Re: OpenVPN Open Beta
Posted: Tue Aug 18, 2015 3:41 pm
There's are good usage cases for enabling additional logins to the VPN server but we'll need to decide if it is practical for us to address them.
What is the primary usage case, then?kgc wrote:There's are good usage cases for enabling additional logins to the VPN server but we'll need to decide if it is practical for us to address them.
Any update on this? Is there an ETA on the IPSEC solution?dane wrote:The Edgerouter's Cavium chip does IPSEC in hardware, so we're working on an IPSEC VPN solution which will be more appropriate than OpenVPN for that equipment. FYI!
One account, one VPN login. But I agree that wanting multiple sessions with different logins is a reasonable request. While adding more is technically possible, it raises questions on pricing as well as requiring additional management overhead and we haven't discussed if this will be something that we decide to address.svist wrote:What is the primary usage case, then?kgc wrote:There's are good usage cases for enabling additional logins to the VPN server but we'll need to decide if it is practical for us to address them.
Not at this time but there are some other solutions including a pfsense box with SSL offload as a OpenVPN client that may be easier to support than IPSEC on an Edgerouter. Or, perhaps Ubiquiti will update their vyatta fork to offload ssl to the cavium chip. (IRRC, it is technically possibly to do so.)mbhinder wrote:Any update on this? Is there an ETA on the IPSEC solution?dane wrote:The Edgerouter's Cavium chip does IPSEC in hardware, so we're working on an IPSEC VPN solution which will be more appropriate than OpenVPN for that equipment. FYI!
Why not just put the pfSense box behind the 5268? (BTW, the WiFi on the 5268 is really good, so I would suggest utilizing that.)Guest Guest wrote:>> Are any of the folks in this thread using pfSense today, with our new OpenVPN platform?
I would if I wasn't forced to use the crappy Sonic provided Pace modem/"router"........
My pfsense box has sat idle since I got the new 5268 that won't support bridge mode......
We do not anticipate removing VPN from production as a feature. It may change in configuration or settings, but we've got to offer it for customers to have Sonic-grade security and privacy.svist wrote:By the way, how does this play with AT&T fiber upgrade? If I upgrade and lock in for a year -- and pipe all my traffic through the VPN, will the VPN still be around all these months? If not, would I just become AT&T customer?