OPNsense vs. pfSense Round 2: OpenVPN

Categories: OpenVPN, OPNsense, pfSense

We use OpenVPN extensively with RADIUS or LDAP authentication. tls-crypt is used in all cases. Because… reasons. pfSense: Has this feature exposed in the GUI and working fine for years. OPNsense: Has the feature not exposed in the GUI. But this is not necessarily a big deal because an admin can easily paste the relevant … Read More

OPNsense vs. pfSense Round 1: WireGuard

Categories: OpenVPN, OPNsense, pfSense, Wireguard

This is an issue that no doubt has brought many people to look at OPNsense again or for the first time. WireGuard has enjoyed increasing popularity in the last year or so. Due to its stateless nature it performs really well on mobile devices that may switch between LTE, 5G, WiFi networks. There is no … Read More

Chaining Wireguard VPN to OpenVPN

Categories: OpenVPN, Wireguard

What ? We want Wireguard clients to connect to a middleman box that will route out to the internet via an OpenVPN client. Why ? Some of our sites have poor performance to the OpenVPN server. Wireguard clients are more seamless and battery/resource saving on mobile devices. We have a Wireguard server in a datacenter … Read More

Fail2Ban 0.8.x and OpenVPN 2.4.x – correctly detecting OpenVPN brute force attempts in FreePBX 14

Categories: FreePBX, OpenVPN

Issue: On an install of FreePBX 14 with responsive firewall and OpenVPN server enabled there is no mitigation against brute force attacks against the OpenVPN server. /var/log/messages is getting spammed with failed handshakes: Feb 3 16:17:19 voipserver234 openvpn: Sun Feb 3 16:17:19 2019 103.37.x.x:49060 TLS: Initial packet from [AF_INET]103.37.x.x:49060, sid=6a22eb44 5adb63fe Feb 3 16:17:19 voipserver234 … Read More