Hi!
I'm wondering if there is any VPN in OPNsense that can provide web-based access.
I mean, the clients will have to use just web browsers and no other apps. Is there something to achieve this?
Thanks!
Quote from: sweetfoxxy on March 03, 2021, 03:55:29 PM
Hi!
I'm wondering if there is any VPN in OPNsense that can provide web-based access.
I mean, the clients will have to use just web browsers and no other apps. Is there something to achieve this?
Thanks!
Are you talking about a VPN client or a VPN server?
For clients on the same network, once you set up the VPN client in Opnsense, you don't need anything on the client machines. You can set up firewall rules based on client IP or aliases or even interfaces -- if you divide your network between multiple VLANs.
For VPN server, I don't think there's anything browser based. But with the client export, it's really easy to install the proper configs on the client machines - which are NOT on the same network. But as far as I know, you do need to install something which will enable you to connect to your VPN server.
I mean something that fortinet does
Like this: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/429248/ssl-vpn-web-portal
Which features do you need? Access Websites or RDP/SSH?
Quote from: sweetfoxxy on March 04, 2021, 03:14:29 PM
I mean something that fortinet does
Like this: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/429248/ssl-vpn-web-portal
You mean that stuff that often has security bleaches ?
I am a big fan of Apache Guacamole:
https://guacamole.apache.org
Remote access via browser. Targets: RDP, VNC, SSH. Various authentication backends. In short: everything those commercial "SSL portals" offer, only well designed, with current crypto (only depending on your frontend webserver) and open source. The frontend is HTML5.
The downside: the engine/server is written in Java and deployed via Tomcat. That's quite a mouthful in terms of memory requirements.
While it might be added as a plugin to OPNsense I would recommend against it for this reason. On the plus side: it runs beautifully from FreeBSD packages on a suitable FreeBSD machine or in a jail. It's simple to setup. And you can use OPNsense's HAproxy to handle TLS and the certificates and then relay HTTP(S) to your Guacamole server.
HTH, kind regards,
Patrick
It should already work via community repo, but only pkg, no plugin. Too hard to template. I wrote a guide in FreeBSD Wiki for it
Hi there! Yes, you can use the web-based VPN feature in OPNsense to provide access to your clients. This feature allows you to use a web browser to access the VPN, which is perfect for your scenario. You can find more information on how to set this up in the documentation. If you still encounter some difficulties, it would help if you try using thunder vpn windows (https://bestappsforpc.co/thunder-vpn-fast-safe-vpn-for-pc-latest-version-for-windows-free-download/). It's great because this VPN provider is completely free. I hope this helps you! Let me know if you still have any questions!