WebVPN package (clientless VPN) via Apache Guacamole
i'm thinking of developing a package which basically implements (client-less) WebVPN portal capabilities by utilizing Apache Guacamole. The package should include a proper menu within the pfsense webGUI, where you could add different backend services (rdp, vnc, ssh), assign them to your users/groups, etc. I'm thinking of something pretty smiliar to the implementation on Sophos/Astaro UTMs.
Additionally I'm thinking of developing a second package which brings 2FA/TOTP capabilities to pfSense, and which should integrate with the webvpn/guacamole-package. Again same approach as Sophos/Astaro did on their UTMs, without an additional input field for the tokens, instead the token could be appended directly after the password. Basically the package would just have to intercept pfSense's default auth mechanism for validating the tokens.
What do you think?
I know that web-portal-vpn-feature from sophos utm and it would be awesome if you could bring that to pfsense!
Also 2fa/totp is a feature that i am missing in pfsense. Personally i would like to use it as a second step for openvpn.
Thanks for your effort.
I'm working on it, but first I have to dig a little bit deeper into how pfSense ports are managed. Installing guacd on pfSense shouldn't be that hard with ports. Adding a menu entry and configuration page in pfSense's admin, as well as serving the frontend webvpn login page, shouldn't be that hard either - https://www.freshports.org/net/guacamole-server/ .
PS: 2FA/TOTP seems to be already on it's way… https://github.com/pfsense/FreeBSD-ports/pull/357
Another vote for this. 2FA and a true clientless portal like Sophos UTM/XG is all I'm missing with pfSense.