Messages

1

Virtual private networks / Does this VPN config look secure?

« on: March 22, 2024, 12:08:51 am »

I'm going to get an Intel NUC and set up OpnSense on it

My LAN is on the 192.168.1.0/24 subnet. My Synology NAS running OpenVPN server already occupies the 10.8.00/16 subnet.

In order not to overlap anything, I'm going to set up my WireGuard VPN  on the 172.16.0.0/12 subnet.

1) Does this configuration look correct, or will I run into issues?

2) If I want my WireGuard VPN clients to only be able to talk to my NAS inside my LAN and no other LAN devices/resources, then I'll set up 2 rules:

                 #1: All IPs will be able to talk to the WireGuard VPN Server port

                 #2: The WireGuard VPN Server subnet will only be able to talk to the NAS IP, the LAN Subnet (192.168.1.0\24) will be blocked for the VPN Server subnet

The specific order of rules will be as follows, from top to bottom:

1) All IPs will be able to talk to the WireGuard VPN Server port

2) The WireGuard VPN Server subnet will be allowed to talk to the NAS IP

3) The WireGuard VPN Server subnet will be blocked from accessing the LAN subnet


By doing this, the VPN clients will be able to access the NAS but not any of the other LAN devices, am I correct?