VPN Question - Pfsense VPN Vs. OpenVPN Server
-
Hi All,
I have a few users (3) that need remote Access to an small office running Pfsense 2.0.2, I'm thinking of using OpneVPN to enable remote access outside the Office but what I’m wondering is if its best to setup an OpenVPN Server on Centos and port forward to it (OpnenVPN Server) using Pfsense or just go ahead and use the VPN features built into Pfsense ?
Can you advise which is better/safer and, which is more suitable and Whats the pros and cons of using each. I just need some feedback before i attempt this.For the record bandwidth is ok and Pfsense hardware is pretty decent.
Thanks in advance
-
The pfsense OpenVPN server works very well. It allows you tu use use-auth, certificates or both. Further you can do the firewall rules directly on pfsense.
Certificate revocation lists can be done on pfsense, too.So I would not build a second server just for OpenVPN.
I am using pfsense OpenVPN server on my company and it is working without problems and all can be easily configured using the GUI. And on pfsense there is an "OpenVPN export Client Utility" which can help you to export VPN client config + cert an easy way.
-
The pfsense OpenVPN server works very well. It allows you tu use use-auth, certificates or both. Further you can do the firewall rules directly on pfsense.
Certificate revocation lists can be done on pfsense, too.So I would not build a second server just for OpenVPN.
I am using pfsense OpenVPN server on my company and it is working without problems and all can be easily configured using the GUI. And on pfsense there is an "OpenVPN export Client Utility" which can help you to export VPN client config + cert an easy way.
Thank you very much for your input. You pretty much cleared up everything.
I wont "reinvent the wheel" i will use the built in Pfsense Openvpn features/packages for my VPN needs :)
Thanks again.
-
The OpenVPN server is the same as on other distributions. There is no (major) difference between. The only advantage I see on pfsense is the GUI which is easy to use and you do not hneed extra hardware, extra port forward because all is on the same machine. And you can easily see which user is logged in, you can enable firewall logging on this user, you can discconect a user and so on.