Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN: Howto create client plaintext connection without any auth or encryption

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vchrizz
      last edited by

      Hi,

      beforehand, I know this is not recommended. The topic might be confusing, why anyone would want that, so I'll explain it.

      We are a public free community wireless mesh network where anybody can wirelessly connect to. Now there are locations which can't be reached by wireless (yet) to connect to our network, so we provide that connectivity via openvpn to be used over any other internet connection. For every user who needs a tunnel, an own openvpn instance on its own special port is created. As there is the same information transferred, as over our open wireless network, no encryption is needed. Because of the nature of our open wireless network, we don't want to hassle with authentication for tunnels. We just assign ports to users and thats it.

      I tried to create a tunnel like this in the WebUI but couldn't find a way without encryption. Can this be made manually if there seems to be no option for it in the WebUI?
      The reason why im asking here is because atm I'm using a linux box for this topic and would like to switch to pfsense, so I already have a running setup and there is a working openvpn-configuration available. Maybe it's possible to somehow apply that configuration to pfsense?

      (Please don't recommend to use another server-side configuration as this won't change.)

      thanks, chris

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Who says its not int he gui?  Just scroll down to where it says none.

        Same for auth..

        noencrypt.png
        noencrypt.png_thumb
        noauth.png
        noauth.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • V
          vchrizz
          last edited by

          Thanks for your reply, you're right and i found those options, but still this way again a certificate and/or shared key is needed which we do not use or provide. Is it possible to create a client connection without that?

          pfsense-openvpn-error-cert.png
          pfsense-openvpn-error-cert.png_thumb
          pfsense-openvpn-error-sharedkey.png
          pfsense-openvpn-error-sharedkey.png_thumb

          1 Reply Last reply Reply Quote 0
          • PippinP
            Pippin
            last edited by

            OpenVPN requires at least certificate.

            cipher none, disables encryption.
            auth none, disables authentication of packets.

            I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
            Halton Arp

            1 Reply Last reply Reply Quote 0
            • V
              vchrizz
              last edited by

              After looking for some openvpn configurations in /etc/ I possibly could apply from my existing installation, I was searching the forums until I found this thread OpenVPN config file? and realized the configs are stored in /var/etc/openvpn/ so from the webui via menu "diagnostics" - "edit file" its possible to edit your specific config. Looking at the openvpn logs it seems like it works same as it worked on my existing installation. I have to fully set up pfsense to test if the same configuration would work, but so far it looks good.

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.