
I know it from Zyxel and some other Redbox, where I don't remember the name right now.
They definitely call it SSL-VPN. ;D -
@Cry:
User space I assume then, like SSLexplorer? Not a brilliant solution IMO, but better than nothing.
Yep, pretty much exactly like that. We ran into a company that was interested in installing pfSense (and buying support) a while ago but they ultimately went with Cisco ASAs instead specifically because they were sold on this feature. I agree with you, its not a brilliant solution, but its convenient and relatively pain free to deploy.
All of this is regardless of the point which is that unless someone is willing to pony up some bounty money and a proper specification for the work, this thread should go away or be moved to Packages where speculation and hyperbole can run rampant.
-
I think it's worth at least $300, maybe the developers (and some others) find some interest in this.
-
Are you actually offering to pay the $300 or just offering your opinion of what the work is worth?
-
Yes, that's an actual offer. I don't know how this normally works. Can you update me, what are the procedures ?
-
It would be a good idea to post exactly what you are willing to pay for. Then a potential developer can decide if they are willing to do the work for the money offered. If someone accepts the bounty you are responsible for ensuring that the work is done and paid for.
-
IF i am understanding this the way every one else is….
Does the OpenVPN Access Server fit this picture? (although i am not sure if this program is completely open source)
http://www.openvpn.net/index.php/access-server/download-openvpn-as.htmlAlso, SSL Explorer (Adito) was mentioned. Just an FYI the project is now being worked on by the OpenVPN team (and the Devs that forked SSL Explorer to Adito). Now called OpenVPN Application Layer Software (ALS)
http://sourceforge.net/forum/forum.php?forum_id=956767From the site:
OpenVPN Access Server (OpenVPN-AS) is a set of installation and configuration tools that simplify the rapid deployment of a VPN remote access solution. It is based on the popular OpenVPN open-source software, making the deployed VPN immediately compatible with OpenVPN client software across multiple user platforms. OpenVPN-AS features include:*
A simple, Web-based Admin UI for configuration and management.
*
An easy-to-use, GUI-based OpenVPN Client software package for Windows.
*
A Client Web Server that automatically generates a client configuration and a pre-configured Windows VPN Client software installer for the user upon successful login.
*
Integration with existing authentication systems using RADIUS, LDAP, and PAMOpenVPN-AS gives you the broad support and robust security of the OpenVPN open-source software project, coupled with the configuration and management tools needed to deploy the VPN solution easily and quickly.
-
I also think this is a great feature to have. I do currently use it through a Juniper firewall and it has saved us tremendously in managing vpn access. I am willing to put in another $100.00
-
Yep, I'll do so, as soon as I caught up with my work after my vacation.
I should be similar what Watchguard or Zyxel call SSL VPN. -
Just saw that I missed the second page of this thread and want to ask if headhunter_unit23 had a chance to test it.
Myself will try to find sometime this or next week to set this up.Or anybody else tried OpenVPN in the described way ?