2018-01-30 10:40:13 +00:00
|
|
|
==========================
|
|
|
|
Virtual Private Networking
|
|
|
|
==========================
|
|
|
|
|
|
|
|
A virtual private network secures public network connections and in doing so it
|
|
|
|
extends the private network into the public network such as internet. With a VPN
|
|
|
|
you can create large secure networks that can act as one private network.
|
|
|
|
|
|
|
|
.. image:: images/Virtual_Private_Network_overview.png
|
2018-07-31 14:51:11 +00:00
|
|
|
:width: 100%
|
2018-01-30 10:40:13 +00:00
|
|
|
|
|
|
|
(picture from `wikipedia <https://en.wikipedia.org/wiki/File:Virtual_Private_Network_overview.svg>`__)
|
|
|
|
|
|
|
|
Companies use this technology for connecting branch offices and remote users
|
|
|
|
(road warriors).
|
|
|
|
|
|
|
|
OPNsense supports VPN connections for branch offices as well as remote users.
|
|
|
|
|
|
|
|
Creating a single secured private network with multiple branch offices connecting
|
|
|
|
to a single site can easily be setup from within the graphical user interface.
|
|
|
|
For remote users, certificates can be created and revoked and a simple to use export
|
|
|
|
utility makes the client configuration a breeze.
|
|
|
|
|
|
|
|
--------------------------
|
|
|
|
Supported VPN technologies
|
|
|
|
--------------------------
|
2018-11-09 12:52:31 +00:00
|
|
|
OPNsense offers a wide range of VPN technologies ranging from modern SSL VPNs to
|
2018-01-30 10:40:13 +00:00
|
|
|
well known IPsec as well as older (now considered insecure) legacy options such as
|
|
|
|
L2TP and PPTP.
|
|
|
|
|
|
|
|
.. image:: images/vpn.png
|
|
|
|
|
|
|
|
.. Note::
|
|
|
|
|
|
|
|
VPN technologies displayed with an open lock are considered to be insecure.
|
|
|
|
|
2019-08-23 07:15:47 +00:00
|
|
|
.................................
|
2018-01-30 10:40:13 +00:00
|
|
|
Integrated VPN options
|
2019-08-23 07:15:47 +00:00
|
|
|
.................................
|
|
|
|
|
2018-01-30 10:40:13 +00:00
|
|
|
Integrated solutions are those that are available within the GUI without installing
|
|
|
|
any additional package or plugin. These include:
|
|
|
|
|
|
|
|
* **IPsec**
|
|
|
|
* **OpenVPN (SSL VPN)**
|
|
|
|
|
|
|
|
|
2019-08-23 07:15:47 +00:00
|
|
|
.................................
|
2018-01-30 10:40:13 +00:00
|
|
|
Plugin VPN options
|
2019-08-23 07:15:47 +00:00
|
|
|
.................................
|
|
|
|
|
2018-01-30 10:40:13 +00:00
|
|
|
Via plugins additional VPN technologies are offered, including:
|
|
|
|
|
|
|
|
* **Legacy L2TP & PPTP**
|
2019-01-29 07:45:16 +00:00
|
|
|
* **OpenConnect** - SSL VPN client, initially build to connect to commercial vendor appliances like Cisco ASA or Juniper.
|
2020-05-17 17:51:50 +00:00
|
|
|
* **Stunnel** - Provides an easy to setup universal TLS/SSL tunneling service, often used to secure unencrypted protocols.
|
2018-01-30 10:40:13 +00:00
|
|
|
* **Tinc** - Automatic Full Mesh Routing
|
2021-03-17 09:08:28 +00:00
|
|
|
* **WireGuard** - Simple and fast VPN protocol working with public and private keys.
|
2018-01-30 10:40:13 +00:00
|
|
|
* **Zerotier** - seamlessly connect everything, requires account from zerotier.com, free for up to 100 devices.
|
|
|
|
|
|
|
|
|
2019-08-27 14:23:45 +00:00
|
|
|
-------------
|
|
|
|
Log Files
|
|
|
|
-------------
|
|
|
|
|
|
|
|
When troubleshooting problems with your firewall, it is very likely you have to check
|
|
|
|
the logs available on your system. In the UI of OPNsense, the log files are generally grouped
|
|
|
|
with the settings of the component they belong to. The log files can be found here:
|
|
|
|
|
|
|
|
================= =============================================== =====================================
|
|
|
|
**IPsec Log** :menuselection:`VPN --> IPsec --> Log File` *Everything around IPsec goes here*
|
|
|
|
**OpenVPN Log** :menuselection:`VPN --> OpenVPN --> Log File` *OpenVPN logs everything here*
|
|
|
|
================= =============================================== =====================================
|
|
|
|
|
|
|
|
.. Note::
|
|
|
|
Log files on file system:
|
|
|
|
/var/log/ipsec.log (clog)
|
|
|
|
/var/log/openvpn.log (clog)
|
|
|
|
|
|
|
|
|
2018-01-30 10:40:13 +00:00
|
|
|
-------------
|
|
|
|
Configuration
|
|
|
|
-------------
|
2018-11-09 11:18:28 +00:00
|
|
|
Please read our how-tos for configuration examples and more detailed information.
|
2018-01-30 10:40:13 +00:00
|
|
|
|
2019-08-23 07:15:47 +00:00
|
|
|
..............
|
|
|
|
IPsec
|
|
|
|
..............
|
|
|
|
|
2018-01-30 10:40:13 +00:00
|
|
|
|
2019-05-05 15:14:21 +00:00
|
|
|
.. toctree::
|
|
|
|
:maxdepth: 2
|
|
|
|
:titlesonly:
|
|
|
|
|
|
|
|
how-tos/ipsec-road
|
|
|
|
how-tos/ipsec-s2s
|
|
|
|
how-tos/ipsec-s2s-route
|
|
|
|
how-tos/ipsec-s2s-binat
|
2019-08-23 07:15:47 +00:00
|
|
|
how-tos/ipsec-rw
|
|
|
|
how-tos/ipsec-rw-android
|
|
|
|
how-tos/ipsec-rw-linux
|
|
|
|
how-tos/ipsec-rw-srv-eapradius
|
|
|
|
how-tos/ipsec-rw-srv-eaptls
|
|
|
|
how-tos/ipsec-rw-srv-ikev1xauth
|
|
|
|
how-tos/ipsec-rw-srv-mschapv2
|
|
|
|
how-tos/ipsec-rw-srv-rsamschapv2
|
|
|
|
how-tos/ipsec-rw-w7
|
|
|
|
how-tos/ipsec-s2s-route-azure
|
|
|
|
|
|
|
|
|
|
|
|
..............
|
|
|
|
OpenVPN
|
|
|
|
..............
|
|
|
|
|
|
|
|
|
|
|
|
.. toctree::
|
|
|
|
:maxdepth: 2
|
|
|
|
:titlesonly:
|
|
|
|
|
2019-05-05 15:14:21 +00:00
|
|
|
how-tos/sslvpn_client
|
|
|
|
how-tos/sslvpn_s2s
|
2019-08-23 07:15:47 +00:00
|
|
|
|
|
|
|
|
|
|
|
..............
|
|
|
|
Other
|
|
|
|
..............
|
|
|
|
|
|
|
|
.. toctree::
|
|
|
|
:maxdepth: 2
|
|
|
|
:titlesonly:
|
|
|
|
|
2019-05-05 15:14:21 +00:00
|
|
|
how-tos/openconnect
|
2020-05-17 17:51:50 +00:00
|
|
|
how-tos/stunnel
|
2019-05-05 15:14:21 +00:00
|
|
|
how-tos/wireguard-s2s
|
|
|
|
how-tos/wireguard-client
|
|
|
|
how-tos/wireguard-client-azire
|
|
|
|
how-tos/wireguard-client-mullvad
|
|
|
|
how-tos/zerotier
|