Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need Help Understanding OPENvpn to the pfsense - security - be gentle :-)

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    4
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bullwinkle
      last edited by

      kudos to all of those who have put together an awesome project.

      I have successfully connected to my pfsense via OpenVPN.  However my little brain of mine is not really comprehending the security issue that was warned in the instructions about opening up everything on the openVPN interface for testing only and not production.  I understand the reasoning say like it was on my WAN(I wouldn't allow everyone just have a hayday on my lan).  But is the openVPN interfeace secure by only allowing those with the appropriate cert key challenge to connect to it?  Or is the risk or disclaimer saying that if you don't lock it down your clients will have access to your complete network?

      Sorry for my lack of understanding. Just need some education or understanding how it works on the security aspect.

      Thanks in advance for your time

      Happy pfsensing

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Afaik Openvpn acts the same way like IPSEC so connecting through openvpn will give you wull access and you can't filter it atm. For IPSEC filtering will be a feature of the next major version (it already works in the head codetree). Not sure for Openvpn though.

        1 Reply Last reply Reply Quote 0
        • B
          bullwinkle
          last edited by

          Hi hoba

          Thanks for your reply

          My main concern is by leaving my newly created OVPN1 interface and allowing "all" to the ovpn1 subnet, will I be leaving a door open for anyone on the www?  I think the awnser is no, where I understand it is its an interface only accessable via the OpenVPN clients that pass the security challenge.

          To eplain my reason for questioning and my confusion is when I was following the instruction and got to the part of configuring the firewall  "Step 4: firewall config" http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSense.

          It states

          "Warning! This is bad practice for production use! Make sure you lock things down after you're done testing!!"

          Thats where I got confused and my reason for question and the need for understanding.

          Thanks again

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            That howto needs some additional work. Seems there are some things not completely correct. You won't open up your network to the whole internet, only to authenticated clients that then have an encrypted connection to your site.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post