Virtual Private Networking

A virtual private network secures public network connections and in doing so it extends the private network into the public network such as internet. With a VPN you can create large secure networks that can act as one private network.

../_images/Virtual_Private_Network_overview.png

(picture from wikipedia)

Companies use this technology for connecting branch offices and remote users (road warriors).

OPNsense supports VPN connections for branch offices as well as remote users.

Creating a single secured private network with multiple branch offices connecting to a single site can easily be setup from within the graphical user interface. For remote users, certificates can be created and revoked and a simple to use export utility makes the client configuration a breeze.

Supported VPN technologies

OPNsense offers a wide range of VPN technologies ranging from modern SSL VPNs to well known IPsec as well as older (now considered insecure) legacy options such as L2TP and PPTP.

../_images/vpn.png

Note

VPN technologies displayed with an open lock are considered to be insecure.

Integrated VPN options

Integrated solutions are those that are available within the GUI without installing any additional package or plugin. These include:

  • IPsec
  • OpenVPN (SSL VPN)

Plugin VPN options

Via plugins additional VPN technologies are offered, including:

  • Legacy L2TP & PPTP
  • OpenConnect - SSL VPN client, initially build to connect to commercial vendor appliances like Cisco ASA or Juniper.
  • Tinc - Automatic Full Mesh Routing
  • WireGuard - Very simple and fast VPN working with public and private keys.
  • Zerotier - seamlessly connect everything, requires account from zerotier.com, free for up to 100 devices.

Log Files

When troubleshooting problems with your firewall, it is very likely you have to check the logs available on your system. In the UI of OPNsense, the log files are generally grouped with the settings of the component they belong to. The log files can be found here:

IPsec Log VPN ‣ IPsec ‣ Log File Everything around IPsec goes here
OpenVPN Log VPN ‣ OpenVPN ‣ Log File OpenVPN logs everything here

Note

Log files on file system: /var/log/ipsec.log (clog) /var/log/openvpn.log (clog)