New 1.2 beta 2 and IPSEC changes
-
I just now tried the recent beta from using an much older version on my WRAP board. I was banging my head against the wall trying to get a site-to-site VPN working, even after putting in the same parameters and rules as my previous pfSense setup.
I discovered, what the devs probably already know, that I need at least one firewall rule in the new IPSEC tab to allow traffic to flow freely. I setup the rule to allow everything (all asterisks) to/from anywhere.
This works now, but I don't know if its the right way to do it. I want anything local to be able to traverse my VPN to my work, but is this the correct way to setup the firewall rule? Am I opening either of my networks (home,work) to attack my creating such a general rule? Or is this the proper way to do it?
Thanks,
Robert -
Your LAN ruleset controls what traffic can leave your network and traverse the VPN. The IPsec rules control what can come from the other end into your network. So if you have no need or desire to restrict traffic on the VPN (you trust the other side completely and the other side completely trusts your network), then what you have is fine. The way you have it is the most common way it's done.
-
OK, that's what I needed. Thanks.
-Robert