VPN services as WAN interfaces - 25$
-
I would like to have an easy way to configure various VPN services (ipredator, swissvpn, strongvpn, etc.) as virtual wan interfaces, in order to be able to choose on a per-host basis whether they should reach the internet through the regular WAN or the VPN. Incoming and outgoing traffic should obviously be bound to the same gateway.
I am offering 25$ for swissvpn support, but ideally this could be extended to other configurations if other users are willing to raise the bounty.
Swissvpn requires openvpn 2.1, so the bounty is for work done on pfsense 2.This is the openvpn configuration file for swissvpn:
dev tun client proto tcp-client remote connect-openvpn.swissvpn.net 443 ca ca.crt auth-user-pass reneg-sec 86400 ns-cert-type server
ca.crt can be found here: http://www.swissvpn.net/ca.crt
The tunnel can be set up successfully with:
openvpn --config {swissvpnconfigfile}
however the tun0 interface does not show up in the web interface, so I cannot assign an opt1 interface to it nor set up rules related to it.
Demo credentials to test the connection are:
ID: swissvpntest
PASS: swissvpntestThese only work for connections towards www.swissvpn.net, though.
I think it should be fairly easy to implement all this, however please let me know if the bounty is regarded as insufficient.
-
The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.
-
@cmb:
The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.
Well, almost… ovpnc1 gets created only if I configure openvpn through the gui (which I cannot do). If I start openvpn from the shell, it binds to tun0 and that interface does not show up in the drop down menus of the "assign network ports" page. At least that's the behavior on today's snapshot.
-
Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.
-
Can this be done with pptp? If so let me know I may add to the bounty.
EDIT: Spelling
-
@cmb:
Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.
Ok, I seem to have it working now by choosing 'SSL/TLS' as server mode. auth-user-pass was not the problem as I had saved my credentials on a file. I had problems because I wanted to load the ca certificate from the additional options instead of importing it in the certificate manager. Now the tunnel is working, I can ping through the interface, although I'm having a hard time pushing traffic through the tun interface. I'll post a thread for that in the relative section.
Can this be does with pptp? If so let me know I may add to the bounty.
I don't know about your setup, but I might still be interested in paying for a specific configuration page for VPN gateways to the internet.