Hi
Is there the possibility to support route based VPN's ? This is becoming more prevelant when connecting to specific cloud providers (ie Azure)
IE: (I haven't verified any of the links as working implementations)
https://genneko.github.io/playing-with-bsd/networking/freebsd-vti-ipsec
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN
https://vincent.bernat.im/en/blog/2017-route-based-vpn
Thoughts ?
Thanks
Quote from: rhyse on December 31, 2017, 10:08:46 AM.
+1
pfSense is making this a 2.5 feature and 2.5 is going to require AES-NI.
We can have a look when 18.1 is released. Havent tested vti in 11.1 yet.
+1 +1 +1 +1...
+1 ... PFSense already support it
https://redmine.pfsense.org/issues/8544
Sure, who will contribute? I'll offer review.
Cheers,
Franco
You can vote here if you like
https://github.com/opnsense/core/issues/2332
Perhaps someone is willing to help.
In theory it's working fine ...
I want to know how about this. I think it is a really important feature!
Is it possible to get it in the next time?
Not before 19.1 .. hopefully with 19.7.
And when will 19.1 or 19.7 be released?
20(19) January (1)
20(19) July (7)
Quote from: mimugmail on October 31, 2018, 03:34:10 PM
20(19) January (1)
20(19) July (7)
Thanks for that information.
Is it sure, that this function will be implemented then? Or is it a "maybe"
I personally think it's more a "maybe", as what I've seen in the previous linked GitHub issue. It's also quite a important feature for me - basically one of the core reasons I haven't migrated over to OPNsense yet.
With certain users, it's always that one feature we don't have. We can't be good at everything all the time. :)
Cheers,
Franco
It's one of the reasons I now use Linux/Iptables in places where I would have used Opnsense :(
You cant compare Linux/Iptables with OPNsense cause FreeBSD Vanilla also can achieve Route based IPsec
Quote from: mimugmail on November 03, 2018, 01:07:42 PM
You cant compare Linux/Iptables with OPNsense cause FreeBSD Vanilla also can achieve Route based IPsec
I'm sure it can, but I happen to be more familiar with Linux and iptables than I am with BSD/ PF, where I need a route based VPN to land on a virtual router I tend to use Linux to do it. It just so happens to be what works for me in that situation.
Also there was a typo in my previous post it should have said now not "know"
Quote from: franco on November 02, 2018, 06:53:49 PM
With certain users, it's always that one feature we don't have. We can't be good at everything all the time. :)
I know that many projects, OPNsense is no exception here, can not statisfy the need of just everyone around the globe. My intention was just raising a bit attention to this feature request - maybe for any priorisation for kind of roadmaps or so.
Probably crowdfunding-stuff would be great here. I'm an individual, OPNsense would be for private usage and I do not have enough resources to contribute tons of money to fund this alone :) (I would, if I could)
Now, in 19.1.4 there is a feature called ipsec vti.
Is it possible to do a route based vpn with this?
An how to set it up? I read on pfsense tutorial that there has to be a /30 subnet for tunnel ip. But it is not possible to enter a /30 in the settings like it is mentioned in the tutorial (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipsec-routed.html).
Do you know how to do right?
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/ipsec-s2s-route.rst
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/ipsec-s2s-route-azure.rst