Show Posts
1
Virtual private networks / OpenVPN Groups and MFA?
« on: March 12, 2024, 09:54:40 am »
Hello everyone!
I was tasked by a customer with looking into setting up a OpenVPN based solution for User VPNs, because our current implementation with a FortiGate and its SSL VPN is going up in flames (the most well optimized and structurally sound thing since my grandmother's hips). Our "old" pfSense OpenVPN setup that only still exists because of the issues with the FortiGate VPN also has to be axed because it is, in plain terms, one steaming pile of garbage. This came to be before my time, and was done in this way because the people there apparently work 28 hours a day and 12 days a week, any downtime has to be planned months in advance.
To be clear, as a Firewall the FortiGate is staying, but I have to find a different VPN Solution, . This solution needs to fulfill some requirements:
Part of the task is to try OPNsense first and foremost, since pfSense doesn't provide all the things we need and the OpenVPN Access Server is quite pricey for the couple dozen Users we have.
If anyone could tell me if OPNsense can do what I've listed, you'd save me a wild goose chase for answers and hours of throwing spaghetti at the wall to see what sticks.
I was tasked by a customer with looking into setting up a OpenVPN based solution for User VPNs, because our current implementation with a FortiGate and its SSL VPN is going up in flames (the most well optimized and structurally sound thing since my grandmother's hips). Our "old" pfSense OpenVPN setup that only still exists because of the issues with the FortiGate VPN also has to be axed because it is, in plain terms, one steaming pile of garbage. This came to be before my time, and was done in this way because the people there apparently work 28 hours a day and 12 days a week, any downtime has to be planned months in advance.
To be clear, as a Firewall the FortiGate is staying, but I have to find a different VPN Solution, . This solution needs to fulfill some requirements:
- User Groups with granular permissions (down to specified IP and Port)
- The ability to assign a User to multiple Groups
- A MFA solution that is NOT cloud-based
- NO cloud in fact. For some certification that I don't remember we cannot use cloud services
- Simple config management, if possible just one config for all users
Part of the task is to try OPNsense first and foremost, since pfSense doesn't provide all the things we need and the OpenVPN Access Server is quite pricey for the couple dozen Users we have.
If anyone could tell me if OPNsense can do what I've listed, you'd save me a wild goose chase for answers and hours of throwing spaghetti at the wall to see what sticks.