Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    WebVPN package (clientless VPN) via Apache Guacamole

    pfSense Packages
    3
    4
    2388
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      Hi,

      i'm thinking of developing a package which basically implements (client-less) WebVPN portal capabilities by utilizing Apache Guacamole. The package should include a proper menu within the pfsense webGUI, where you could add different backend services (rdp, vnc, ssh), assign them to your users/groups, etc. I'm thinking of something pretty smiliar to the implementation on Sophos/Astaro UTMs.

      Additionally I'm thinking of developing a second package which brings 2FA/TOTP capabilities to pfSense, and which should integrate with the webvpn/guacamole-package. Again same approach as Sophos/Astaro did on their UTMs, without an additional input field for the tokens, instead the token could be appended directly after the password. Basically the package would just have to intercept pfSense's default auth mechanism for validating the tokens.

      What do you think?

      Thanks

      1 Reply Last reply Reply Quote 0
      • B
        Bigdaddy168 last edited by

        I know that web-portal-vpn-feature from sophos utm and it would be awesome if you could bring that to pfsense!
        Also 2fa/totp is a feature that i am missing in pfsense. Personally i would like to use it as a second step for openvpn.
        Thanks for your effort.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest last edited by

          I'm working on it, but first I have to dig a little bit deeper into how pfSense ports are managed. Installing guacd on pfSense shouldn't be that hard with ports. Adding a menu entry and configuration page in pfSense's admin, as well as serving the frontend webvpn login page, shouldn't be that hard either - https://www.freshports.org/net/guacamole-server/ .

          PS: 2FA/TOTP seems to be already on it's way… https://github.com/pfsense/FreeBSD-ports/pull/357

          1 Reply Last reply Reply Quote 0
          • H
            huyrune last edited by

            Another vote for this.  2FA and a true clientless portal like Sophos UTM/XG is all I'm missing with pfSense.

            Any ETA?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy