Bounty - OpenVPN GUI and Client/Server options Ported from PfSense

[bluecloud]

Bounty - OpenVPN GUI and Client/Server options Ported from PfSense
- basically exactly what you see above.. we want the same exact configuration for OpenVPN that is inside pFsense to also be inside FreeNAS 8 and up

Please let me know how much but currently i will set the bounty at 300$

 

[ProtoSD]

It doesn't look like that took very long. I see the port has been added to the build already.... ;)

 

[bluecloud]

???? Where ?????

 

[ProtoSD]

I just downloaded the source and started a build, and it's been added. I'm not sure if/when etc. it will come out in an official release, but it's there. I haven't used pfSense, so I don't know if it will be exactly like it is there, but it seems possible it could be included with FreeNAS 8.3.

Maybe people should starting voting for features with donations ;)

I'm joking, but it would be interesting.

 

[bluecloud]

Well when I see it come out our company will donate 300$ as this implementation will save our clients having to buy additional VPN hardware.

 

[William Grzybowski]

openvpn is already in FreeNAS build for a long time, but just the package, no GUI.

You need to configure it manually.

If you're looking for something you can configure in GUI then you need a plugin, thats probably possible with some tweaks but nobody has worked on it yet.

 

[ProtoSD]

Well if I can get the Serviio plugin to work, I'll give the OpenVPN plugin a go. I'll have to finally give pfSense a try to see what you mean... After/IF I get Serviio to work.

 

[bluecloud]

That is what we need the GUI.

Ported from pFsense. With gui

 

[Cordel]

My vote is for a plugin so that it's jailed. I personally like having my VPN and NAS separate specially my NAS, the less that needs to be fussed with is the less likely that someone will get the urge to muck with it and or break it. But most certainly Jailed.

 

[DeliveryGuy]

A plugin really is going to be difficult to get working. OpenVPN needs to run in the host OS, not a jail. I have a little write-up on how to get openvpn running on 8.2 on my blog. http://joepaetzel.wordpress.com/2012/07/24/openvpn-on-freenas-8-2/

 

[ProtoSD]

You must be Josh's doppelganger ;) (or he, yours)

The approach I would look at is using a plugin with a mountpoint to the config folder(s) on the host and some magic to make them writable ;)

EDIT: or just use one of the GUI functions to write the settings to the FreeNAS database, and have it take effect on reboot.

 

[DeliveryGuy]

You must be Josh's doppelganger ;) (or he, yours)

The approach I would look at is using a plugin with a mountpoint to the config folder(s) on the host and some magic to make them writable ;)

EDIT: or just use one of the GUI functions to write the settings to the FreeNAS database, and have it take effect on reboot.

Yeah, he's my big brother. My understanding is that running openvpn as a plugin...which means it is running in the plugin jail, gets pretty ugly. You'd have to do some magic to get the interface up inside the jail. Seems much simpler to run it in the host OS. If the complaint is that there is no gui for it...I think that is in the works, or will be someday.

 

[Cordel]

A plugin really is going to be difficult to get working. OpenVPN needs to run in the host OS, not a jail. I have a little write-up on how to get openvpn running on 8.2 on my blog. http://joepaetzel.wordpress.com/2012/07/24/openvpn-on-freenas-8-2/

There are several issues here. The point of a Filer is data security and retention. The data safety must come first in any NAS. Adding another service net accessible service to the host is another vulnerability to that host. In the commercial NAS world, this is not acceptable and far from best practice. Personally the only reason I even consider FN is solely because of the jail implementation and I'm glad to see 8.2 simplify them as a "plugin" type system.

Had I even known before that Open VPN was installed in the first place, I would have never used it, and I might even consider stripping it out now. Else firing up my NetApp and just bite paying for the energy bill.

There are several ways to implement OpenVPN from within the jail, and that jail can be bound to an ethernet port. BSD is pretty good at this but it does have room for improvement. Specially MAC addressing for the jail for layer one. But this would not affect openVPN either.

I don't know about you, but while I host allot of my media on my filer, MP3s, some movies, etc. I have some very personal material on there as well in the form of personal paperwork, family photos, etc, and confidential work data that could be detrimental to companies or customers if it should be compromised. The filers security is in the commercial world first and for most. Most commercial gear will even take itself offline and shutdown within 24 after any problems are detected if they are not fixed within that time window, just to insure data is not lost.

Linksys makes some nice VPN Routers, I might even have an extra small office commercial version laying about.