OpenVPN: Howto create client plaintext connection without any auth or encryption



  • Hi,

    beforehand, I know this is not recommended. The topic might be confusing, why anyone would want that, so I'll explain it.

    We are a public free community wireless mesh network where anybody can wirelessly connect to. Now there are locations which can't be reached by wireless (yet) to connect to our network, so we provide that connectivity via openvpn to be used over any other internet connection. For every user who needs a tunnel, an own openvpn instance on its own special port is created. As there is the same information transferred, as over our open wireless network, no encryption is needed. Because of the nature of our open wireless network, we don't want to hassle with authentication for tunnels. We just assign ports to users and thats it.

    I tried to create a tunnel like this in the WebUI but couldn't find a way without encryption. Can this be made manually if there seems to be no option for it in the WebUI?
    The reason why im asking here is because atm I'm using a linux box for this topic and would like to switch to pfsense, so I already have a running setup and there is a working openvpn-configuration available. Maybe it's possible to somehow apply that configuration to pfsense?

    (Please don't recommend to use another server-side configuration as this won't change.)

    thanks, chris


  • LAYER 8 Global Moderator

    Who says its not int he gui?  Just scroll down to where it says none.

    Same for auth..






  • Thanks for your reply, you're right and i found those options, but still this way again a certificate and/or shared key is needed which we do not use or provide. Is it possible to create a client connection without that?






  • OpenVPN requires at least certificate.

    cipher none, disables encryption.
    auth none, disables authentication of packets.



  • After looking for some openvpn configurations in /etc/ I possibly could apply from my existing installation, I was searching the forums until I found this thread OpenVPN config file? and realized the configs are stored in /var/etc/openvpn/ so from the webui via menu "diagnostics" - "edit file" its possible to edit your specific config. Looking at the openvpn logs it seems like it works same as it worked on my existing installation. I have to fully set up pfsense to test if the same configuration would work, but so far it looks good.

    Thanks


Log in to reply