Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Two VPN?

    Scheduled Pinned Locked Moved IPsec
    7 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BUL
      last edited by

      I want to make VPN with two other networks.

      Is there any security issue?

      1 Reply Last reply Reply Quote 0
      • B
        Bern
        last edited by

        With ANY VPN there will be security considerations. IMHO you're better off with IPSec than with OpenVPN as there are currently no filtering options on OpenVPN (1.2.2/1.2.3). Out-of-the-box, IPSec pfSense VPNs don't allow ANY traffic in so you will have to gradually and consciously add in support for each feature (eg. ICMP, RDP).

        As for having two VPNs, it really depends on what your requirements are and what your ideal configuration will be!

        1 Reply Last reply Reply Quote 0
        • B
          BUL
          last edited by

          I intend to connect networks from two other partners. Just one computer from mine network with one from other two.

          1 Reply Last reply Reply Quote 0
          • B
            Bern
            last edited by

            If I understand you correctly:

            • At least a subsection of your network (even just one PC) will be able to connect to both external networks.

            • NO traffic needs to be passed between the external networks (ie. your VPN endpoints won't route between the two external networks).

            If that's correct then you should be safe and IPSec will do exactly what you want. The only other consideration may be that (IIRC) there is no compression on the IPSec VPNs at the moment.

            1 Reply Last reply Reply Quote 0
            • K
              kapara
              last edited by

              Just in case you don't know….You will control filtering via IPSEC rules.  First create a rule on the IPSEC tab allowing all traffic to pass to test then begin locking it down.

              Skype ID:  Marinhd

              1 Reply Last reply Reply Quote 0
              • B
                Bern
                last edited by

                @kapara:

                Just in case you don't know….You will control filtering via IPSEC rules.  First create a rule on the IPSEC tab allowing all traffic to pass to test then begin locking it down.

                IMHO, that's a terrible approach! Block all by default, allow in selectively - as per the default WAN rules.

                1 Reply Last reply Reply Quote 0
                • B
                  BUL
                  last edited by

                  Thanks, I will try it.

                  Best regards

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.