Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to have a more secure LAN?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      espass
      last edited by

      Hi, :)
      Is possible using pfsense to have a more secure LAN?

      For example, if you use power-line that you can't encrypt, or if you use power-line with bad encryption.. or just because you don't trust your wires.

      In ubuntu I see that there are some method for have a better LAN for example we are able to use 801.x security with MD5, TLS,  FAST, TUNNELLED TLS, PEAP

      Pfsense support some of this method?

      I'm using alix 2d13 so I'd like to not use vpn because use cpu a lot.

      I'd like to know which method protocol is better for me.

      Please do you have any suggestions?
      :D :D
      Thanks you a lot!!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Are you concerned with auth and access to the network, or someone sniffing said network..  801.x is normally authentication to access using PNAC (port network access control) while there were some changes to the standard to allow for point to point encryption.

        Sounds like your worried is sniffing your powerline adapters??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • E
          espass
          last edited by

          Hi, sorry for delay.

          Yes. I'm worried about someone sniffing the  powerline adapters.
          So is possible to authenticate all clients?

          Thanks you.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Not on pfSense. Get a managed switch.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              What switch do you have?  You can have some fun with http://www.packetfence.org/

              So you want to "encrypt" traffic going over the wire of your network..  Why would be my fist question - who do you think is going to be sniffing it?  You can encrypt/pair your powerline adapters - this is more really if you ask me for isolation of traffic in a building that has multiple apartments or something where you don't want your neighbor seeing your traffic.  And you share a common power system.

              But who is going to be into your building that would be able to tap into your ethernet?  Without plugging into a switch, by default all open ports on a switch really should be off, and normally you have physical control over who is in your location or would have access to where the switches are, etc.

              But sure you can use a NAC to control which machines can connect to your network.

              But using end to end encryption between every single device on a local network seems a bit over the top if you ask me.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • E
                espass
                last edited by

                Thanks for you help!! :)

                @johnpoz:

                So you want to "encrypt" traffic going over the wire of your network..  Why would be my fist question - who do you think is going to be sniffing it?  You can encrypt/pair your powerline adapters - this is more really if you ask me for isolation of traffic in a building that has multiple apartments or something where you don't want your neighbor seeing your traffic.  And you share a common power system.

                I can't encrypt powerline. They come from different vendors. Some require to use a software that is not available for my platform. Some other let you decide: you can ancrypt them via software or using a button that don't work.

                @johnpoz:

                But who is going to be into your building that would be able to tap into your ethernet?

                Nobody, I think. ;) Is just for fun :)

                Thanks you a lot for the help :)

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  making an overly complex network with extra overhead in performance for no reason is not fun ;)

                  Why would you be using powerline adapters from different makers?  That they work at all is amazing actually.  Get powerline from the same maker if you want to encrypt their traffic.

                  you could look to something like tcpcrypt or ipsec

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.