VPN Client, ClamAV and PFblocker
-
I have VPN client set up and works great. I set up PFblocker and Squid/ClamAV set up and all looks good. All my traffic goes through the VPN client. My question, will ClamAV work inside the VPN client, which is encrypted? If not, any suggestions how to make it work.
Also, will PFblocker work with all my traffic going through the VPN client?
I use a Firewall Box.
Thank you.
-
ClamAV is antivirus software, which has nothing to do with VPNs. So, unless you mount the client disk through the VPN (bad idea) it won't do anything for it. Pfblocker is a pfsense extension, so it works on pfSense interfaces, including VPNs.
-
Thank you.
Is it possible to have anti-virus at the firewall/router level in pfsense. I want it to pick up malware before my desktop anti-virus has to do it. I was hoping ClamAV would do that. Is this possible to do in any way?
I do have all my traffic going through my vpn client.
-
@westlos - Squid is an HTTP proxy and Clam is tied to that, so only traffic going through the proxy is going to be virus scanned. You would need to have the proxy sitting behind your VPN client for traffic to get scanned. Even then, it would not be full stateful inspection of all of the packets being xfered over the VPN. You will need to ensure you have AV on your end-points as well.
-
Thank you very much.
Is there anyway to get a malware prevention method in pfsense on a firewall box router? Or should I just rely on my AV on my computers?
-
Using snort or suricata are probably your best bets to review traffic going over the various interfaces. Suricata seems to be more favored these days, but you also want to maybe dump out the logs to splunk, or an alternative, to get some better visibility into trends and attacks.
All of this will always include having some sort of AV on your servers and end points.
-
Thank you very much.
Will Suricata or Snort work if all my traffic is in the VPN Client tunnel?
-
@westlos I honestly don't know. If the tunnel is presented as an interface, maybe? I do not have that configuration to test it with. I would install suricata and see if you are presented with the tunnel as an option to monitor.
-
Thank you. I will try it. My Open VPN Client is set up as an Interface.
Part of my question in this is can any of the PFsense packages/services access a VPN Client information since it is encrypted? Does using a VPN client put one at risk?
-
Here is a utube from Lawrence about Suracata and encryption. I am not a IT pro. Maybe some can let me know if you find this accurate?
https://www.youtube.com/watch?v=7gZYbIr_Qj4
