Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN services as WAN interfaces - 25$

    Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
    6 Posts 3 Posters 7.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shamael
      last edited by

      I would like to have an easy way to configure various VPN services (ipredator, swissvpn, strongvpn, etc.) as virtual wan interfaces, in order to be able to choose on a per-host basis whether they should reach the internet through the regular WAN or the VPN. Incoming and outgoing traffic should obviously be bound to the same gateway.
      I am offering 25$ for swissvpn support, but ideally this could be extended to other configurations if other users are willing to raise the bounty.
      Swissvpn requires openvpn 2.1, so the bounty is for work done on pfsense 2.

      This is the openvpn configuration file for swissvpn:

      dev tun
      client
      proto tcp-client
      remote connect-openvpn.swissvpn.net 443
      ca ca.crt
      auth-user-pass
      reneg-sec 86400
      ns-cert-type server
      

      ca.crt can be found here: http://www.swissvpn.net/ca.crt

      The tunnel can be set up successfully with:

      openvpn --config {swissvpnconfigfile}
      

      however the tun0 interface does not show up in the web interface, so I cannot assign an opt1 interface to it nor set up rules related to it.

      Demo credentials to test the connection are:

      ID: swissvpntest
      PASS: swissvpntest

      These only work for connections towards www.swissvpn.net, though.

      I think it should be fairly easy to implement all this, however please let me know if the bounty is regarded as insufficient.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.

        1 Reply Last reply Reply Quote 0
        • S
          shamael
          last edited by

          @cmb:

          The interface does show up for assignment, it'll be ovpnc1 (the tun gets renamed) for the first client, ovpnc2 for the second, etc. So everything you describe can be accomplished already.

          Well, almost… ovpnc1 gets created only if I configure openvpn through the gui (which I cannot do). If I start openvpn from the shell, it binds to tun0 and that interface does not show up in the drop down menus of the "assign network ports" page. At least that's the behavior on today's snapshot.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.

            1 Reply Last reply Reply Quote 0
            • T
              tommyboy180
              last edited by

              Can this be done with pptp? If so let me know I may add to the bounty.

              EDIT: Spelling

              -Tom Schaefer
              SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

              Please support pfBlocker | File Browser | Strikeback

              1 Reply Last reply Reply Quote 0
              • S
                shamael
                last edited by

                @cmb:

                Is auth-user-pass the only thing preventing you from using the GUI? That will be implemented in 2.0, so it will be something you can accommodate in the GUI.

                Ok, I seem to have it working now by choosing 'SSL/TLS' as server mode. auth-user-pass was not the problem as I had saved my credentials on a file. I had problems because I wanted to load the ca certificate from the additional options instead of importing it in the certificate manager. Now the tunnel is working, I can ping through the interface, although I'm having a hard time pushing traffic through the tun interface. I'll post a thread for that in the relative section.

                @tommyboy180:

                Can this be does with pptp? If so let me know I may add to the bounty.

                I don't know about your setup, but I might still be interested in paying for a specific configuration page for VPN gateways to the internet.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.