VPN for Windows
-
Does anyone want me to do any testing and report back?
-
I use Adito for users in environments who cannot install any VPN clients. I do not run Adito on pfSense, but on a Windows box behind pfSense.
Connection to Adito is done via a web browser over HTTPS. The somewhat painful part is that you'll need an SSL certificate. When users connects to Adito via the web browser, they log in into a Web GUI where they can start tunnels. The web browser then downloads a Java application (the "Adito Agent"), which is the VPN client. The Adito Agent communicates with the Adito server via HTTPS. Unlike your usual VPN client, the Adito Agent does not really provide LAN-like connectivity to the remote network. Instead, you access remote resources by connecting to Adito Agent (for example, a VNC tunnel which is configured to point to a VNC server at somehost.com:5800 will be used by entering 127.0.0.1:5800 as server address into the VNC client).
Adito appears to be bady maintained, if at all. It's written in Java. The only reason why I use it is that it works in restrictive environments where installation of applications is impossible and network traffic is layer 7 filtered to prevent anything useful going on (and only HTTPS traffic is unharmed).
-
Could we get something like this integrated into Pfsense?
http://www.cybelesoft.com/thinrdp/default.aspx/#tabs-4
-
Or even this which is open source!
http://guac-dev.org/
-
@craigduff - There is a "Packages Wishlist" thread for those kinds of suggestions.
If they actually work on FreeBSD, and someone wants to take the time to make a package out of one of them, it may show up.
-
Or even this which is open source!
http://guac-dev.org/You can install it (as I've made) on a Linux server behind pfSense and the result is the same..
-
Softether, to me seems like a fix for something thats not broken - openvpn.
That said, choices are nice.
As far as ease of use for the end user, if you ship a end user a exported openvpn config file that uses certs only and doesn't ever require a password and they are not smart enough to double click an executable and press a connect button, I'd suggest they aren't smart enough to use any vpn.
-
I am one of "the developers" ā until the source shows up, it's not an option. When the source shows up, if it's feasible, we'll look at it.
The source code seems to be available now:
http://www.softether.org/9-about/News/800-open-source -
I am one of "the developers" ā until the source shows up, it's not an option. When the source shows up, if it's feasible, we'll look at it.
The source code seems to be available now:
http://www.softether.org/9-about/News/800-open-sourcePlease, pleaseĀ ::) Add this nice vpn to pfsense 2.2 !
-
That is an interesting solution assuming the code can be trusted (has it been thoroughly looked at yet for security issues after going open source for example).
One of the things that held me up using OpenVPN for users (I still use it for admins) is that openvpngui must be run as administrator or the routes needed do not get created when a user authenticates to start the tunnel.Ā I am waiting for the day that openvpn creates a Windows service in the official installer to handle that for the user to get around that restriction.Ā Yes you can get around it by making the tunnels not require authentication during startup and have the tunnels start up automatically but I do not like that idea from a security standpoint (which is the whole idea of the solution to begin with).
-
Hi!
SoftEther is in freebsd ports
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188437Maybe it's time to look on SoftEther as part of pfSense?
-
I've been using Softether for many years and never had any issues. Would be very nice to add this software to pfsense ;)
-
This post is deleted!