Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense anonymous VPN Client and security

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      glstud
      last edited by

      Hello,

      I have a question regarding anonymous VPNs and establishing a connection to one (like airvpn, PIA, etc) from PFsense as a vpn client.  Establishing any VPN connection basically provides a "bridge" to another private network.  How does PFsense protect unsolicited traffic coming from an anonymous VPN service from coming on to my local network?  Is it that since there are no firewall rules allowing any inbound traffic that is it blocked or would I need to set those rules on the openvpn interface I would create to connect to a VPN service?  When I set a VPN interface like this as a gateway, I don't block private network IP ranges since I would connect through their IP on their network most likely, so I guess I'm a little concerned I might open up my local network to an "anonymous" VPN service by establishing this connection.  Would like to get some thoughts from the experts.  Thx

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Establishing a VPN connection doesn't provide a bridge to your LAN. The VPN is an additional network connected to an additional (virtual) interface on pfSense.
        pfSense permits only traffic which is explicitly set in firewall rules. Usually you want to add only a rule to the VPN interface to allow outbound traffic. So any inbound traffic remain forbidden.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Outbound traffic isn't controlled by rules on the OpenVPN interface/tab.  It's just like a WAN.  If you have no rules, no inbound connections from the VPN tunnel will be accepted and no rules are required for outbound connections.

          Traffic going out the VPN is allowed into pfSense by LAN rules which policy route the traffic to the VPN gateway, then, absent any advanced outbound floating rules, the traffic is allowed out the VPN, just like connections out WAN.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.