OPNsense Forum

English Forums => General Discussion => Topic started by: rhyse on December 31, 2017, 10:08:46 am

Title: Feature Request: Route Based VPN
Post by: rhyse on December 31, 2017, 10:08:46 am
Hi

Is there the possibility to support route based VPN's ? This is becoming more prevelant when connecting to specific cloud providers (ie Azure)

IE: (I haven't verified any of the links as working implementations)
https://genneko.github.io/playing-with-bsd/networking/freebsd-vti-ipsec
https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN
https://vincent.bernat.im/en/blog/2017-route-based-vpn

Thoughts ?

Thanks
Title: Re: Feature Request: Route Based VPN
Post by: mickrussom on January 24, 2018, 03:37:35 am
.
+1

pfSense is making this a 2.5 feature and 2.5 is going to require AES-NI.
Title: Re: Feature Request: Route Based VPN
Post by: mimugmail on January 24, 2018, 08:14:29 am
We can have a look when 18.1 is released. Havent tested vti in 11.1 yet.
Title: Re: Feature Request: Route Based VPN
Post by: skyjam on January 24, 2018, 10:08:49 am
+1   +1   +1   +1...
Title: Re: Feature Request: Route Based VPN
Post by: ccesario on June 19, 2018, 05:00:39 pm
+1 ... PFSense already support it

https://redmine.pfsense.org/issues/8544
Title: Re: Feature Request: Route Based VPN
Post by: franco on June 21, 2018, 10:44:39 am
Sure, who will contribute? I'll offer review.


Cheers,
Franco
Title: Re: Feature Request: Route Based VPN
Post by: mimugmail on June 21, 2018, 04:38:12 pm
You can vote here if you like

https://github.com/opnsense/core/issues/2332

Perhaps someone is willing to help.


In theory it's working fine ...
Title: Re: Feature Request: Route Based VPN
Post by: Dasch on October 31, 2018, 02:42:24 pm
I want to know how about this. I think it is a really important feature!
Is it possible to get it in the next time?
Title: Re: Feature Request: Route Based VPN
Post by: mimugmail on October 31, 2018, 02:45:49 pm
Not before 19.1 .. hopefully with 19.7.
Title: Re: Feature Request: Route Based VPN
Post by: Dasch on October 31, 2018, 03:01:37 pm
And when will 19.1 or 19.7 be released?
Title: Re: Feature Request: Route Based VPN
Post by: mimugmail on October 31, 2018, 03:34:10 pm
20(19) January (1)
20(19) July (7)
Title: Re: Feature Request: Route Based VPN
Post by: Dasch on November 02, 2018, 04:29:29 pm
20(19) January (1)
20(19) July (7)

Thanks for that information.

Is it sure, that this function will be implemented then? Or is it a "maybe"
Title: Re: Feature Request: Route Based VPN
Post by: pkernstock on November 02, 2018, 04:59:14 pm
I personally think it's more a "maybe", as what I've seen in the previous linked GitHub issue. It's also quite a important feature for me - basically one of the core reasons I haven't migrated over to OPNsense yet.
Title: Re: Feature Request: Route Based VPN
Post by: franco on November 02, 2018, 06:53:49 pm
With certain users, it's always that one feature we don't have. We can't be good at everything all the time. :)


Cheers,
Franco
Title: Re: Feature Request: Route Based VPN
Post by: dragon2611 on November 03, 2018, 12:41:32 pm
It's one of the reasons I now use Linux/Iptables  in places where I would have used Opnsense  :(
Title: Re: Feature Request: Route Based VPN
Post by: mimugmail on November 03, 2018, 01:07:42 pm
You cant compare Linux/Iptables with OPNsense cause FreeBSD Vanilla also can achieve Route based IPsec
Title: Re: Feature Request: Route Based VPN
Post by: dragon2611 on November 03, 2018, 06:00:49 pm
You cant compare Linux/Iptables with OPNsense cause FreeBSD Vanilla also can achieve Route based IPsec

I'm sure it can, but I happen to be more familiar with Linux and iptables than I am with BSD/ PF, where I need a route based VPN to land on a virtual router I tend to use Linux to do it.  It just so happens to be what works for me in that situation.

Also there was a typo in my previous post it should have said now not "know"
Title: Re: Feature Request: Route Based VPN
Post by: pkernstock on November 03, 2018, 06:37:44 pm
With certain users, it's always that one feature we don't have. We can't be good at everything all the time. :)

I know that many projects, OPNsense is no exception here, can not statisfy the need of just everyone around the globe. My intention was just raising a bit attention to this feature request - maybe for any priorisation for kind of roadmaps or so.

Probably crowdfunding-stuff would be great here. I'm an individual, OPNsense would be for private usage and I do not have enough resources to contribute tons of money to fund this alone :) (I would, if I could)
Title: Re: Feature Request: Route Based VPN
Post by: Dasch on March 19, 2019, 11:27:48 am
Now, in 19.1.4 there is a feature called ipsec vti.
Is it possible to do a route based vpn with this?
An how to set it up? I read on pfsense tutorial that there has to be a /30 subnet for tunnel ip. But it is not possible to enter a /30 in the settings like it is mentioned in the tutorial (https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipsec-routed.html).
Do you know how to do right?
Title: Re: Feature Request: Route Based VPN
Post by: mimugmail on March 19, 2019, 02:03:24 pm
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/ipsec-s2s-route.rst
https://github.com/opnsense/docs/blob/master/source/manual/how-tos/ipsec-s2s-route-azure.rst