Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSL VPN

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Seth
      last edited by

      What are the possibilities of an native/packaged SSL VPN solution?

      Behind corporate firewall including layer 7 filtering.  Unable to install VPN client on corporate asset.

      1 Reply Last reply Reply Quote 0
      • N
        ntsux
        last edited by

        I agree.

        Having a client-less web-based SSL VPN solution (a la "SSL Explorer") would be a tremendous benefit.  Many corp. environments will not allow users to install software (VPN clients) on their workstations, but pretty much everyone has an SSL-enabled browser these days.

        Just my $0.02

        NTSUX

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          My standard comment to such questions - what would the result of the corporation finding out?  While it's nice to be able to do, getting fired as a result isn't a good thing ;)

          1 Reply Last reply Reply Quote 0
          • S
            Seth
            last edited by

            Right or wrong from a corporate aspect the desire for a SSL VPN solution is still there.

            Being able to walk up to a kiosk and gaining access to ones network is the goal.

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              I don't disagree that the overall goal of a VPN that doesn't require any special client software, but you have to look at the bigger picture.  You need to trust the system you're connecting from, if it isn't secure then you've handed out access to your network to whoever "owns" that system.

              Still, if you're after that as a solution I'd suggest you raise a bounty, if somebody hasn't already started one.  The more money you can provide the more likely it is that somebody with the skills will be interested in working on it.

              1 Reply Last reply Reply Quote 0
              • N
                ntsux
                last edited by

                I'm not sure that it was intended to bring across a point that we were looking for a way to circumvent a secure system.  I guess a poor example or rationale was provided.

                How about this: it is far less complicated to roll out a secure remote access solution via VPN when the end-user does not need to install & configure any new software (proprietary VPN client) on their machine.  To me, THIS is the main appeal of web-based VPN solutions.

                I realize that even using SSL that sometimes active x code needs to be installed to the browser - but that's more of a "next, next, next, finished" setup for the end user (easy).

                1 Reply Last reply Reply Quote 0
                • Cry HavokC
                  Cry Havok
                  last edited by

                  It was more Seth's posts that suggested a desire to bypass corporate security/policy.

                  My 0.02 <currency>- if you want the VPN to really be secure then you need to manage the clients too.  Convenience is nice, but having your corporate network compromised because your end users can install anything they want isn't a good goal ;)  Oh, and I've seen that happen, so it's not just theory.</currency>

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.