OPNsense Forum
English Forums => General Discussion => Topic started by: rhyse on December 31, 2017, 10:08:46 am
-
Hi
Is there the possibility to support route based VPN's ? This is becoming more prevelant when connecting to specific cloud providers (ie Azure)
IE: (I haven't verified any of the links as working implementations)
https://genneko.github.io/playing-with-bsd/networking/freebsd-vti-ipsec
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN
https://vincent.bernat.im/en/blog/2017-route-based-vpn
Thoughts ?
Thanks
-
.
+1
pfSense is making this a 2.5 feature and 2.5 is going to require AES-NI.
-
We can have a look when 18.1 is released. Havent tested vti in 11.1 yet.
-
+1 +1 +1 +1...
-
+1 ... PFSense already support it
https://redmine.pfsense.org/issues/8544
-
Sure, who will contribute? I'll offer review.
Cheers,
Franco
-
You can vote here if you like
https://github.com/opnsense/core/issues/2332
Perhaps someone is willing to help.
In theory it's working fine ...
-
I want to know how about this. I think it is a really important feature!
Is it possible to get it in the next time?
-
Not before 19.1 .. hopefully with 19.7.
-
And when will 19.1 or 19.7 be released?
-
20(19) January (1)
20(19) July (7)
-
20(19) January (1)
20(19) July (7)
Thanks for that information.
Is it sure, that this function will be implemented then? Or is it a "maybe"
-
I personally think it's more a "maybe", as what I've seen in the previous linked GitHub issue. It's also quite a important feature for me - basically one of the core reasons I haven't migrated over to OPNsense yet.
-
With certain users, it's always that one feature we don't have. We can't be good at everything all the time. :)
Cheers,
Franco
-
It's one of the reasons I now use Linux/Iptables in places where I would have used Opnsense :(
-
You cant compare Linux/Iptables with OPNsense cause FreeBSD Vanilla also can achieve Route based IPsec
-
You cant compare Linux/Iptables with OPNsense cause FreeBSD Vanilla also can achieve Route based IPsec
I'm sure it can, but I happen to be more familiar with Linux and iptables than I am with BSD/ PF, where I need a route based VPN to land on a virtual router I tend to use Linux to do it. It just so happens to be what works for me in that situation.
Also there was a typo in my previous post it should have said now not "know"
-
With certain users, it's always that one feature we don't have. We can't be good at everything all the time. :)
I know that many projects, OPNsense is no exception here, can not statisfy the need of just everyone around the globe. My intention was just raising a bit attention to this feature request - maybe for any priorisation for kind of roadmaps or so.
Probably crowdfunding-stuff would be great here. I'm an individual, OPNsense would be for private usage and I do not have enough resources to contribute tons of money to fund this alone :) (I would, if I could)
-
Now, in 19.1.4 there is a feature called ipsec vti.
Is it possible to do a route based vpn with this?
An how to set it up? I read on pfsense tutorial that there has to be a /30 subnet for tunnel ip. But it is not possible to enter a /30 in the settings like it is mentioned in the tutorial (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipsec-routed.html).
Do you know how to do right?
-
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/ipsec-s2s-route.rst
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/ipsec-s2s-route-azure.rst