Ep 123 – April 7 – pfSense and VPNs

Martin Uncut
Martin Uncut
Ep 123 - April 7 - pfSense and VPNs
  • Fun to be back – yesterdays episode (Ep 122) – was recorded at home in the closet, on my iPad, while taking care of my sick 3 year old. That explains the not ideals sound quality.
  • Situation before I started this project
    • Office (or man cave) – old Linksys WRTG router. NAT.
    • Home – telco provided switch (technicolor) – had it for 6-7 years – never changed any passwords. Super slow
  • Wanted to be able to connect with the network at the office remotely especially since I’m planning to have stationary equipment there lika a computer and a NAS.
  • NAT being an issue.
  • Looked around and found pfSense (open source fw ).
  • Wanted an appliance – not a computer around – especially not at home.
  • One at home and one at the office
  • Currently for firewall and routing and also a OpenVPN connection between the sites where I route traffic.
  • Currently main use of that tunnel is to have access to my NAS from both directions. The NAS it not overly used since it is 10+ years old and I don’t trust it to live – thus it will be exchanged very soon.
  • How is it done?
    • Basic setup of the unit
    • Configure the interfaces
    • On the home unit – configured as an OpenVPN server with a preshared key
    • On the office unit – configured as an OpenVPN client
    • Home has a fairly static IP (same for at least 3 years now) – easy for the office to connect to that.
  • What will I do
    • Changed DNS provider – setup a local resolver that will forward to Quad9. Local routing to push all DNS-traffic to the local resolver.
    • Setup a OpenVPN Server for road-warrior setup – this way I should be able to get to the office and the NAS/Computer from whereever I am and also from my iPad.
    • Additional security review and modifications – IDS and monitoring?