• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Need Help Understanding OPENvpn to the pfsense - security - be gentle :-)

Scheduled Pinned Locked Moved OpenVPN
4 Posts 2 Posters 3.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bullwinkle
    last edited by Sep 25, 2006, 10:45 PM Sep 25, 2006, 10:37 PM

    kudos to all of those who have put together an awesome project.

    I have successfully connected to my pfsense via OpenVPN.  However my little brain of mine is not really comprehending the security issue that was warned in the instructions about opening up everything on the openVPN interface for testing only and not production.  I understand the reasoning say like it was on my WAN(I wouldn't allow everyone just have a hayday on my lan).  But is the openVPN interfeace secure by only allowing those with the appropriate cert key challenge to connect to it?  Or is the risk or disclaimer saying that if you don't lock it down your clients will have access to your complete network?

    Sorry for my lack of understanding. Just need some education or understanding how it works on the security aspect.

    Thanks in advance for your time

    Happy pfsensing

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Sep 26, 2006, 6:21 AM

      Afaik Openvpn acts the same way like IPSEC so connecting through openvpn will give you wull access and you can't filter it atm. For IPSEC filtering will be a feature of the next major version (it already works in the head codetree). Not sure for Openvpn though.

      1 Reply Last reply Reply Quote 0
      • B
        bullwinkle
        last edited by Sep 26, 2006, 6:48 AM Sep 26, 2006, 6:40 AM

        Hi hoba

        Thanks for your reply

        My main concern is by leaving my newly created OVPN1 interface and allowing "all" to the ovpn1 subnet, will I be leaving a door open for anyone on the www?  I think the awnser is no, where I understand it is its an interface only accessable via the OpenVPN clients that pass the security challenge.

        To eplain my reason for questioning and my confusion is when I was following the instruction and got to the part of configuring the firewall  "Step 4: firewall config" http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense.

        It states

        "Warning! This is bad practice for production use! Make sure you lock things down after you're done testing!!"

        Thats where I got confused and my reason for question and the need for understanding.

        Thanks again

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by Sep 26, 2006, 6:59 AM

          That howto needs some additional work. Seems there are some things not completely correct. You won't open up your network to the whole internet, only to authenticated clients that then have an encrypted connection to your site.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received