LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-14-2011, 12:37 PM   #1
richinsc
Member
 
Registered: Mar 2007
Location: Utah
Distribution: Ubuntu Linux (20.04)
Posts: 224

Rep: Reputation: 32
Public Facing OpenVPN (When to use)


This is more of a security related question then a software related question hence the post here. Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.

Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show.

To see what I am talking about see page(s) 6-7 here -> http://www.openvpn.net/images/pdf/Op...uide_Rev_1.pdf

If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
 
Old 02-14-2011, 12:50 PM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,262

Rep: Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679Reputation: 1679
I would never put an OpenVPN server out in the open. I would put it in a DMZ behind a Firewall.

I think the picture is misleading. It seems to leave out firewalls, routers, switches, cables or any hardware, and shows only an overview of what should happen.

I think it is *implied* that there should be a firewall behind the grey cloud.

This is also supported by the next few paragraphs in the documentation, as it mentions a border firewall that OpenVPN would be behind, and which ports would need to be open and forwarded.

I believe the reason behind this misleading graphic, is that it is in the "Overview" section. Overview sections are general, and leave out minute details. In the very next section, a more fine grained explanation of the openvpn architecture is explained and the graphic uses a firewall. So, I would ignore this "Overview" section, and concentrate on the 2.2.1 section of how things should be done.

Last edited by szboardstretcher; 02-14-2011 at 12:53 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure Bind 9 for a public facing dns j.smith1981 Linux - Server 3 01-21-2011 03:19 AM
[SOLVED] Opening FTP service on public facing website for 3rd party maintenance access albertwt Linux - Security 6 11-04-2010 09:13 AM
OpenVPN assigning public & static IPs to pcs/devices behind an OpenVPN client dgonzalezh Linux - Networking 6 07-18-2010 09:50 AM
Using a Public-Facing SSH Server to Broker a Connection Between Two Clients nko Linux - Networking 1 02-22-2010 07:14 PM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 02:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration