Client-to-site VPN

[Daniel Santos]

Hello all,

What's the FreeBSD's way for client-to-site VPNs? Is OpenVPN still the standard or do you recommend any other software?

Thanks in advance,

 

[Oko]

I am not sure there is such a thing as FreeBSD's way for client-to-site VPNs. To my knowledge FreeBSD developers have not contributed significantly to any of VPN technologies. There is another logical flow in your question. None of us know who your clients are and what OS they run. What is your objective? What are you trying to accomplish? Personally I have implemented at the place of my employment OpenVPN, L2TP/IPsec, Cisco's AnyConnect SSL VPN, and Palo Alto 2020 for various use cases. Before we go any further with questions I have to state for the record that I am predominantly OpenBSD user and typically use FreeBSD on my file servers as well as a virtualization platform (Jails and yet to try Bhyve) so I have no experience with VPN on FreeBSD.

 

[junovitch@]

Oko is correct and it would help to know more about your goals. As mentioned, there isn't too much uniqueness when it comes to VPNs on FreeBSD. Uniqueness and interoperability with everything else don't exactly mix well together. IPSEC is available in kernel and since ipsec(4) requires a compile time setting due to the network stack overhead that could be considered "unique". Otherwise security/openconnect and security/openvpn are available in the realms of userland VPN applications.

 

[diizzy]

You have a lot of options, IPSec being noticeably more efficient than OpenVPN in terms of hardware. You also have SoftEther which might be what you're looking for, unfortunately there's no port but it's possible to compile it from source.
//Danne