[Chugalug] Open VPN Access Server

classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] Open VPN Access Server

Mike Harrison-4

Just installed an OpenVPN Access Server:

https://openvpn.net/index.php/access-server/overview.html

Not sure I like the license cost for more than 2 clients, 10 devices for $120 per year. But if it continues to work well: worth it.

I’m just thinking with things.. but wanted to share.



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Stephen Kraus
I run OpenVPN on both my Asus and my Pfsense internal box. I love it.

On Mon, Apr 16, 2018, 10:37 PM Mike Harrison <[hidden email]> wrote:

Just installed an OpenVPN Access Server:

https://openvpn.net/index.php/access-server/overview.html

Not sure I like the license cost for more than 2 clients, 10 devices for $120 per year. But if it continues to work well: worth it.

I’m just thinking with things.. but wanted to share.



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

On Apr 16, 2018 10:37 PM, "Mike Harrison" <[hidden email]> wrote:

Just installed an OpenVPN Access Server:

https://openvpn.net/index.php/access-server/overview.html

Not sure I like the license cost for more than 2 clients, 10 devices for $120 per year. But if it continues to work well: worth it.

I’m just thinking with things.. but wanted to share.



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

kitepilot
In reply to this post by Mike Harrison-4
Hmmmmmmmm...
I've been running my own OpenVPN server for more than a decade.
For free...
No issues.
How's that different?
Other than the cost...
ET

 

Mike Harrison writes:

>
> Just installed an OpenVPN Access Server:
>
> https://openvpn.net/index.php/access-server/overview.html 
>
> Not sure I like the license cost for more than 2 clients, 10 devices for $120 per year. But if it continues to work well: worth it.
>
> I’m just thinking with things.. but wanted to share.  
>
>  
>
> _______________________________________________
> Chugalug mailing list
> [hidden email]
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

David White-2
I run my own OpenVPN server as well.

Synology has a great VPN solution built into it, which supports IPSec as well as OpenVPN. That's what I use. But I've also setup OpenVPN on Linode before. Works like a charm.

On Tue, Apr 17, 2018 at 6:16 AM, <[hidden email]> wrote:
Hmmmmmmmm...
I've been running my own OpenVPN server for more than a decade.
For free...
No issues.
How's that different?
Other than the cost...
ET


Mike Harrison writes:

Just installed an OpenVPN Access Server:
https://openvpn.net/index.php/access-server/overview.html
Not sure I like the license cost for more than 2 clients, 10 devices for $120 per year. But if it continues to work well: worth it.
I’m just thinking with things.. but wanted to share. 
 
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



--
David White

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Mike Harrison-4
In reply to this post by kitepilot

On Tue, Apr 17, 2018 at 6:16 AM, [hidden email] wrote:
Hmmmmmmmm... I've been running my own OpenVPN server for more than a decade. For free... No issues. How's that different? Other than the cost...

I've both done it raw, and via pfSense. 

This is a set of tools that make admining the OpenVPN server via a web gui pretty simple. 
I'm playing around with solutions for a client, that this would allow them to do it themselves well. 
The license is for the web interface and tools, and I don't mind supporting the OpenVPN project.
It seems to be something that could run a VPN Service Provider fairly well.  
I mean, something like this from Cisco would be much more expensive. 





_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Stephen Kraus
You can also configure it with Google Authenticator for that extra nice security

https://medium.com/@egonbraun/using-google-authenticator-mfa-with-openvpn-on-ubuntu-16-04-774e4acc2852

On Tue, Apr 17, 2018 at 8:38 AM, Mike Harrison <[hidden email]> wrote:

On Tue, Apr 17, 2018 at 6:16 AM, [hidden email] wrote:
Hmmmmmmmm... I've been running my own OpenVPN server for more than a decade. For free... No issues. How's that different? Other than the cost...

I've both done it raw, and via pfSense. 

This is a set of tools that make admining the OpenVPN server via a web gui pretty simple. 
I'm playing around with solutions for a client, that this would allow them to do it themselves well. 
The license is for the web interface and tools, and I don't mind supporting the OpenVPN project.
It seems to be something that could run a VPN Service Provider fairly well.  
I mean, something like this from Cisco would be much more expensive. 





_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Stephen Kraus

On Tue, Apr 17, 2018 at 8:39 AM, Stephen Kraus <[hidden email]> wrote:
You can also configure it with Google Authenticator for that extra nice security

https://medium.com/@egonbraun/using-google-authenticator-mfa-with-openvpn-on-ubuntu-16-04-774e4acc2852

On Tue, Apr 17, 2018 at 8:38 AM, Mike Harrison <[hidden email]> wrote:

On Tue, Apr 17, 2018 at 6:16 AM, [hidden email] wrote:
Hmmmmmmmm... I've been running my own OpenVPN server for more than a decade. For free... No issues. How's that different? Other than the cost...

I've both done it raw, and via pfSense. 

This is a set of tools that make admining the OpenVPN server via a web gui pretty simple. 
I'm playing around with solutions for a client, that this would allow them to do it themselves well. 
The license is for the web interface and tools, and I don't mind supporting the OpenVPN project.
It seems to be something that could run a VPN Service Provider fairly well.  
I mean, something like this from Cisco would be much more expensive. 





_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug




_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Jonathan Calloway-2
In reply to this post by Stephen Kraus
Untangle integrates it as their VPN solution.  The only problem is that the custom Windows packages it generates are unstable.  I’ve found it best to download the community client die Windows and configure it manually. 

I used an OpenVPN appliance at home for years until I switched to the ASUS version recently.  I’ve found that it works wonderfully.  Tinnelbliick in OS X makes it easy to use more than one connection if you need that.  

Sent from my iPhone

On Apr 17, 2018, at 8:39 AM, Stephen Kraus <[hidden email]> wrote:

You can also configure it with Google Authenticator for that extra nice security

https://medium.com/@egonbraun/using-google-authenticator-mfa-with-openvpn-on-ubuntu-16-04-774e4acc2852

On Tue, Apr 17, 2018 at 8:38 AM, Mike Harrison <[hidden email]> wrote:

On Tue, Apr 17, 2018 at 6:16 AM, [hidden email] wrote:
Hmmmmmmmm... I've been running my own OpenVPN server for more than a decade. For free... No issues. How's that different? Other than the cost...

I've both done it raw, and via pfSense. 

This is a set of tools that make admining the OpenVPN server via a web gui pretty simple. 
I'm playing around with solutions for a client, that this would allow them to do it themselves well. 
The license is for the web interface and tools, and I don't mind supporting the OpenVPN project.
It seems to be something that could run a VPN Service Provider fairly well.  
I mean, something like this from Cisco would be much more expensive. 





_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Stephen Kraus
I generally just use the Windows client and import the configs into the client. I haven't had much luck with the generate installers either.

On Tue, Apr 17, 2018 at 8:45 AM, Jonathan Calloway <[hidden email]> wrote:
Untangle integrates it as their VPN solution.  The only problem is that the custom Windows packages it generates are unstable.  I’ve found it best to download the community client die Windows and configure it manually. 

I used an OpenVPN appliance at home for years until I switched to the ASUS version recently.  I’ve found that it works wonderfully.  Tinnelbliick in OS X makes it easy to use more than one connection if you need that.  

Sent from my iPhone

On Apr 17, 2018, at 8:39 AM, Stephen Kraus <[hidden email]> wrote:

You can also configure it with Google Authenticator for that extra nice security

https://medium.com/@egonbraun/using-google-authenticator-mfa-with-openvpn-on-ubuntu-16-04-774e4acc2852

On Tue, Apr 17, 2018 at 8:38 AM, Mike Harrison <[hidden email]> wrote:

On Tue, Apr 17, 2018 at 6:16 AM, [hidden email] wrote:
Hmmmmmmmm... I've been running my own OpenVPN server for more than a decade. For free... No issues. How's that different? Other than the cost...

I've both done it raw, and via pfSense. 

This is a set of tools that make admining the OpenVPN server via a web gui pretty simple. 
I'm playing around with solutions for a client, that this would allow them to do it themselves well. 
The license is for the web interface and tools, and I don't mind supporting the OpenVPN project.
It seems to be something that could run a VPN Service Provider fairly well.  
I mean, something like this from Cisco would be much more expensive. 





_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Dave Brockman
In reply to this post by Mike Harrison-4
On 4/17/2018 8:38 AM, Mike Harrison wrote:
> I mean, something like this from Cisco would be much more expensive. 

Cisco 25 User SSL VPN Annual subscription is ~$125 or less[1].  Licenses
are ~$4/each, with a minimum of 25 required to order.

Regards,

dtb

1.
https://www.cdw.com/product/Cisco-AnyConnect-Plus-subscription-license-1-year-1-Year-Software-App/4085128


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Stephen Kraus
If I recall correctly OpenVPN Community Edition does not have a license limit. 

On Tue, Apr 17, 2018 at 10:19 AM, Dave Brockman <[hidden email]> wrote:
On 4/17/2018 8:38 AM, Mike Harrison wrote:
> I mean, something like this from Cisco would be much more expensive. 

Cisco 25 User SSL VPN Annual subscription is ~$125 or less[1].  Licenses
are ~$4/each, with a minimum of 25 required to order.

Regards,

dtb

1.
https://www.cdw.com/product/Cisco-AnyConnect-Plus-subscription-license-1-year-1-Year-Software-App/4085128


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Dave Brockman
On 4/17/2018 10:31 AM, Stephen Kraus wrote:
> If I recall correctly OpenVPN Community Edition does not have a license
> limit. 

If I recall correctly, OpenVPN Community Edition does not have a GUI to
manage the server, which was OP's point.

Regards,

dtb


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Stephen Kraus
That's what shell scripts and a simple interface are for, but yeah, I see your point.

Tomato/DD-WRT implemented a simple management GUI for OpenVPN CE, so its not outside the bounds nor the capability of someone like Mike to implement. 

On Tue, Apr 17, 2018 at 11:31 AM, Dave Brockman <[hidden email]> wrote:
On 4/17/2018 10:31 AM, Stephen Kraus wrote:
> If I recall correctly OpenVPN Community Edition does not have a license
> limit. 

If I recall correctly, OpenVPN Community Edition does not have a GUI to
manage the server, which was OP's point.

Regards,

dtb


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Alex Smith (K4RNT)
​I use SoftEther VPN server, open source and free, developed by the University of Tsukuba.


It has OpenVPN, Microsoft and L2TP functionality and compatibility.

Hope this helps.

-Alex​

Mailtrack Sender notified by
Mailtrack

" 'With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and warning... The first time any man's freedom is trodden on, we’re all damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG episode "The Drumhead"
- Alex Smith
- Kent, Washington (metropolitan Seattle area)

On Tue, Apr 17, 2018 at 8:34 AM, Stephen Kraus <[hidden email]> wrote:
That's what shell scripts and a simple interface are for, but yeah, I see your point.

Tomato/DD-WRT implemented a simple management GUI for OpenVPN CE, so its not outside the bounds nor the capability of someone like Mike to implement. 

On Tue, Apr 17, 2018 at 11:31 AM, Dave Brockman <[hidden email]> wrote:
On 4/17/2018 10:31 AM, Stephen Kraus wrote:
> If I recall correctly OpenVPN Community Edition does not have a license
> limit. 

If I recall correctly, OpenVPN Community Edition does not have a GUI to
manage the server, which was OP's point.

Regards,

dtb


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Dave Brockman
On 4/17/2018 3:22 PM, Alex Smith (K4RNT) wrote:

> ​I use SoftEther VPN server, open source and free, developed by the
> University of Tsukuba.
>
> https://www.softether.org/
>
> It has OpenVPN, Microsoft and L2TP functionality and compatibility.
>
> Hope this helps.
>
> -Alex​
It won't actually do a Site-to-Site IPSEC tunnel, it only does
L2TP/IPSEC.  Unfortunately, is not compatible with 95% of business VPN
devices.  If you control all end-points, it is viable.  If you have
partner networks to secure, this most likely will not help.

Regards,

dtb



_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Mike Harrison-4
In reply to this post by Dave Brockman


> On Apr 17, 2018, at 10:19 AM, Dave Brockman <[hidden email]> wrote:
>
> On 4/17/2018 8:38 AM, Mike Harrison wrote:
>> I mean, something like this from Cisco would be much more expensive.
>
> Cisco 25 User SSL VPN Annual subscription is ~$125 or less[1].  Licenses
> are ~$4/each, with a minimum of 25 required to order.
>

Better than expected from Cisco. I am surprised.

For this project,OpenVPn won because the target devices are approx 20 RasPi’s behind a wide variety of firewalls.
So far, in the ONE case I’ve experimented with, I think it’s going to work well. When I get father along, I’ll write it up properly.

—Mike--



 


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] Open VPN Access Server

Dave Brockman
On 4/17/2018 9:49 PM, Mike Harrison wrote:
> For this project,OpenVPn won because the target devices are approx 20 RasPi’s behind a wide variety of firewalls.
> So far, in the ONE case I’ve experimented with, I think it’s going to work well. When I get father along, I’ll write it up properly.

You might also consider adding an ER-X to your testing mix.  SSL VPN
isn't offloaded, so they are going to be extremely performant, but I
seem to find uses for them on a weekly basis.  If you run an UNMS
instance, the devices also report to a central platform, and with latest
UNMS and latest EdgeRouter firmware, you have console access to the
device, even if it's behind a firewall (that isn't too tightly locked
down on outbound traffic).  It's a JUNOS-ish CLI, based on VyOS.  The
new bigger brother, the ER-4 is really impressing me in routing and
IPSEC performance for a $200 device.

Regards,

--dtb


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (499 bytes) Download Attachment