Switching to OpenVPN, concerns.

wmckay85

Hello,

I took over an PFsense appliance, and it seems very nice so far and I've enjoyed learning how to modify and implement new features.

That being said I noticed that the current dial-in VPN is using PPTP and RADIUS authentication against a 2008 server. These are things I'm not very familiar with and I read are not secure!

I would like to switch over to OpenVPN and I even found a few guides on how to accomplish this. My concern is that I need to leave the current VPN in place until I can create instructions to give to users so they can connect with OpenVPN.

Can I configure OpenVPN and test it without taking down the existing VPN?

Thanks in advance for any replies!

divsys

Well, given what you've described I would say ….... probably  ;)

In general I can envision adding an OpenVpn server on pfSense that operates in parallel with the existing setup for testing purposes.

We need a few more details to be able to suggest more:

Do you have more than one dialin connection?
Can you use anything other than dial-in (IP? ) even if only for testing?
How many users connect and how many are defined in the Radius DB?
What kind/volume of traffic is expected to be handled over the link?
What version of pfSense is the current system running?

Anything you can add to describe the setup in more detail would be helpful.

wmckay85

@divsys:

Well, given what you've described I would say ….... probably  ;)

In general I can envision adding an OpenVpn server on pfSense that operates in parallel with the existing setup for testing purposes.

We need a few more details to be able to suggest more:

Do you have more than one dialin connection?
Can you use anything other than dial-in (IP? ) even if only for testing?
How many users connect and how many are defined in the Radius DB?
What kind/volume of traffic is expected to be handled over the link?
What version of pfSense is the current system running?

Anything you can add to describe the setup in more detail would be helpful.

Maybe I mis-spoke, but the users simply add the VPN as a connection in Windows and activate it. I do have a T1 line that is mostly VOIP traffic and could be used for testing.

File transfers and LOB app traffic.

It's not the latest, it's PFsense 2.1.5

Derelict

Should be fine as long as the subnet you use for the new Remote Access OpenVPN doesn't conflict with anything.  I can't think of a reason they can't coexist.

Good to hear about another PPTP installation going away.

wmckay85

I should be doing this in the next week or so, if I do my part right the next post I make on this will be a successful-themed one!