Encrypted connection between Gateway and "double NAT" pfSense?
-
Dude makes NO sense... Why would you need another router in the mix? WTF is a passive coaxial extender? You have a MOCA network?
-
Yes, that what I meant - MOCA extenders between Router#1 and Router#2.
By passive I meant there is no configuration - just plug and play. -
Think of it as how pfSense is used with VPN Providers - it cuts out the middleman (in this case the ISP) from seeing the traffic.
I want to cut out the rest of my network from seeing the traffic between "IMPORTANT COMPUTER" and the internet.pfSense is pfSense
Router#1 is the VPN providerI will try to muddle through this one, but some help would be appreciated.
Thanks! -
Some client connected to one of your switch ports can't just sniff any network traffic.
That worked back in the old days with anything connected to hub.
But if you can sleep better...setup OpenVPN server on your DD-WRT gateway and setup pfSense as OpenVPN client forcing any traffic through it.
Of course this will have huge nagative performance impact tho.-Rico
-
@petreza said in Encrypted connection between Gateway and "double NAT" pfSense?:
I want to cut out the rest of my network from seeing the traffic between
Why do you think that traffic will be visible? With switches, the only thing you'd see is broadcasts & multicasts. To snoop, you'd need a managed switch, with port mirroring available.
-
If you set it up like rico stated the clients on the other network wouldn't even see broadcast..
-
Thank you all!
With my concern about the big things I ignored the small things - it's not so easy to snoop on a network with modern hardware. I'll see what I'll do.
Thanks again! -
Who exactly would be sniffing on your own freaking network anyway? I mean really?
And lets say they did - what exactly do you think they would see.. Pretty much all traffic these days is encrypted anyway.
-
@johnpoz said in Encrypted connection between Gateway and "double NAT" pfSense?:
Who exactly would be sniffing on your own freaking network anyway? I mean really?
And lets say they did - what exactly do you think they would see.. Pretty much all traffic these days is encrypted anyway.
You are right. I am sorry I asked.
I'll see if I can get a moderator to delete this thread - it's stupid. -
Segmentation is not stupid, but do it the right way. ;-)
-Rico