Secure VPN server in Homenet and access

paoloest · Mar 7, 2019, 10:11 PM

Hey all,

i Have a pfsense that is my wan Gateway and connected via modem (pppoe) to the isp. In my homenet their are two Sophos firewalls managing my subnets with a separate openvpn server in every subnet.

Basically I have a bad feeling opening ports and forward it to my protected homenet. So is there a more secure way to establish a vpn connection to my homenet from the outside? (Maybe a question regarding the basic security concept)

I am currently thinking in getting rid of the openvpn servers and directly connect to the Sophos firewalls creating an own dmz and just routing very basic stuff like home automation

Thanks a lot for sharing your thought

stephenw10 · Mar 9, 2019, 12:56 AM

More secure than opening a port to an OpenVPN server? That server is using certs and a TLS key I assume? And forwarding from a non-standard port?

Then not really!

Steve

paoloest · Mar 9, 2019, 6:32 AM

Cert, Tls and non standard port is configured.

I thought the the machine (in my case a raspberry pi until I have faster internet) is attachable as has more weak points then a firewall for example (unattended updates are activated)

stephenw10 · Mar 9, 2019, 12:44 PM

You are only opening one port so you're exposing only the service listening on that port. The RasPi could have everything open but nothing is going to reach it except what you're forwarding.

Steve