PFSense as L2TP client on WAN for paid VPN service. $300 or how much?



  • Hello I am trying to get PFSense to work as a l2tp client for a paid vpn service. It would need a pre-shared key and LZO compression as well. I am currently using m0n0wall mod and using my m0n0wall box as a pptp client to share the vpn service with the whole house. I have been looking for something that will do l2tp for a while now but it simply does not exist. PPTP can possibly be cracked in a day now since 2012 and Openvpn has a higher overhead and throughput is not as high as l2tp with vpn service. I have tested it many times and l2tp had the highest overall throughput with download and upload and fairly secure. Even tried Open vpn with no encryption on udp and still was not as fast and throughput went up and down quite a bit I'm assuming from overhead. Basically what I am looking for is the ability to connect a pfsense box via l2tp to a paid vpn service and plug a wireless router into that to share it's connection. Would like to have the ability to possibly turn off the NAT or firewall and simply use it as a vpn gateway that I plug a wireless router into to act as firewall will simplify passing traffic if I want to receive traffic. Would like to possibly collaborate with someone on creating a vpn box. That people who use paid vpn services could buy and use with their vpn services. A vpn gateway box. That would be able to connect via pptp l2tp and OpenVPN and customers of paid vpn can plug their home routers into this to share secured internet. No one else has this and think it is a good idea to be able to share high speed vpn service. Will be happy with L2TP for now though. Please let me know what this would cost and if anyone wants to collaborate to make commercially available high speed vpn gateway for VPN customers. A simple gateway would be ideal since people can buy wireless routers pretty cheap today and simplifies forwarding traffic when wireless network router is connected. So it would be Cable/DSL modem router–-->High Speed Vpn Gateway----Home wireless router----->Home computer user. Please let me know how much for PFSense as L2TP client with pre-shared key and lzo compression or if you live around the Orlando area possibly getting together to make commercially available high speed vpn gateway box.



  • You would get better service from portal.pfsense.org and sustained support if it gets merged into pfSense.


  • Rebel Alliance Developer Netgate

    L2TP on its own has no encryption. L2TP+IPsec is what some people are using for an "L2TP VPN", but that would probably have more overhead and be prone to more breakage than OpenVPN.

    You might try a 2.1 snapshot and see if the OpenVPN throughput is better there. Some work has gone into optimizing it in the last few weeks.

    But without any solid numbers on hardware and throughput you're expecting/achieving, it's really impossible to offer any sound advice.



  • Yes L2TP+IPSEC is what I meant. For some reason it is just reffered to as L2TP with any paid vpn service you will never see them call it that. Well on my windows pc at least with a quadcore running at nearly 4ghz 8gigs of mem at 1800mhz and an ssd drive. L2TP is the fastest all around for upload and download and OpenVPN uses more processor than PPTP, L2TP and SSTP. OpenVpn uses more processor even with no encryption turned on than the others at maximum encryption and when I speed test it it is the least stable for nice even throughput but I would say it is the most secure when set up right. But the throughput sucks even with moderate encryption compared to the others. PPTP can be cracked if someone really really wanted and had the knowledge to do so in a day now since 2012. I figure that L2TP is the best balance for speed and security. SSTP tested pretty good as well but not quite as good as L2TP and I don't believe this is offered in Linux or BSD or am I wrong. I think there is a reason big corporations use L2TP for road warriors it is the best. But this is on a windows machine not sure how much of a difference OpenVPN runs on linux or freebsd. Also Most VPN's charge more for OpenVPN I believe becuase it is more overhead on the servers and takes more processing power than the others. So they have to have a few more servers to handle the processing load. Which equals more processing power to each VM. Also requires more  for VPN services for configuration since there is a wide variety of encryption, ports and tcp or udp. Since PPTP is no longer viable because of MSCAPv2 vunerability. But L2TP still is because of pre-shared key for it. PPTP does not have that and SSTP and OPENVPN have no need for it. If I can't find someone that is capable of it. I have to start learning and make my own Firewall version from scratch from a small Linux Kernal build I guess. I don't think anyone is capable of pulling it off here anyway no one seems to be smart enough and they say if you want something done right you just have to do it yourself. But maybe I'll give OpenVPN a go on my custom firewall box and check out the throughput.



  • Its not a question of smartness its a question of what you want to achieve.
    Your need has more requirements than this section of bounties can give in implementation.


  • Rebel Alliance Developer Netgate

    And there is still no mention of actual throughput numbers expected/achieved, or the encryption algorithms used with IPsec or OpenVPN.

    You may have used a cipher for IPsec that your hardware accelerated (e.g. AESNI accelerated AES-128 or AES-256) and then used Blowfish with OpenVPN resulting in an uneven comparison.

    (And yes, PPTP is horrible, and needs to die)



  • I'm pretty sure I said openvpn no encryption and others max. Others were still faster on windows base pc at least. I am running openvpn now on pfsense box with 128bit encryption and speed is close to what I was getting with m0n0wall mod as pptp client to vpn service. Would still like to see l2tp implementation though. My AMD computer does not accelerate AES. I've checked because of tru-crypt and windows native encryption the bit locker or what ever it is called is not compatible with my comp because of that reason.


Log in to reply