Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN: eurephia plug-in

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nrgyz
      last edited by

      Hi everyone,

      I was wondering if there is a plan to support eurephia (http://www.eurephia.net/) in the next pfSense 2.0 release?

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        First I've heard of it, but I'm not sure what it really offers that would be beneficial. We can already do user auth, tls, etc. Would probably be easier to extend our login code to blacklist repeated failed logins than add some other plugin.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          trendchiller
          last edited by

          Hi !

          I cannot see a need to implement this, there are no differenes to the functionality now in 2.0 !?

          1 Reply Last reply Reply Quote 0
          • N
            nrgyz
            last edited by

            @jimp:

            First I've heard of it, but I'm not sure what it really offers that would be beneficial. We can already do user auth, tls, etc. Would probably be easier to extend our login code to blacklist repeated failed logins than add some other plugin.

            One thing that is missing in OpenVPN is the user-based network accces. I would like some external users (ex. consultants) to log into the VPN and have access to some systems (not the whole LAN).

            eurephia supports dynamic firewall updates per connection/session on Linux based router/firewall running OpenVPN. This means that each user account may have their own restricted access profile to the network, and you can control the network access with great granularity. This is achieved by using predefined iptables chains, which is activated after the user is authenticated

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              It's not missing. Assign users a static IP using Client-Specific Overrides (CSC). Setup firewall rules to block them from reaching things you don't want.

              I doubt their program is compatible with FreeBSD/pf anyhow, and wouldn't be worth the trouble.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • N
                nrgyz
                last edited by

                @jimp:

                It's not missing. Assign users a static IP using Client-Specific Overrides (CSC). Setup firewall rules to block them from reaching things you don't want.

                I doubt their program is compatible with FreeBSD/pf anyhow, and wouldn't be worth the trouble.

                Thanks @jimp! I thought it was impossible to filter incoming VPN traffic natively. In fact, I'm still running on 1.2-RELEASE and this feature was added to 1.2.3-RC1. I'm planning an upgrade to 2.0-RC3 really soon. What's the upgrade path to 1.2 ->ย 2.0? I also heard 2.0-RELEASE was coming really soon!

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Just upload a firmware update. Nothing mysterious about it. It should all work.

                  Being able to properly filter wasn't really possible until 2.0. You can do it in 1.2.3 but it's not ideal.

                  Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.