Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Does this VPN config look secure?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Does this VPN config look secure? (Read 747 times)
HomeLabEnthusiast321
Newbie
Posts: 1
Karma: 0
Does this VPN config look secure?
«
on:
March 22, 2024, 12:08:51 am »
I'm going to get an Intel NUC and set up OpnSense on it
My LAN is on the 192.168.1.0/24 subnet. My Synology NAS running OpenVPN server already occupies the 10.8.00/16 subnet.
In order not to overlap anything, I'm going to set up my WireGuard VPN on the 172.16.0.0/12 subnet.
1) Does this configuration look correct, or will I run into issues?
2) If I want my WireGuard VPN clients to only be able to talk to my NAS inside my LAN and no other LAN devices/resources, then I'll set up 2 rules:
#1: All IPs will be able to talk to the WireGuard VPN Server port
#2: The WireGuard VPN Server subnet will only be able to talk to the NAS IP, the LAN Subnet (192.168.1.0\24) will be blocked for the VPN Server subnet
The specific order of rules will be as follows, from top to bottom:
1) All IPs will be able to talk to the WireGuard VPN Server port
2) The WireGuard VPN Server subnet will be allowed to talk to the NAS IP
3) The WireGuard VPN Server subnet will be blocked from accessing the LAN subnet
By doing this, the VPN clients will be able to access the NAS but not any of the other LAN devices, am I correct?
«
Last Edit: March 22, 2024, 12:12:17 am by HomeLabEnthusiast321
»
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Does this VPN config look secure?
«
Reply #1 on:
March 22, 2024, 08:17:41 am »
No red flags - I would test WG and fix issues as they appear.
Logged
lfrieseke
Newbie
Posts: 4
Karma: 1
Re: Does this VPN config look secure?
«
Reply #2 on:
March 22, 2024, 04:42:31 pm »
But why using Wireguard and needless VPN clients when you can have all perfectly fine and safer with the onboard VPN clients in all operating systems inclusive mobile phones??
https://administrator.de/tutorial/ipsec-ikev2-vpn-fuer-mobile-benutzer-auf-der-pfsense-oder-opnsense-firewall-einrichten-337198.html
Logged
schnipp
Sr. Member
Posts: 371
Karma: 19
Re: Does this VPN config look secure?
«
Reply #3 on:
March 23, 2024, 06:37:55 pm »
The decision to favor one to another is more complex. Both VPN technologies/implementations have their strenghts and weaknesses. For most people wireguard is easier to configure than IPsec. Furthermore, it prevents making mistakes in tems of secure encryption, and the wireguard protocol is more state of the art. IPsec instead allows a more detailed configuration specific to use cases.
Especially, with IPsec and roadwarrior you can run into problems in case you do not own a puclic IPv4 address and you have to switch to IPv6.
Logged
OPNsense 24.7.1-amd64
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
Does this VPN config look secure?