Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Access Point on third interface
« previous
next »
Print
Pages: [
1
]
Author
Topic: Access Point on third interface (Read 3022 times)
manuel
Newbie
Posts: 26
Karma: 1
Access Point on third interface
«
on:
September 09, 2017, 02:17:31 pm »
Hello
I would like to connect an AP to the third interface on my OPNsense FW. The plan is that some dedicated and authorised WLAN Clients in the office can access everything on the LAN Net (Windows Servers and NAS) and also access the internet. But if a hacker from outside the office gains access through the AP to the net he can do nothing and all traffic to the WAN (Internet) and LAN will be blocked.
How would you do that? Create some MAC based firewall rules? Is that possible? FW rules based on IP doesn't make sense and also MAC addresses could be spoofed. What would be the most secure approach?
Thank you very much for your answer.
Manuel
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Access Point on third interface
«
Reply #1 on:
September 09, 2017, 02:36:22 pm »
The most secure approach would be allowing a single port to the firewall - the port of an OpenVPN instance. All the traffic to the firewall is encrypted twice (by the WLAN and the VPN) and an attacker in the WLAN see the OpenVPN packets in worst case, but cannot see any content.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Access Point on third interface
«
Reply #2 on:
September 09, 2017, 02:37:39 pm »
Additional: On Linux, the NetworkManager supports this setup native.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Access Point on third interface