VPN services as WAN interfaces - 25$

shamael

I would like to have an easy way to configure various VPN services (ipredator, swissvpn, strongvpn, etc.) as virtual wan interfaces, in order to be able to choose on a per-host basis whether they should reach the internet through the regular WAN or the VPN. Incoming and outgoing traffic should obviously be bound to the same gateway.
I am offering 25$ for swissvpn support, but ideally this could be extended to other configurations if other users are willing to raise the bounty.
Swissvpn requires openvpn 2.1, so the bounty is for work done on pfsense 2.

This is the openvpn configuration file for swissvpn:

dev tun
client
proto tcp-client
remote connect-openvpn.swissvpn.net 443
ca ca.crt
auth-user-pass
reneg-sec 86400
ns-cert-type server

ca.crt can be found here: http://www.swissvpn.net/ca.crt

The tunnel can be set up successfully with:

openvpn --config {swissvpnconfigfile}

however the tun0 interface does not show up in the web interface, so I cannot assign an opt1 interface to it nor set up rules related to it.

Demo credentials to test the connection are:

ID: swissvpntest
PASS: swissvpntest

These only work for connections towards www.swissvpn.net, though.

I think it should be fairly easy to implement all this, however please let me know if the bounty is regarded as insufficient.

cmb

The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.

shamael

@cmb:

The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.

Well, almost… ovpnc1 gets created only if I configure openvpn through the gui (which I cannot do). If I start openvpn from the shell, it binds to tun0 and that interface does not show up in the drop down menus of the "assign network ports" page. At least that's the behavior on today's snapshot.

cmb

Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.

tommyboy180

Can this be done with pptp? If so let me know I may add to the bounty.

EDIT: Spelling

shamael

@cmb:

Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.

Ok, I seem to have it working now by choosing 'SSL/TLS' as server mode. auth-user-pass was not the problem as I had saved my credentials on a file. I had problems because I wanted to load the ca certificate from the additional options instead of importing it in the certificate manager. Now the tunnel is working, I can ping through the interface, although I'm having a hard time pushing traffic through the tun interface. I'll post a thread for that in the relative section.

@tommyboy180:

Can this be does with pptp? If so let me know I may add to the bounty.

I don't know about your setup, but I might still be interested in paying for a specific configuration page for VPN gateways to the internet.