Good morning, we´re in the process of deploying our VPN on one of our OpnSense firewalls. In that reguard, what is best practice in regards to securing the service? Currently we´re planning for Wireguard for our external users due to its lightwight and ease of deployment.
We´re looking into limiting external acces with Geoip blocking-rules, effectly only allowing access from the required geographical locations. But are there any other options that is recomended, would Suricate IPS/IDS provide any benefit in securing the setup?
Any advise or recomandations would be grately appreciated.
Thanks
/Mming