OpenVPN Multihop Package
-
OpenVPN Multihop Package
The OpenVPN Multihop Package enables the cascading (tunnel in tunnel) of (2+n) OpenVPN clients via the webconfigurator of pfSense by menu-driven configuration.
The cascading makes the analysis of the network traffic more difficult.
The attacker would still see outgoing encrypted traffic to another VPN server, but he cannot determine whether this is a middle or exit node. To successfully intercept and decrypt the traffic, the attacker would need to have physical access to all hops in the cascade simultaneously.
In addition, the effort required to trace the subscriber's actual connection grows exponentially* with each additional tunnel.
(*) when different VPN service providers are used.
Source from Perfect Privacy Blog.
Available functions:
The OpenVPN Multihop package can handle selective routing, for example. For this you have to deactivate "Add default route" in the last hop and specify the exit node in the LAN interface under Gateway.Likewise, the package offers autorestart. If the connection of one of the OpenVPN clients should be interrupted, the package restarts the connection. To do this, activate the "Keepalive" function.
Package advantages:
• Any number of multihops possible
• Combination of different OpenVPN providers possible*.
• No manual configuration via pfSense necessary anymore. Most functions are handled by the Multihop package(*) Please report successes and failures, specifying the configuration and VPN provider.
Disadvantages:
• A hardware with several fast CPU cores required/recommended
(More information)Preparations:
Choose a VPN provider of your choice and create at least two OpenVPN clients. Depending on the VPN provider, a DoT (DNS over TLS) configuration would also be useful.Application:
Description, configuration, installation as well as detailed information about further functions, can be found on Github.At this point a big thanks to the package developer Daniel Dowse.
If you encounter any problems with the package or have any constructive suggestions for improvement, please post them here in the forum or create an issue* on Github. Thank you very much.
(*) https://github.com/ddowse/pfSense-pkg-openvpn-multihop/issues