Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.0 and custom interfaces

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 6 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmonroe
      last edited by

      I have an embedded pfSense box setup and working great. I've also setup openconnect (to connect to a remote Cisco VPN) manually and that works well too. In order for traffic from my LAN to be forwarded thru the VPN tunnel I need to add some outbound NAT rules for subnets I'd like to access via the VPN. If this were openVPN I'd just assign the openVPN linux interface to an OPT interface and then assign outbound NAT rules to the OPT interface via the GUI. openconnect uses the tun0 interface which doesn't show up as an option for assigning to an OPT interface. So my questions are:

      1.) Is there any way to assign tunX to an OPT interface?
      2.) If not, is there a way to add outbound NAT rules via the shell which will stick through a filter reload?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        tun interfaces are hidden from assignment, but you can work around that. Remove line 713:

        'tun';

        in /etc/inc/util.inc and you'll be able to assign it.

        1 Reply Last reply Reply Quote 0
        • C
          cmonroe
          last edited by

          Perfect, that's what I was looking for. I'll give it a shot. Thanks!

          1 Reply Last reply Reply Quote 0
          • D
            danielmsantana
            last edited by

            @cmonroe:

            Perfect, that's what I was looking for. I'll give it a shot. Thanks!

            How did you install openconnect on pfSense?
            Did you use the FreeBSD package? Which one?

            Thanks!

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              You might have a look at the tinc VPN package and see if you could use that code as a base to make one for openconnect. I believe the package author worked around a similar assignment issue by doing as we do internally with OpenVPN and renaming the tun interface once it has been created.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • O
                omoreno
                last edited by

                Any news on this matter?

                I've been searching information on how to use pfSense as a VPN client with no success.

                (…bump)

                1 Reply Last reply Reply Quote 0
                • G
                  gentoo9ball
                  last edited by

                  I'm about to try the tunX solution mentioned above. I was able to repeat the installation today. General steps below:

                  1. Retrieve a freebsd 8.3 64bit VM and deploy it
                  2. update and extract portsnap on the VM
                  3. cd /usr/ports/security/portsnap
                  4. make install
                      go through the normal steps
                  5. copy these files from the VM to pfsense in the same locations
                  ./usr
                  ./usr/local
                  ./usr/local/sbin
                  ./usr/local/sbin/vpnc-script-sshd
                  ./usr/local/sbin/vpnc-script
                  ./usr/local/sbin/vpnc-script-ptrtd
                  ./usr/local/sbin/openconnect
                  ./usr/local/libdata
                  ./usr/local/libdata/pkgconfig
                  ./usr/local/libdata/pkgconfig/openconnect.pc
                  ./usr/local/include
                  ./usr/local/include/openconnect.h
                  ./usr/local/lib
                  ./usr/local/lib/libopenconnect.so
                  ./usr/local/lib/libopenconnect.la
                  ./usr/local/lib/libopenconnect.a
                  ./usr/local/lib/libopenconnect.so.2

                  6. good to go
                  7. I'm about to remove line 713 from /etc/inc/util.inc so I can control the vpn routes from the gui

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.