Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Multihop Package

    pfSense Packages
    1
    1
    83
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      John2893ax last edited by

      OpenVPN Multihop Package

      d8843148-212b-481a-b831-1fecc68a2545-grafik.png

      The OpenVPN Multihop Package enables the cascading (tunnel in tunnel) of (2+n) OpenVPN clients via the webconfigurator of pfSense by menu-driven configuration.

      The cascading makes the analysis of the network traffic more difficult.

      The attacker would still see outgoing encrypted traffic to another VPN server, but he cannot determine whether this is a middle or exit node. To successfully intercept and decrypt the traffic, the attacker would need to have physical access to all hops in the cascade simultaneously.

      In addition, the effort required to trace the subscriber's actual connection grows exponentially* with each additional tunnel.

      (*) when different VPN service providers are used.

      Source from Perfect Privacy Blog.

      Available functions:
      The OpenVPN Multihop package can handle selective routing, for example. For this you have to deactivate "Add default route" in the last hop and specify the exit node in the LAN interface under Gateway.

      8e2cb637-a3e8-4df4-9403-38af68af791a-grafik.png

      Likewise, the package offers autorestart. If the connection of one of the OpenVPN clients should be interrupted, the package restarts the connection. To do this, activate the "Keepalive" function.

      76c8e842-85f8-47b7-8c0a-03262736e907-grafik.png

      Package advantages:
      • Any number of multihops possible
      • Combination of different OpenVPN providers possible*.
      • No manual configuration via pfSense necessary anymore. Most functions are handled by the Multihop package

      (*) Please report successes and failures, specifying the configuration and VPN provider.

      Disadvantages:
      • A hardware with several fast CPU cores required/recommended
      (More information)

      Preparations:
      Choose a VPN provider of your choice and create at least two OpenVPN clients. Depending on the VPN provider, a DoT (DNS over TLS) configuration would also be useful.

      Application:
      Description, configuration, installation as well as detailed information about further functions, can be found on Github.

      At this point a big thanks to the package developer Daniel Dowse.

      If you encounter any problems with the package or have any constructive suggestions for improvement, please post them here in the forum or create an issue* on Github. Thank you very much.

      (*) https://github.com/ddowse/pfSense-pkg-openvpn-multihop/issues

      1 Reply Last reply Reply Quote 1
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy