2.0 and custom interfaces
-
I have an embedded pfSense box setup and working great. I've also setup openconnect (to connect to a remote Cisco VPN) manually and that works well too. In order for traffic from my LAN to be forwarded thru the VPN tunnel I need to add some outbound NAT rules for subnets I'd like to access via the VPN. If this were openVPN I'd just assign the openVPN linux interface to an OPT interface and then assign outbound NAT rules to the OPT interface via the GUI. openconnect uses the tun0 interface which doesn't show up as an option for assigning to an OPT interface. So my questions are:
1.) Is there any way to assign tunX to an OPT interface?
2.) If not, is there a way to add outbound NAT rules via the shell which will stick through a filter reload? -
tun interfaces are hidden from assignment, but you can work around that. Remove line 713:
'tun';
in /etc/inc/util.inc and you'll be able to assign it.
-
Perfect, that's what I was looking for. I'll give it a shot. Thanks!
-
Perfect, that's what I was looking for. I'll give it a shot. Thanks!
How did you install openconnect on pfSense?
Did you use the FreeBSD package? Which one?Thanks!
-
You might have a look at the tinc VPN package and see if you could use that code as a base to make one for openconnect. I believe the package author worked around a similar assignment issue by doing as we do internally with OpenVPN and renaming the tun interface once it has been created.
-
Any news on this matter?
I've been searching information on how to use pfSense as a VPN client with no success.
(…bump)
-
I'm about to try the tunX solution mentioned above. I was able to repeat the installation today. General steps below:
1. Retrieve a freebsd 8.3 64bit VM and deploy it
2. update and extract portsnap on the VM
3. cd /usr/ports/security/portsnap
4. make install
go through the normal steps
5. copy these files from the VM to pfsense in the same locations
./usr
./usr/local
./usr/local/sbin
./usr/local/sbin/vpnc-script-sshd
./usr/local/sbin/vpnc-script
./usr/local/sbin/vpnc-script-ptrtd
./usr/local/sbin/openconnect
./usr/local/libdata
./usr/local/libdata/pkgconfig
./usr/local/libdata/pkgconfig/openconnect.pc
./usr/local/include
./usr/local/include/openconnect.h
./usr/local/lib
./usr/local/lib/libopenconnect.so
./usr/local/lib/libopenconnect.la
./usr/local/lib/libopenconnect.a
./usr/local/lib/libopenconnect.so.26. good to go
7. I'm about to remove line 713 from /etc/inc/util.inc so I can control the vpn routes from the gui