Our Autossh plugin for OPNsense was submitted as a pull-request for consideration to be added as another OPNsense plugin.
The Autossh plugin for OPNsense is a tool for establishing, maintaining and managing reliable SSH tunnels with remote hosts. It can be used to solve a wide range of connection challenges through the (sometimes creative) use of TCP port-forwards.
- Default ssh-key permissions that prevent unwanted remote ssh-server shell access abuses.
- Ability to define local-forward and remote-forward TCP tunnels.
- Ability to define local network SOCKS proxy via a remote host (aka dynamic-forward).
- Ability to bind outbound ssh connections to different (external) interfaces.
- Ability to configure many (27x) of the ssh-client connection parameters, including all cryptographic options.
- Ability to observe the health status of the tunnel at a glance.
- Can rely on Autossh to reestablish a tunnel after a connectivity outage.
- Provide remote network access to a site that has no public addresses, such as when ISPs use NAT.
- Ensure redundant multipath remote access via primary and secondary connections via interface binding.
- Create your own “privacy” VPN system for all local network users using a SOCKS proxy (dynamic-forward) to a remote system.
- Provide local network access to remote system services such as a SMTP relay or another SSH service.
- Provide remote system access to a local network services such as a database or RDP service.
- Provide access remote system access to other remote network acting as a middle-man TCP-port connector.
Pre release binaries
We’ve packaged the plugin so you can go ahead and try it out before it is accepted by the OPNsense team for inclusion as a regular plugin. All the usual pre-release warnings apply here, however if you know how to to manually install a package you can find them here.
If you do happen to spot a bug or issue, we’d really like to hear about it, please submit as an issue here.
Check out code github.com/verbnetworks/opnsense-plugin-autossh