Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Consultant access

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 866 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      miclog
      last edited by

      I discovered that a remote consultant who helped setup our PFsense router installed a VPN link to himself. I can understand why he needs a login to router to help configure but why would he need access to our network? I have worked with him before but this seems a bit strange. Should I be concerned? Is there a way to see what he is accessing?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Why don't you just ask him? It is not unreasonable in my opinion as scope tends to creep to LAN-side things eventually.

        Regarding logging you could turn on logging on the VPN rules. That will log every connection over the VPN. It might be pretty voluminous.

        Make him call to get access and enable/disable the account accordingly if that helps you feel better.

        With just HTTPS access he can make a VPN/ssh tunnel, etc any time he feels like it anyway. If you don't trust him you're probably using the wrong guy in the first place.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.