2
0
mirror of https://github.com/opnsense/docs synced 2024-11-05 06:00:36 +00:00
opensense-docs/source/manual/vpnet.rst

105 lines
3.0 KiB
ReStructuredText
Raw Normal View History

==========================
Virtual Private Networking
==========================
A virtual private network secures public network connections and in doing so it
extends the private network into the public network such as internet. With a VPN
you can create large secure networks that can act as one private network.
.. image:: images/Virtual_Private_Network_overview.png
2018-07-31 14:51:11 +00:00
:width: 100%
(picture from `wikipedia <https://en.wikipedia.org/wiki/File:Virtual_Private_Network_overview.svg>`__)
Companies use this technology for connecting branch offices and remote users
(road warriors).
OPNsense supports VPN connections for branch offices as well as remote users.
Creating a single secured private network with multiple branch offices connecting
to a single site can easily be setup from within the graphical user interface.
For remote users, certificates can be created and revoked and a simple to use export
utility makes the client configuration a breeze.
--------------------------
Supported VPN technologies
--------------------------
2018-11-09 12:52:31 +00:00
OPNsense offers a wide range of VPN technologies ranging from modern SSL VPNs to
well known IPsec as well as older (now considered insecure) legacy options such as
L2TP and PPTP.
.. image:: images/vpn.png
.. Note::
VPN technologies displayed with an open lock are considered to be insecure.
Integrated VPN options
----------------------
Integrated solutions are those that are available within the GUI without installing
any additional package or plugin. These include:
* **IPsec**
* **OpenVPN (SSL VPN)**
Plugin VPN options
------------------
Via plugins additional VPN technologies are offered, including:
* **Legacy L2TP & PPTP**
2019-01-29 07:45:16 +00:00
* **OpenConnect** - SSL VPN client, initially build to connect to commercial vendor appliances like Cisco ASA or Juniper.
* **Tinc** - Automatic Full Mesh Routing
2019-01-29 07:45:16 +00:00
* **WireGuard** - Very simple and fast VPN working with public and private keys.
* **Zerotier** - seamlessly connect everything, requires account from zerotier.com, free for up to 100 devices.
-------------
Configuration
-------------
2018-11-09 11:18:28 +00:00
Please read our how-tos for configuration examples and more detailed information.
IPsec Road Warrior
-------------------
:doc:`how-tos/ipsec-road`
2019-03-15 13:48:51 +00:00
IPsec Site-to-Site (policy-based)
---------------------------------
:doc:`how-tos/ipsec-s2s`
2019-03-15 13:48:51 +00:00
IPsec Site-to-Site (route-based)
---------------------------------
:doc:`how-tos/ipsec-s2s-route`
IPsec Site-to-Site with BINAT
2018-03-09 10:34:36 +00:00
-----------------------------
:doc:`how-tos/ipsec-s2s-binat`
OpenVPN/SSL Road Warrior
------------------------
:doc:`how-tos/sslvpn_client`
OpenVPN/SSL Site-to-Site
------------------------
:doc:`how-tos/sslvpn_s2s`
2018-07-16 06:14:02 +00:00
OpenConnect Client
------------------
:doc:`how-tos/openconnect`
2018-09-14 07:52:16 +00:00
WireGuard Site-to-Site
2018-11-03 14:31:59 +00:00
----------------------------
2018-09-14 07:52:16 +00:00
:doc:`how-tos/wireguard-s2s`
2018-09-21 11:03:19 +00:00
WireGuard Road Warrior
2018-10-28 17:56:59 +00:00
----------------------
2018-09-21 11:03:19 +00:00
:doc:`how-tos/wireguard-client`
2018-11-03 14:31:59 +00:00
:doc:`how-tos/wireguard-client-azire`
2018-11-03 14:31:59 +00:00
:doc:`how-tos/wireguard-client-mullvad`
2018-09-21 11:03:19 +00:00
Zerotier
--------
:doc:`how-tos/zerotier`