OpenVPN or port forwarding?



  • Hi,

    I am having a discussion with a friend.  He prefers using port forwarding, I think that some sort of VPN is more secure.

    To confirm using a VPN means only 1 'port' is forwarded for VPN access - once VPN'ed into the network - all devices are accessible - so no need to port forward.

    He feels that VPN slows things down to much (more overhead) & makes the devices inside the network inaccessible if connecting with a slower connection.

    Any truth to that statement?

    Thanks,
    RIch


  • LAYER 8 Global Moderator

    Truth to what statement that vpn slow down the connection?  Yes there is a bit of overhead with encapsulating traffic inside a tunnel..  but it sure and the hell is not a major hit..  What vpn are you using openvpn, what cipher? ipsec? sstp? are you talking udp or tcp?

    What are you doing exactly be it a forward or in the tunnel?  Moving large files, streaming video?  RDP to a machine to manage it, access the pfsense web gui?

    VPN is going to give you way more security then just a forward, and yes it is much easier to setup for say you to be able to access anything on your network if you desire with only simple connection from any device.

    So what is he on some old school dialup connection at 9600 baud that he can not deal wit the few bytes of overhead using a tunnel adds?



  • The con:
    VPN definitely adds overhead in extra encapsulation for the data in your connection, so it must be "slower" than a connection without that overhead.
    Depending on what type of VPN you choose, you may have work to get a client on your external device.

    The pro:
    VPN makes your data and activity "invisible" to the rest of the internet as it's inside a tunnel.
    It can be encrypted to add another layer of security.
    You can hide any possible security flaws in internal devices you're connecting (DVR, Voip phone, IP cam,etc.).  If the manufacturer leaves a flaw in their device, it doesn't remain on the Internet for everyone to attempt an attack.

    The real life:
    In my experience it's not worth any of the risks for a potential speed gain.  I use OpenVPN on almost all my installations and I've yet to find the overhead to be a real issue. Video, audio, Voip all work, especially with some modern hardware running pfSense.

    If you're seeing too much slow down, there's probably something else besides the VPN connection overhead that's giving grief.

    Just my $.02


  • LAYER 8 Global Moderator

    Yeah I failed to mention I watch my plex server from my phone via just clicking vpn, and then opening up my plex app.. Sure and the hell not going to open up my plex server to the public internet so I can watch something when I want on the road.

    Click click on my phone and there you go watching video/music just like I was on my actual lan..

    I have 1 thing forwarded, that is ntp which I serve to the public as a member of ntp pool.. Anything else you want on my network you have to vpn to get too..


Log in to reply