7 April 2022

April 7 - pfSense and VPNs

Play0:00-0:009 min
  • Fun to be back - yesterdays episode (Ep 122) - was recorded at home in the closet, on my iPad, while taking care of my sick 3 year old. That explains the not ideals sound quality.
  • Situation before I started this project
    • Office (or man cave) - old Linksys WRTG router. NAT.
    • Home - telco provided switch (technicolor) - had it for 6-7 years - never changed any passwords. Super slow
  • At home I got a set of Netgate WIFI 6 router and satelites (from Dreves)
  • Wanted to be able to connect with the network at the office remotely epecially since I'm planning to have statiotionary equipment there lika a computer and a NAS.
  • NAT being an issue.
  • Looked around and found pfSense (open source fw ).
  • Wanted an applience - not a computer around - especially not at home.
  • 2100, 3100/4100 and 6100 - choose the expensive one (because the amount of data it can push through)
  • Probably over did it a bit - but atleast it will not dissapoint me
  • One at home and one at the office
  • Currently for firewall and routing and also a OpenVPN connection between the sites where I route traffic.
  • Currently main use of that tunnel is to have access to my NAS from both directions. The NAS it not overly used since it is 10+ years old and I don't trust it to live - thus it will be exchanged very soon.
  • How is it done?
    • Basic setup of the unit
    • Configure the interfaces
    • On the home unit - configured as an OpenVPN server with a preshared key
    • On the office unit - configured as an OpenVPN client
    • Home has a fairly static IP (same for at least 3 years now) - easy for the office to connect to that.
    • I also setup some watch dogs
  • Problem with working when I was in the office - but stopped working as soon as I left. Pluggin out my laptop from LAN1 caused the interface go down and with that the network.
  • What will I do
    • Changed DNS provider - setup a local resolver that will forward to Quad9. Local routing to push all DNS-traffic to the local resolver.
    • Setup a OpenVPN Server for road-warrior setup - this way I should be able to get to the office and the NAS/Computer from whereever I am and also from my iPad.
    • Additional security review and modifications - IDS and monitoring?
  • What is my thoughts so far
    • I have used it for a month now.
    • Stable - hardware and software. Tunnel never gone down.
    • Insanly over powered for me
    • What would I have done differently - probably gone with the 4100 instead.