Where best to run OpenVPN - in FreeNAS jail, or firewall package

[ralphy]

OpenVPN is included in Freenas 8.3, and firewall packages such as ipcop and pfsense.

Notwithstanding any merits of running the firewall on a dedicated machine, I intend to run Freenas and a firewall under ESXI.

Whilst OpenVPN under Freenas does not yet have the benefit of a GUI interface, what reasons might there be to run OpenVPN within FreeNAS as opposed to running it within ipcop or pfsense? Does it make any difference at the end of the day in a VM environment?

 

[survive]

Hi ralphy,

I can't really give you a list of pros & cons or when & where it's appropriate to run your vpn from, I suppose it gets down to what you want the vpn to connect to\what problem you are looking to solve. Without more details I can't really advise you one way or the other.

If you are just looking for outside access to your internal network then I would strongly consider using pfsense for your firewall and using that for your vpn access. For what it's worth I run pfsense in a vm under ESXi & it works great. The one bit of advice I can give is that you Google around for a guide on how to install the real vmware tools & use the vmxnet3 NIC for your inside NIC, doing that really brought down the cpu utilization on the vm because pfsense no longer had to "run" the virtual em NIC.

-Will

 

[ralphy]

I can't really give you a list of pros & cons or when & where it's appropriate to run your vpn from, I suppose it gets down to what you want the vpn to connect to\what problem you are looking to solve. Without more details I can't really advise you one way or the other.

Good point - 'road warrior' access. I've lost count of the number of times I've been travelling and left important files behind and have had to call home to have them emailed to me! But it will also give me a chance to remote desktop into various machines on the home network to support the family when travelling. I've had to do that once or twice with teamviewer, which works, but not quite the same.

If you are just looking for outside access to your internal network then I would strongly consider using pfsense for your firewall and using that for your vpn access. For what it's worth I run pfsense in a vm under ESXi & it works great. The one bit of advice I can give is that you Google around for a guide on how to install the real vmware tools & use the vmxnet3 NIC for your inside NIC, doing that really brought down the cpu utilization on the vm because pfsense no longer had to "run" the virtual em NIC.

-Will

Thanks for this advice Will. Does this apply to the Freenas NIC too, or just pfsense?

 

[survive]

Hi ralphy,

It sounds like you really want to be able to vpn to your router\firewall\"edge device" so you can get at whatever boxes you need to that are on the inside network at home. For that you want to use openvpn on pfsense over doing it on your filer.

Installing the full-fat vmware tools is something that kind of divides the FreeNAS visualization guys. FreeNAS ships with the open-source open-vm-tools installed & that will do most of what you need, but it doesn't have the proprietary VMware bits like the paravirtual SCSI controller or the vmxnet3 NIC. The problem is that you need a half dozen-ish packages\ports installed in order to install & run the VMware factory tools that are just to darn big to fit on the one of the OS slices on the USB key.

-Will