Install pfSense-pkg-openvpn-client-export package on isolated environment.

ramses.sevilla · Jan 21, 2019, 9:14 AM

Hi everybody,

This is my first message in this forum.

I have installed a pfSense in a isolate enviroment to test purposes and it hasn't Internet access to download packages.

I need install the pfSense-pkg-openvpn-client-export package to test the OpenVPN Server that I have installes in the pfSense.

Can I download this package on another PC, save it in a PEN and install it in the pfSense that I have installed in my test environmet?

Best regards,

Ramses

Rico · Jan 21, 2019, 9:24 AM

How would you test anything in your lab environment anyway without Internet access?

-Rico

ramses.sevilla · Jan 21, 2019, 9:39 AM

Rico, you don't know?

Very easy, connecting the WAN Interface to a switch with various PC that simulate the Internet Network and the LAN Interface to another switch.

Very easy...

Regards,

Ramses

Rico · Jan 21, 2019, 9:56 AM

Well that is not what I'd call proper testing.
Why don't you just double NAT your pfSense behind your current router? AFAIK there is no easy way to install pfSense packages manually offline...not worth the hassle.

-Rico

ramses.sevilla · Jan 21, 2019, 10:11 AM

@rico said in Install pfSense-pkg-openvpn-client-export package on isolated environment.:

Well that is not what I'd call proper testing.

Why?

If I configure a OpenVPN Client on a PC that is in the WAN switch to connect to the OpenVPN Server over the WAN Interface. Why do I need to be connected to Internet to test purposes?

Why don't you just double NAT your pfSense behind your current router? AFAIK there is no easy way to install pfSense packages manually offline...not worth the hassle.

Because I don't want connect the test environment to the production network to avoid problems.

Rico, very thanks by your answer. I will study the posibility of configure double NAT or another solution.

Regards,

Ramses

Rico · Jan 21, 2019, 10:22 AM

Because for example you will not have fully working DNS.
You just need one IP of your production network and use it one the pfSense WAN side, how should this cause any problems in your production network?

-Rico

johnpoz · Jan 21, 2019, 1:07 PM

You don't even need an IP in your production setup... Just connect your current router to downstream pfsense lab router via a transit network for internet access.

You can then lab all you want in this isolated network, while still allowing for pfsense and anything behind it to have internet if they need it.. While completely isolating it from your production network.

ramses.sevilla · Jan 22, 2019, 4:10 PM

Hi @Rico / @johnpoz,

I have my production network reproduced in the LAB, with the same addressing and I am not want to have problems connecting the LAB to my production network.

But the question not was "Howto connect my LAB to Internet?". The question was if there is any way to install the pfSense-pkg-openvpn-client-export package in a isolated environment.

Well, finally, I have connected a 4G router to my LAB.

When I tried to install the pfSense-pkg-openvpn-client-export package the pfSense Manage Package told me that my pfSense was outdated (pfSense 2.3.5) and forced me to update to pfSense 2.4.4 to install the package.

I imagine that not had way to install the pfSense-pkg-openvpn-client-export package in pfSense 2.3.5 without update pfSense, isn't it?

Regards,

Ramses

johnpoz · Jan 22, 2019, 4:43 PM

2.3.5 is no longer supported... No you will not be able to add any packages to said version... You need to be current..

bmeeks · Jan 22, 2019, 6:07 PM

As @johnpoz said, pfSense 2.3.5 is at end-of-life and no longer supported. I would suggest you re-install pfSense v2.4.4 on your lab machines using a USB image.

You can access the pfSense packages repository from a different machine and download the packages to a USB stick, but it will be very frustrating if you do so because you will need to also download all the dependent packages. Rarely does a "package" consist of only a single file. Usually there is the single file that is the main package, but then there will one, two or up to a dozen dependent packages required by the main package. These are supporting libraries. You can tell you need to download more stuff when you attempt a manual pkg install and it tells you it can't find some package dependency.

So with all that said, the URL for the packages repository is: https://files00.netgate.com/

You want the directories that DO NOT say "core" in the name. You will see several of the pfSense versions there.

When you download a package (and all its depencies), then copy everything over to your lab machine in say the /tmp directory and then do this --

cd /tmp
pkg install {package_filename}

Expect to have to make multiple trips back to your Internet-connected PC to download more dependent packages, then come back and try the install again. Rinse and repeat until it finally installs. This is the frustrating part.

Much better to figure out how to give your lab at least temporary Internet access so the pkg utility can automatically request what it needs in terms in dependencies.

ramses.sevilla · Jan 28, 2019, 8:53 AM

Hi @bmeeks,

Very thanks by the so complet explication.

Finally, I have connected a 4G router to my test environment and I have installed the needed module and previously It forced me to upgrade pfSense from 2.3.5 to 2.4.4 version.

Very thanks to everybody that have answered to me.

Howto can I mark this post SOLVED?

Regards,

Ramses