PFsense anonymous VPN Client and security

glstud

Hello,

I have a question regarding anonymous VPNs and establishing a connection to one (like airvpn, PIA, etc) from PFsense as a vpn client.  Establishing any VPN connection basically provides a "bridge" to another private network.  How does PFsense protect unsolicited traffic coming from an anonymous VPN service from coming on to my local network?  Is it that since there are no firewall rules allowing any inbound traffic that is it blocked or would I need to set those rules on the openvpn interface I would create to connect to a VPN service?  When I set a VPN interface like this as a gateway, I don't block private network IP ranges since I would connect through their IP on their network most likely, so I guess I'm a little concerned I might open up my local network to an "anonymous" VPN service by establishing this connection.  Would like to get some thoughts from the experts.  Thx

viragomann

Establishing a VPN connection doesn't provide a bridge to your LAN. The VPN is an additional network connected to an additional (virtual) interface on pfSense.
pfSense permits only traffic which is explicitly set in firewall rules. Usually you want to add only a rule to the VPN interface to allow outbound traffic. So any inbound traffic remain forbidden.

Derelict

Outbound traffic isn't controlled by rules on the OpenVPN interface/tab.  It's just like a WAN.  If you have no rules, no inbound connections from the VPN tunnel will be accepted and no rules are required for outbound connections.

Traffic going out the VPN is allowed into pfSense by LAN rules which policy route the traffic to the VPN gateway, then, absent any advanced outbound floating rules, the traffic is allowed out the VPN, just like connections out WAN.