Re: [pfSense Support] Cisco AnyConnect
On Mon, Mar 21, 2011 at 11:19 AM, David Burgess wrote: > On Sun, Dec 5, 2010 at 12:10 AM, Chris Buechler wrote: >> On Sun, Dec 5, 2010 at 2:02 AM, David Burgess wrote: >>> >>> But openconnect works, at least for me on Linux, and from what I >>> gather it's available for FreeBSD too. What are the chances of >>> installing openconnect on pfsense as a package to this end? >>> >> >> There is a port for it, that should do it. security/openconnect/ > > I finally attempted this and it was surprisingly easy to do. > > The problem now is when I try to use the tunnel from the LAN. Of > course the AnyConnect server doesn't know how to route to my LAN, and > since I have no control over it the obvious answer is outbound NAT. > But since pfsense's web UI doesn't know about the tun0 interface, the > Outbound NAT page doesn't offer it as an option when creating a rule > (a similar problem will exist when trying to make firewall or traffic > shaper rules, but I'm not worried about that now). > > Can somebody point out a pattern for making an outbound NAT rule for > openconnect's tun0? > Assign tun0 as an OPT interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Cisco AnyConnect
On Sun, Dec 5, 2010 at 12:10 AM, Chris Buechler wrote: > On Sun, Dec 5, 2010 at 2:02 AM, David Burgess wrote: >> >> But openconnect works, at least for me on Linux, and from what I >> gather it's available for FreeBSD too. What are the chances of >> installing openconnect on pfsense as a package to this end? >> > > There is a port for it, that should do it. security/openconnect/ I finally attempted this and it was surprisingly easy to do. The problem now is when I try to use the tunnel from the LAN. Of course the AnyConnect server doesn't know how to route to my LAN, and since I have no control over it the obvious answer is outbound NAT. But since pfsense's web UI doesn't know about the tun0 interface, the Outbound NAT page doesn't offer it as an option when creating a rule (a similar problem will exist when trying to make firewall or traffic shaper rules, but I'm not worried about that now). Can somebody point out a pattern for making an outbound NAT rule for openconnect's tun0? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Cisco AnyConnect
On Sun, Dec 5, 2010 at 2:02 AM, David Burgess wrote: > > But openconnect works, at least for me on Linux, and from what I > gather it's available for FreeBSD too. What are the chances of > installing openconnect on pfsense as a package to this end? > There is a port for it, that should do it. security/openconnect/ I did that for a Cisco IPsec client with vpnc at one point, not all that difficult if you know BSD and *nix in general well. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Cisco AnyConnect
On Sun, Dec 5, 2010 at 12:00 AM, Chris Buechler wrote: > On Sun, Dec 5, 2010 at 1:21 AM, David Burgess wrote: >> Is there a way to connect pfsense with an Anyconnect server? > > No, that's Cisco proprietary. But openconnect works, at least for me on Linux, and from what I gather it's available for FreeBSD too. What are the chances of installing openconnect on pfsense as a package to this end? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Cisco AnyConnect
On Sun, Dec 5, 2010 at 1:21 AM, David Burgess wrote: > Is there a way to connect pfsense with an Anyconnect server? No, that's Cisco proprietary. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Cisco AnyConnect
Is there a way to connect pfsense with an Anyconnect server? Google isn't turning up much for me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
