Two VPN?



  • I want to make VPN with two other networks.

    Is there any security issue?



  • With ANY VPN there will be security considerations. IMHO you're better off with IPSec than with OpenVPN as there are currently no filtering options on OpenVPN (1.2.2/1.2.3). Out-of-the-box, IPSec pfSense VPNs don't allow ANY traffic in so you will have to gradually and consciously add in support for each feature (eg. ICMP, RDP).

    As for having two VPNs, it really depends on what your requirements are and what your ideal configuration will be!



  • I intend to connect networks from two other partners. Just one computer from mine network with one from other two.



  • If I understand you correctly:

    • At least a subsection of your network (even just one PC) will be able to connect to both external networks.

    • NO traffic needs to be passed between the external networks (ie. your VPN endpoints won't route between the two external networks).

    If that's correct then you should be safe and IPSec will do exactly what you want. The only other consideration may be that (IIRC) there is no compression on the IPSec VPNs at the moment.



  • Just in case you don't know….You will control filtering via IPSEC rules.  First create a rule on the IPSEC tab allowing all traffic to pass to test then begin locking it down.



  • @kapara:

    Just in case you don't know….You will control filtering via IPSEC rules.  First create a rule on the IPSEC tab allowing all traffic to pass to test then begin locking it down.

    IMHO, that's a terrible approach! Block all by default, allow in selectively - as per the default WAN rules.



  • Thanks, I will try it.

    Best regards


Locked