pfSense, as of 2016-03-01, does not support OpenConnect out of the box. However, it’s in the FreeBSD repository, and relatively easy to add:
You can now play around with the openconnect command and test your connection.
Re: os-openconnect as Cisco AnyConnect « Reply #6 on: October 28, 2018, 05:40:36 am » 1 or 2 weeks. But I would be very happy if you can test the features before release I you want to roll back, just to a pkg remove os-openconnect-devel and install the stable via pkg install os-openconnect.
Setup pfSense. PfSense Authentication Servers. In pfSense, go to User Manager-Authentication Servers and add a new authentication server. In the Server Settings, give a descriptive name and change the Type to RADIUS. Under RADIUS Server Settings: Protocol: MS-CHAPv2. Hostname or IP address: Specify your Duo Proxy IP address. Vpn Cisco Anyconnect Example, Password For Vpn Vpnc Authentication Unsuccessful, Hidemyass Pro Vpn V3 7 87, hide me vpn fire tv IPVanish and TunnelBear are two of the popular VPN solutions on the market today.
Next step: Autostart, and adding the tun interface to the pfSense GUI. The GUI will, by default, ignore any interface named “tun*”, while openconnect will refuse to work with any interface not named “tun*”. Brilliant. The easiest workaround for this special case seems to be renaming the VPN interface after creation.
I made a script that automates checking if the connection is up, and (re-)starting it if it is not.
Replace the options in the “settings” section with appropriate values for your setup, and you should be good to go.
The “test” field should be a command that returns 0 when the connection is up, and anything else when it’s broken. I used netcat’s port testing feature on the remote desktop port of a server I needed to be able to connect to, but you can just as easily use things like ping with a limited count or similar.
Next, use crontab -e and add an entry to run the script regularly.
Again, replace the path and timing with your own preferred values.
With the connection established, you can now go ahead and add the interface in the “assignment” tab of the GUI and set up appropriate rules for it.
CAUTION: Adding an interface that’s not available at boot time to the GUI will cause pfSense to think something is wrong on subsequent reboots and ask you to configure interfaces. I am not currently aware of a workaround for this, other than to not add the interface, controlling rules directly from the script instead. Please use the workaround below to avoid this issue, and make sure to verify that it works before leaving a pfSense box at a remote site unattended.
Pfsense Cisco Vpn
Interface boot workaround
The following workaround was offered by “DJC” in the comments section:
Cisco Anyconnect Download
- Install “Shellcmd” in PfSense WebConfigurator:
System => Package Manager => Available Packages
Find Shellcmd and INSTALL - Navigate to Shellcmd:
Services => Shellcmd - Add the following item in Shellcmd:
Command: /sbin/ifconfig tun create; /sbin/ifconfig tun0 name ocvpnc1
Shellcmd Type: earlyshellcmd
Description: Create tunnel interface for OVPNC1 at boot