VPN services as WAN interfaces - 25$



  • I would like to have an easy way to configure various VPN services (ipredator, swissvpn, strongvpn, etc.) as virtual wan interfaces, in order to be able to choose on a per-host basis whether they should reach the internet through the regular WAN or the VPN. Incoming and outgoing traffic should obviously be bound to the same gateway.
    I am offering 25$ for swissvpn support, but ideally this could be extended to other configurations if other users are willing to raise the bounty.
    Swissvpn requires openvpn 2.1, so the bounty is for work done on pfsense 2.

    This is the openvpn configuration file for swissvpn:

    dev tun
    client
    proto tcp-client
    remote connect-openvpn.swissvpn.net 443
    ca ca.crt
    auth-user-pass
    reneg-sec 86400
    ns-cert-type server
    

    ca.crt can be found here: http://www.swissvpn.net/ca.crt

    The tunnel can be set up successfully with:

    openvpn --config {swissvpnconfigfile}
    

    however the tun0 interface does not show up in the web interface, so I cannot assign an opt1 interface to it nor set up rules related to it.

    Demo credentials to test the connection are:

    ID: swissvpntest
    PASS: swissvpntest

    These only work for connections towards www.swissvpn.net, though.

    I think it should be fairly easy to implement all this, however please let me know if the bounty is regarded as insufficient.



  • The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.



  • @cmb:

    The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.

    Well, almost… ovpnc1 gets created only if I configure openvpn through the gui (which I cannot do). If I start openvpn from the shell, it binds to tun0 and that interface does not show up in the drop down menus of the "assign network ports" page. At least that's the behavior on today's snapshot.



  • Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.



  • Can this be done with pptp? If so let me know I may add to the bounty.

    EDIT: Spelling



  • @cmb:

    Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.

    Ok, I seem to have it working now by choosing 'SSL/TLS' as server mode. auth-user-pass was not the problem as I had saved my credentials on a file. I had problems because I wanted to load the ca certificate from the additional options instead of importing it in the certificate manager. Now the tunnel is working, I can ping through the interface, although I'm having a hard time pushing traffic through the tun interface. I'll post a thread for that in the relative section.

    @tommyboy180:

    Can this be does with pptp? If so let me know I may add to the bounty.

    I don't know about your setup, but I might still be interested in paying for a specific configuration page for VPN gateways to the internet.


Log in to reply