VPN for Windows
-
I haven't heard of that one, but it does sound almost too good to be true. Seems it just turned open source in the last couple months.
-
http://www.softether.org/3-spec/Current_Limitations makes me wonder if it's even worth looking at until next year.
Also the license is a bit odd, sort of BSD-like but not quite(?) http://www.softether.org/4-docs/1-manual/1._SoftEther_VPN_Overview/1.3_SoftEther_VPN_is_Freeware
If it's half as good as it claims, it may be worth someone poking at making a package for it for SSTP and SSL modes. I doubt we'd want it handling IPsec, L2TP, or OpenVPN.
And, the big oneโฆ http://www.softether.org/5-download/src - you can't download the source yet. Maybe when that happens...
-
Can we publish that to the developers and get their opinions on it?
-
I am one of "the developers" โ until the source shows up, it's not an option. When the source shows up, if it's feasible, we'll look at it.
-
Ok excellent! Lets keep an eye on it! Always good talking to an expert! Hope your well.
-
Ah! I only looked at it briefly and didn't realise they haven't actually released and code yet. To be honest I then started Googling for any reviews of it since it looked too good to be true, found almost nothing and dismissed it.
Since there is no source code I'm trying to find what version of FreeBSD the package is compiled against but the only thing I can see is this:
Requirements: FreeBSD (32bit, 64bit) FreeBSD 5, 6, 7, 8, 9
Seems too imprecise.ย ::)
Steve
-
Ah! I only looked at it briefly and didn't realise they haven't actually released and code yet. To be honest I then started Googling for any reviews of it since it looked too good to be true, found almost nothing and dismissed it.
Since there is no source code I'm trying to find what version of FreeBSD the package is compiled against but the only thing I can see is this:
Requirements: FreeBSD (32bit, 64bit) FreeBSD 5, 6, 7, 8, 9
Seems too imprecise.ย ::)
Yeah, there is no chance we'd run a binary blob anyhow, I wouldn't want to do that even as a package. There is just no way to ensure it's secure. Even when the source appears, until someone else gives it a once-over, it's still not going to really be all that trustworthy, but at least it would be open to review.
For now though someone could toss the windows version on a local box, forward a few ports in, and have at it.
-
Does anyone want me to do any testing and report back?
-
I use Adito for users in environments who cannot install any VPN clients. I do not run Adito on pfSense, but on a Windows box behind pfSense.
Connection to Adito is done via a web browser over HTTPS. The somewhat painful part is that you'll need an SSL certificate. When users connects to Adito via the web browser, they log in into a Web GUI where they can start tunnels. The web browser then downloads a Java application (the "Adito Agent"), which is the VPN client. The Adito Agent communicates with the Adito server via HTTPS. Unlike your usual VPN client, the Adito Agent does not really provide LAN-like connectivity to the remote network. Instead, you access remote resources by connecting to Adito Agent (for example, a VNC tunnel which is configured to point to a VNC server at somehost.com:5800 will be used by entering 127.0.0.1:5800 as server address into the VNC client).
Adito appears to be bady maintained, if at all. It's written in Java. The only reason why I use it is that it works in restrictive environments where installation of applications is impossible and network traffic is layer 7 filtered to prevent anything useful going on (and only HTTPS traffic is unharmed).
-
Could we get something like this integrated into Pfsense?
http://www.cybelesoft.com/thinrdp/default.aspx/#tabs-4
-
Or even this which is open source!
http://guac-dev.org/
-
@craigduff - There is a "Packages Wishlist" thread for those kinds of suggestions.
If they actually work on FreeBSD, and someone wants to take the time to make a package out of one of them, it may show up.
-
Or even this which is open source!
http://guac-dev.org/You can install it (as I've made) on a Linux server behind pfSense and the result is the same..
-
Softether, to me seems like a fix for something thats not broken - openvpn.
That said, choices are nice.
As far as ease of use for the end user, if you ship a end user a exported openvpn config file that uses certs only and doesn't ever require a password and they are not smart enough to double click an executable and press a connect button, I'd suggest they aren't smart enough to use any vpn.
-
I am one of "the developers" โ until the source shows up, it's not an option. When the source shows up, if it's feasible, we'll look at it.
The source code seems to be available now:
http://www.softether.org/9-about/News/800-open-source -
I am one of "the developers" โ until the source shows up, it's not an option. When the source shows up, if it's feasible, we'll look at it.
The source code seems to be available now:
http://www.softether.org/9-about/News/800-open-sourcePlease, pleaseย ::) Add this nice vpn to pfsense 2.2 !
-
That is an interesting solution assuming the code can be trusted (has it been thoroughly looked at yet for security issues after going open source for example).
One of the things that held me up using OpenVPN for users (I still use it for admins) is that openvpngui must be run as administrator or the routes needed do not get created when a user authenticates to start the tunnel.ย I am waiting for the day that openvpn creates a Windows service in the official installer to handle that for the user to get around that restriction.ย Yes you can get around it by making the tunnels not require authentication during startup and have the tunnels start up automatically but I do not like that idea from a security standpoint (which is the whole idea of the solution to begin with).
-
Hi!
SoftEther is in freebsd ports
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188437Maybe it's time to look on SoftEther as part of pfSense?
-
I've been using Softether for many years and never had any issues. Would be very nice to add this software to pfsense ;)
-
This post is deleted!
