Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Openvpn allow all rule, security risk?

    Firewalling
    2
    3
    852
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      diablo266 last edited by

      Hello everyone,

      I just setup a site-site VPN to push some of my home network traffic through. The other end of the VPN is an untrusted VPS that I do not want to allow access to my LAN. For now I have an allow all from anywhere rule on the VPN interface under Firewall: Rules. Is this an improper setup and putting me at risk? Do I even need this rule to only push traffic from my home through the vps and out to the internet? Thanks!

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        So your vpn needs unsolicited inbound traffic to your network?  I doubt that if your just using it as a exit point for your internet traffic.

        Think of vps as another wan connection, do you allow all inbound on your wan? ;)

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • D
          diablo266 last edited by

          @johnpoz:

          So your vpn needs unsolicited inbound traffic to your network?  I doubt that if your just using it as a exit point for your internet traffic.

          Think of vps as another wan connection, do you allow all inbound on your wan? ;)

          Gotcha, I wasn't sure if it was only for inbound traffic. I disabled the rule entirely and things still seem to be working. Thanks for helping me understand!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post