a bit help for security concept



  • Hi all,

    I would like to get some ideas on how to increase/ maintain my security concept.

    As of Today:
    I have an ESXi machine with pfSense running. On pfSense an OpenVPN server is running, so that I can access my LAN from phone. for VPN I use port 443 (TCP)

    future:
    I would like to host a website and other services, reachable from the WWW without the vpn connection.

    a maybe solution:
    I red a bit about reverse proxy, that they can decrease the attack surface. So I was thinking to create a DMZ network. all incomming traffic on port 80 and 443 will be redirected to the DMZ network. within the DMZ network is a reverse proxy, that will "route" the traffic to the correct entity. so in my case there should be the openvpn server and a webpage on port 443 and 80.

    first question, I assume the port from openvpn and the ssl port from the webserver might clash, correct?
    2nd question. is there any easy setup within pfsense, to configure a reverse proxy and to tell the openvpn package that it shall listen to the reverse proxy?


Log in to reply