Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allowing custom connection definitions to be set from the GUI

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      justauserforaday
      last edited by

      TL;DR: pfSense functionality addition of adding custom options/connections to 'ipsec.conf' + 'strongswan.con' using the pfSense GUI

      First of all, great decision including strongSwan and getting rid of Racoon.

      There might be scenario's in which one would like to get an IPSEC connection setup with custom options that the GUI doesn't account for (I can name a few). There are 2 ways forward as I see it:

      1. Request for additional functionality -> Add the necessary custom options in the GUI. Upon approval and code change, the additional functionality would be available in an upcoming release of pfSense
      2. Create your own custom files (ipsec.conf, strongswan.conf), change /etc/inc/vpn.inc to not overwrite the manually edited files (ipsec.conf, strongswan.conf), and additionally, making sure these files will be copied back to /var/etc/ipsec after a reboot (using something like shellcmd, or a custom RC script)

      The way forward is option 1 i'd say, however, luck and time passes by before getting to your goal, one that the whole pfSense community could be enjoying. The workaround is option 2, however, it is quite a hack, and it makes easy upgrading of pfSense to future versions time consuming and error prone.

      To meet one in the middle, how about being able to set custom options for strongSwan from the GUI ? Meaning; being able to add custom connections to the 'ipsec.conf' file, and perhaps also adding custom options to the 'strongswan.conf' file. There are a couple of packages that the GUI allows configuration additions for (named, DNS forwarder, DNS resolver). These package GUI sections provide one with a box in which custom options can be specified. These options will be appended to the package's configuration file, and all is well, and more importantly, not a ugly hack as previously mentioned option 2. Most importantly, it would allow for custom configurations not supported for through the GUI, until said custom configuration/functionality is either being accepted for inclusion, or rejected for inclusion within pfSense.

      Is it feasible to include GUI options for adding custom IPSEC configuration ?

      It has been done before it seems, at least for the OSPF package (reference: https://www.reddit.com/r/PFSENSE/comments/3108ph/is_there_any_way_to_preventing_pfsense_from/).

      1 Reply Last reply Reply Quote 0
      • F
        fastpilot
        last edited by

        Any news on this? We're looking for similar functionality with IPSec (multiple mobile client profiles). Maybe a Redmine issue may work better?

        1 Reply Last reply Reply Quote 0
        • N
          nreadshaw
          last edited by

          I would find this option useful as well, to be able to set connection inactivity configuration.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.