Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH GUI?

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    20 Posts 5 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RChadwick
      last edited by

      I'm trying to get a VPN working on my Android device. Apparently, Google dropped the ball badly on this, as it seems many people (Myself included) cannot get PPTP or encrypted L2TP working. The other two options I see are OpenVPN (Looks like a NIGHTMARE to configure), and SSH. SSH looks like the better choice for me, and I've found a tutorial to set it up on Android. On the pfSense side, all I've been able to find for 2.0RC is a discussion a year ago that pfSense SHOULD have a GUI to configure. Does anyone know if this happened? If not, is the information for 1.2.3 applicable to 2.0RC2?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Are you talking openvpn is a nightmare to configure on your device because from the pfsense side its a walk in the park, couple of clicks and up and running.

        As to ssh, are you wanting the endpoint to be your pfsense box.  I personally forward ssh traffic to an inside server which I normally just use for my shell access while away from my network, but now and then use as poormans vpn into my my network when can't use openvpn, ie don't want to install to box at or can not - all you need for ssh is putty and your key.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • R
          RChadwick
          last edited by

          I've always heard OpenVPN was a nightmare, and the examples I've found seemed to support it. Do you know if there's a tutorial on setting up OpenVPN with pfSense and Android? I saw the one for Windows, but it seemed Windows generated the keys, and wasn't sure how that would work on Android.

          I came another tutorial for setting up SSH on Android, using a Windows or Linux SSH server. I thought it might be more elegant to use pfSense. Whatever works :)

          1 Reply Last reply Reply Quote 0
          • O
            Ozzik
            last edited by

            Just FYI, CyanogenMod has the encryption for PPTP/L2TP and it works great.

            1 Reply Last reply Reply Quote 0
            • R
              RChadwick
              last edited by

              Actually, I use CM 7.03 on my Nook. Since 7.00, PPTP would never connect to anything. I tried pfSense 1.2.3, pfSense 2.0, and a router running the latest DD-WRT. It wouldn't even connect. It seems to be hit or miss. Some people report it works, but there are a LOT of people reporting major problems since the past 2 years.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                How is it a nightmare - you follow a freaking wizard ;)

                You then export both the client already setup to connect to your pfsense box.  Nothing to do on the client side at all but click a button and put in your password ;)

                To be honest is very easy even with version 1 of pfsense without the wizard, for that matter its pretty freaking easy on its own.  How many clients you need at any one time?  There is vmware that you click go on if you want.

                I have been using openvpn for many years, are there a few steps to get it working - sure. But its not a nightmare, I wouldn't call it a wet dream either - but its not all that complicated.  I would be surprised if you spent more than 5 minutes on it with the wizard.

                I would think someone has put together a walk through using the wizard?  There is this - but like says in the thread, no longer needed since wizard.

                http://forum.pfsense.org/index.php/topic,22115.0.html

                btw if your looking for VM of openvpn here you go - click click and that is running to be honest.
                http://openvpn.net/index.php/access-server/download-openvpn-as-vm.html

                But might as well just let your pfsense box be your endpoint - try the wizard!!

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  If you are referring to using an SSH tunnel instead of a VPN it's very easy.
                  Open a firewall hole to expose the ssh service on WAN (obviously some security implications). That's it!  ;D
                  All the rest of the setup is done on Android but there's a handy app for that:
                  https://market.android.com/details?id=org.sshtunnel&hl=en

                  Steve

                  Here are some instructions if you don't want to use the app.
                  I don't have an android phone so I've never done this personally but I have using a Windows laptop and putty.

                  1 Reply Last reply Reply Quote 0
                  • R
                    RChadwick
                    last edited by

                    I got a quarter the way through the OpenVPN setup, and gave up. I figured that, even if I did go through all the steps, the odds of getting it working with the Android client in a reasonable time was slim, and there's a few hours I'll never get back. Since OpenVPN works for you, and you're obviously well-versed in it's usage, I suspect you'll have a different perspective than me. I'll stand by my assessment that OpenVPN is a nightmare, this time with more experience to back up that claim. As for the wizard, same thing. I'm not one to just randomly play with settings for hours until something works. I'd rather read some documentation and get things working quickly. If there's a walkthrough for the Wizard, I might give it another try.

                    With SSH, what's the login credentials? Is it the username and password for the router? Other than using a weak password, are there any other security issues?

                    Thanks again for the help!

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      @RChadwick:

                      With SSH, what's the login credentials? Is it the username and password for the router? Other than using a weak password, are there any other security issues?

                      You are logging into the router directly. You can create a new user to do so.
                      If you simply expose port 22 to the internet you'll find you get random login attempts all the time.
                      You can change the port ssh is on to something non standard e.g. 20202 and switch to using keys for login instead of paswords.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        @RChadwick:

                        If there's a walkthrough for the Wizard, I might give it another try.

                        Someone should prob put it in pfsense docs, maybe it is already - but found this on a quick search

                        http://forum.pfsense.org/index.php/topic,34714.msg180818.html#msg180818

                        Its a step by step walkthru.

                        I personally use tcp 443 instead of the default udp 1194 port, since 443 is most likely always open anywhere you have internet while 1194 might not be.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          If your Android phone has or is getting a Gingerbread update, you can use IPsec+PSK+xauth. :-)

                          http://doc.pfsense.org/index.php/Android_VPN_Connectivity

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • R
                            RChadwick
                            last edited by

                            Thanks for the L2TP tip! I got SSH working easily enough, but doesn't actually do anything beyond being able to configure pfSense. The tunnel doesn't work, apparently because my version of Android (CM7.03) doesn't have iptables.

                            1 Reply Last reply Reply Quote 0
                            • R
                              RChadwick
                              last edited by

                              I wish I had better results. The new info in the docs (Wasn't there a day or so ago) didn't look anything like either my pfSense l2TP config, or my Android config. I tried to wing it, but it won't connect. Maybe I'll have to fight with OpenVPN some more.

                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                I just wrote the IPsec+PSK+xauth bits on that doc yesterday. My phone just pulled down the Gingerbread OTA update the day before last so I didn't know it was even possible before then.

                                I haven't rooted my phone so I was working within what the base OS allows. If you have rooted your phone, OpenVPN is an option. I haven't heard of it being difficult before, but I also haven't heard any real details on what it takes to get going. I imagine the hard part would just be getting the certs onto the phone, but there are ways around that I'm sure (e-mail, ssh, etc)

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • R
                                  RChadwick
                                  last edited by

                                  Well, I tried the instructions at: http://forum.pfsense.org/index.php/topic,34714.msg180818.html#msg180818

                                  I'm stuck at the point of trying to download the certs. There doesn't seem to be the option to download them. Earlier, I downloaded them manually, so I'm not sure what extra the cert download plugin does. Brain needs a rest…

                                  1 Reply Last reply Reply Quote 0
                                  • jimpJ
                                    jimp Rebel Alliance Developer Netgate
                                    last edited by

                                    There isn't much in that "guide" there really. That's just the basic OpenVPN setup. Some things are overcomplicated there.

                                    If you install the OpenVPN client export package, you can get a .zip with all of the files you need.

                                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                    Need help fast? Netgate Global Support!

                                    Do not Chat/PM for help!

                                    1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator
                                      last edited by

                                      You don't see these links?

                                      He was not looking at the guide in the stickies - he was looking at a step by step walk through that razzor put up back in march that I linked to on his question about a step by step.  He even reposted the link to the walk thru, so I have to believe that is what he is looking at, not the sticky.

                                      linkscerts.jpg
                                      linkscerts.jpg_thumb

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      1 Reply Last reply Reply Quote 0
                                      • R
                                        RChadwick
                                        last edited by

                                        That's correct. I don't see the option to download the certs. I'm guessing maybe it was because I skipped the first few steps, because I had already made the certs from a previous attempt. I actually downloaded those certs, before I even installed the export plugin. Is the plugin required?

                                        1 Reply Last reply Reply Quote 0
                                        • jimpJ
                                          jimp Rebel Alliance Developer Netgate
                                          last edited by

                                          If you read the notes on the client export page, the clients will only show up there if things are setup properly.

                                          The most common error is to have one CA selected in the OpenVPN server and then the certificates you made are actually from another CA entirely. If the certificate CA doesn't match the server CA, they won't show up.

                                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                          Need help fast? Netgate Global Support!

                                          Do not Chat/PM for help!

                                          1 Reply Last reply Reply Quote 0
                                          • johnpozJ
                                            johnpoz LAYER 8 Global Moderator
                                            last edited by

                                            "I'm guessing maybe it was because I skipped the first few steps"
                                            "Is the plugin required?"

                                            So you ask for a step by step – and then you just skip steps, yeah not following instructions then sure its a nightmare to setup ;)

                                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                                            If you get confused: Listen to the Music Play
                                            Please don't Chat/PM me for help, unless mod related
                                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.