Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VPN services as WAN interfaces - 25$

    Expired/Withdrawn Bounties
    3
    6
    6880
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shamael last edited by

      I would like to have an easy way to configure various VPN services (ipredator, swissvpn, strongvpn, etc.) as virtual wan interfaces, in order to be able to choose on a per-host basis whether they should reach the internet through the regular WAN or the VPN. Incoming and outgoing traffic should obviously be bound to the same gateway.
      I am offering 25$ for swissvpn support, but ideally this could be extended to other configurations if other users are willing to raise the bounty.
      Swissvpn requires openvpn 2.1, so the bounty is for work done on pfsense 2.

      This is the openvpn configuration file for swissvpn:

      dev tun
      client
      proto tcp-client
      remote connect-openvpn.swissvpn.net 443
      ca ca.crt
      auth-user-pass
      reneg-sec 86400
      ns-cert-type server
      

      ca.crt can be found here: http://www.swissvpn.net/ca.crt

      The tunnel can be set up successfully with:

      openvpn --config {swissvpnconfigfile}
      

      however the tun0 interface does not show up in the web interface, so I cannot assign an opt1 interface to it nor set up rules related to it.

      Demo credentials to test the connection are:

      ID: swissvpntest
      PASS: swissvpntest

      These only work for connections towards www.swissvpn.net, though.

      I think it should be fairly easy to implement all this, however please let me know if the bounty is regarded as insufficient.

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.

        1 Reply Last reply Reply Quote 0
        • S
          shamael last edited by

          @cmb:

          The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.

          Well, almost… ovpnc1 gets created only if I configure openvpn through the gui (which I cannot do). If I start openvpn from the shell, it binds to tun0 and that interface does not show up in the drop down menus of the "assign network ports" page. At least that's the behavior on today's snapshot.

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.

            1 Reply Last reply Reply Quote 0
            • T
              tommyboy180 last edited by

              Can this be done with pptp? If so let me know I may add to the bounty.

              EDIT: Spelling

              1 Reply Last reply Reply Quote 0
              • S
                shamael last edited by

                @cmb:

                Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.

                Ok, I seem to have it working now by choosing 'SSL/TLS' as server mode. auth-user-pass was not the problem as I had saved my credentials on a file. I had problems because I wanted to load the ca certificate from the additional options instead of importing it in the certificate manager. Now the tunnel is working, I can ping through the interface, although I'm having a hard time pushing traffic through the tun interface. I'll post a thread for that in the relative section.

                @tommyboy180:

                Can this be does with pptp? If so let me know I may add to the bounty.

                I don't know about your setup, but I might still be interested in paying for a specific configuration page for VPN gateways to the internet.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy