VPN: How to install NeoRouter server to Pfsense
-
I really like neorouter, it as been working flawlessly on my openwrt router for more then 2 years, and it's p2p, so traffic is client-client by default, or depending or your settings.
I used Openvpn, hamachi, tinc, ipsec but nothing come close to neorouter in terms of ease of use and flexibility, it even work on my android phone ! :PA lot of users requested neorouter to be ported to pfsense but i never happened, so i decided to give it a try with the freebsd files..
This was done on PfSense 2.3.2 and 2.4.2
For this tutorial you need putty and winscp on a windows machine.
Download neorouter server free (or pro) (i used neorouter free x64) for freebsd
Unpack the neorouter archive on your computer
Log into your pfsense installation as root with winscp and copy each archive files in respective folder in usr/local/
_(archive)/bin/nrserver –--> /usr/local/bin/nrserver
(archive)/bin/nrssetup ----> /usr/local/bin/nrsetup
(archive)/bin/rmnrserver.sh ----> /usr/local/bin/rmnrserver.sh(archive)/etc/rc.d/nrserver.sh ----> /usr/local/etc/rc.d/nrserver.sh_
and copy complete folder
(archive)/ZebraNetworkSystems –---> /usr/local/ZebraNetworkSystems
**Edit: PfSense 2.4.2 you need to edit some file so you can use the FreeBSD Repository.. (i use winscp to browse and edit)
1. Make sure "enabled" key is set to "yes" in /etc/pkg/FreeBSD.conf
2. Change "enabled: no" to "enabled: yes" in /usr/local/etc/pkg/repos/FreeBSD.conf
3. Change "enabled: no" to "enabled: yes" in /usr/local/etc/pkg/repos/pfSense.conf for FreeBSD repo
4. Now you're able to install packages from FreeBSD official repo**
(source: https://forum.pfsense.org/index.php?topic=109827.0)Log as into your pfsense installation as root (as in user root, same password as the default admin password with putty and go to shell.
We also need this package to make things work.. copy and paste
pkg install lang/gcc
Now we will generate the certificates for neorouter, copy and pase in shell:
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout /usr/local/ZebraNetworkSystems/NeoRouter/server.key -out /usr/local/ZebraNetworkSystems/NeoRouter/server.crt -config /usr/local/ZebraNetworkSystems/NeoRouter/openssl.cnf
Now we need to change permission to nrserver.sh and nrserver so it can work
chmod u+rwx /usr/local/etc/rc.d/nrserver.sh
chmod u+rwx /usr/local/bin/nrserver
Now start the server
/usr/local/etc/rc.d/nrserver.sh onestart
Now to make it start automaticly on reboot type this in shell
echo 'nrserver_enable="YES"' >> /etc/rc.conf
And set a admin user (replace username and password with yours)
For more info consult neorouter user guide. http://download.neorouter.com/Documents/nr_usermanual_22en.pdf/usr/local/bin/nrserver -adduser username password admin
Open port on your pfsense (default is 32976)
Download the respective client (in my case windows client)
You can now administer your server with the client under file tab, options.If something is not clear let me know i will modify this post.
Works here.
Enjoy ;D -
Hmm, this is not working for me. I put all the files in and ran the chmod u+rwx /usr/local/etc/rc.d/nrserver.sh
permissions command, but I just got access denied when typing nrserver. So I went in /usr/local/bin and ran the same chmod u+rwx to all of the neorouter files and it seemed to work.However when I run nrserver it says:
NeoRouter Free [Version 2.3.1.4360] Copyright (C) 2015 NeoRouter Inc. *** Please run this command as root ***
I am root
If I just try to add the user it just says:
FAILED. Result is 0X80000003
Any ideas?
EDIT: I decided to run /usr/local/bin/nrsetup
I then just made a domain name and hit no to create a new user. I then logged in with my pfsense's credentials on windows using neorouter's configuration explorer. Made a new account through there, and all seems to be working fine even though when I run nrserver it tells me to run as root. I then deleted the root user for neorouter and just login with the other account.The startup command didn't seem to work fr me though.
EDIT2: I tried placing nrserver_enable="YES" into rc.conf and rc.conf.local and I changed the permissions for rc.conf.local to no avail. I went ahead and made a startneo.sh in /usr/local/etc/rc.d/ and gave it the chmod +x permissions. Inside it just says:
nrserver
Seems to work fine, but this is a pretty big bodge job.
-
Neorouter is exactly that a P2P solution.. Why would you want/need to install this on pfsense? You install neorouter on the actual client devices.. Not the router/firewall of your whole network.. Why would you not just install the neorouter "server" on one of your clients that is going to be in your network. This is the way its designed to be done..
-
Neorouter is exactly that a P2P solution.. Why would you want/need to install this on pfsense? You install neorouter on the actual client devices.. Not the router/firewall of your whole network.. Why would you not just install the neorouter "server" on one of your clients that is going to be in your network. This is the way its designed to be done..
Neorouter requires a server where all the other clients still connect to. pfsense has fantastic up time, so it's a great place to put it on. There is one computer I tend to access the most, but I may make changes to it, and it just isn't as reliable. If I am doing something to it, and I have to go I can't access some of the other machines.
I currently had it installed on a netbook, but it's been on for around 6+ years straight according to the hard drive's SMART results. Not sure how long it will continue to last, a SSD would fix that but the CPU inside is very slow. One less device to worry about anyway.
-
Edited first post for PFSENSE 2.4.2
Neorouter is exactly that a P2P solution.. Why would you want/need to install this on pfsense? You install neorouter on the actual client devices.. Not the router/firewall of your whole network.. Why would you not just install the neorouter "server" on one of your clients that is going to be in your network. This is the way its designed to be done..
What if all clients are road warriors? :P