Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client Deployment Options

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 129 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rfranzke
      last edited by rfranzke

      Hello All,
      In the process of migrating to PFSense from Cisco FTD. I have the OpenVPN client setup working on my newly built PFSense hardware devices using PFSense CE with OTP two factor authentication using the FreeRadius package. I was able to use the OpenVPN Client Export Utility package to export an OpenVPN client installer for Windows and was able to successfully repackage the resulting self-extracting EXE file to further customize it for my users. This works fine and results in a successful two-factor auth VPN connection to my PFSense device.

      One of the few things that the Cisco FTD device did really well was provide a web portal users could access in a browser to login in and retrieve the Cisco AnyConnect VPN client. This portal site would run on the FTD device itself and as used only for the purpose of downloading the AnyConnect VPN Client software. All it did was authenticate users and provide a download button to download the client software. Users would login to a Web-based portal page, enter their creds, and then be presented with a 'Download' button to allow them to download and install the AnyConnect client software. The resulting downloaded file would install and configure the Cisco VPN client connection for the user. This worked basically the same as the OpenVPN export utility exe after the download. This was a really easy way to get the client to remote users. You would just give them the URL, they would in a browser connect and download the VPN client, and then run the installer.

      Wondering if PFSense has some way to mimic this AnyConnect portal functionality somehow? Does it hve some native way to do this I am missing or is there some way to do this using the HAProxy package somehow to achieve this. Maybe use the Captive Portal bit to do this? I've searched the docs but did not see anything specific that offered this functionality so I thought I would open it up to the group. Thanks in advance for the help.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.