Newbie question re security



  • Hi all!

    I am thinking about installing pfSense on an extra computer I have here, to use as my router/firewall. at home.  I would like to run an open VPN server, and the LAN will also have a VOIP device for the home.  So I am guessing that I will have to forward ports for the open VPN server and for VOIP.  The open VPN server would use certificates as well as a user password, and if possible, I would restrict traffic to the VOIP device to only allow the server address of the VOIP provider I use.

    I am pretty new to networking, and I wanted to find out what people thought about the realistic security risk of opening these ports in the router. By forwarding these ports, is it possible for someone to get into my LAN and wreak havoc?  What would they have to do to do that?  Are there any other protections I should add on?


  • Rebel Alliance Global Moderator

    Are you currently using voip??

    How are they getting into your lan, through your voip phone?  If your worried put your voip device on its own network segment.



  • I am currently using VOIP.  It is set up on my LAN behind my (off the shelf) D-link router.  As far as I know, nobody has has invaded my network - this was more of a theoretical question, as I pondered whether there might be a security vulnerability in my network (i.e. could someone take over my VOIP device and use it to launch an attack on other devices in my LAN?).  Would it be considered best practice to run the VOIP on its own vlan or is that overkill?

    And also for open VPN - this was also theoretical - how difficult would it be for someone to penetrate through that hole if I used 2048 or 4096 bit keys, and combined it with user authentication?