OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: Zeitkind on July 19, 2016, 12:50:00 pm
-
Did not notice L2TP was gone. Checked today and did not find any trace of L2TP/PPTP or PPPoE. Read it was made a plugin a while ago. But it's neither available under VPN nor as a plugin or package. The only installable plugins are os-haproxy, os-helloworld, os-smart, os-vmware and os-xen. So I checked for updates - non. OPNsense 16.7.b_514-i386, FreeBSD 10.2-RELEASE-p19, OpenSSL 1.0.2h 3 May 2016. Checked for errors - none. Tried to update via terminal - none.
Makes me wonder. I think I'm on a dead road atm, because there are already 2 RC's out. Any ideas?
-
Either use the instructions to switch to RC as the plugins will show up there in the GUI or install from the command line:
# pkg install ospriv-l2tp
# pkg install ospriv-pptp
# pkg install ospriv-pppoe
Depending on which VPN you need.
We couldn't publish these plugins in 16.1 as installing them can clash with the installed core package type, ending up in upgrade scenarios that remove the GUI completely.
Instructions for the RC upgrade are here, probably what you would rather want:
https://forum.opnsense.org/index.php?topic=917.msg10577#msg10577
Cheers,
Franco
-
OK, Upgrade worked (see for a typo in that other thread) and plugins are installable.
But there should be a better to find info on how to upgrade the developer versions to RC - or at least some kind of warning, that a normal update won't help. Guess same will happen with final?
-
-devel comes with certain caveats that are best asked here, just like you did. In order to keep 16.1.x sane we have to do a few funky things in -devel. :)
The RC track is completely new and taught us a couple of things, e.g. RC1 wasn't reachable from -devel, but it allowed us to have different FreeBSD versions in parallel. It has problems though: it requires a different signing key and a separate package repository.
And since we do not ship the 16.7 signing key with 16.1 at this point, there is no way to seamlessly upgrade to the RC. This is intended as a safeguard mechanism.
The following warning message will be displayed in the firmware section in the last version that's going to be 16.1.20:
"Legacy VPN Servers for L2TP, PPPoE, and PPTP moved to plugins and need to be installed in order to still make use of them. Your configurations will persist, but may have to be adapted to adhere to the requirements of the MPD5 server daemon. The most important change is that your listening address needs to be a known address, preferably using a Virtual IP from the firewall settings."
-
if i were you i wouldn't use L2TP, i would go for openVPN of IPSEC.
-
if i were you i wouldn't use L2TP, i would go for openVPN of IPSEC.
I use OpenVPN for about 10 years now. Problem are companies and customer that still demand PPTP or at least a VPN that works right out of the box on client machines. For there is still no (simple) way to use Microsofts SSTP-VPN, L2TP is the only answer.
-
I would convince the customer the security risk they could have .
-
if i were you i wouldn't use L2TP, i would go for openVPN of IPSEC.
I use OpenVPN for about 10 years now. Problem are companies and customer that still demand PPTP or at least a VPN that works right out of the box on client machines. For there is still no (simple) way to use Microsofts SSTP-VPN, L2TP is the only answer.
I'd ask them whether they leave the keys in the front door of their house, or their office, or their nice car.
I'd also ask them are they happy that most of the known planet is listening to every character of their data
Would they be happy if all those people actually just turned up at their office and house and walked in without any permission and started rifling through all their documents and reading and copying everything ?
Are they happy to sit in front of a judge and risk fines or even jail for not protecting their, or their clients data properly ?
Do they really not care THAT much ?
Windows users (slapshead)..... :-)
B. Rgds
John
-
L2TP over IPSec is safe to use, but complicated and often fails if cheap routers on client side do weird things. Only PPTP should not be used anymore.