what are the vulnerabilities installing openvpn client on a customer's unattended server?

Posted by senorsmile on Server Fault See other posts from Server Fault or by senorsmile
Published on 2012-09-18T21:26:08Z Indexed on 2012/09/18 21:40 UTC
Read the original article Hit count: 213

Filed under:

freebsd

|

openvpn

|

pfsense

|

bsd

We run Pfsense as our primary firewall. We also have OpenVPN server running on that box to allow us to remotely connect to our network. My question is: if we have a customer's mostly unattended server that we want to access remotely, what security vulnerabilities are there to installing openvpn on the customer's server as a client connecting to our network.

Presumably, we would want to limit/restrict that server's access to the rest of our network. How do we lock openvpn down and are there ways to detect abnormal activity coming from an openvpn client?

© Server Fault or respective owner

Related posts about freebsd

FreeBSD performance tuning. Sysctls, loader.conf, kernel

as seen on Server Fault - Search for 'Server Fault'
I wanted to share knowledge of tuning FreeBSD via sysctl.conf/loader.conf/KENCONF. It was initially based on Igor Sysoev's (author of nginx) presentation about FreeBSD tuning up to 100,000-200,000 active connections. Tunings are for FreeBSD-CURRENT. Since 7.2 amd64 some of them are tuned well by… >>> More
Boot FreeBSD/FreeNAS (their bootloader) from isolinux?

as seen on Super User - Search for 'Super User'
I'm creating a multiboot cd but have trouble with the FreeNAS/FreeBSD boot loader. If the image has isolinux, its just basically to copy & paste their config, but with the FreeBSD loader its different. Can someone please help me with this one? :) Thanks! >>> More
FreeBSD 8 Kernel Configuration Error Using the VESA Option

as seen on Server Fault - Search for 'Server Fault'
I'm trying to reconfigure FreeBSD 8 (amd64) to allow for a high resolution terminal by following these instructions. The problem is that when I add the two lines: options VESA options SC_PIXEL_MODE and try to build: make buildkernel KERNCONF=VESAKERN I get the following error: /usr/src/sys/amd64/conf/VESAKERN:… >>> More
Ierrs on Network Interface - Pfsense/Freebsd

as seen on Server Fault - Search for 'Server Fault'
Hello all, We're using PfSense as an internal router/firewall (no connection to WAN). Using the Web-GUI, under Status --- Interfaces, there's one particular interface where I have some errors: In/out errors 3513/0 I then SSHed to the firewall to validate the info provided by the WebGUI and… >>> More
Mounting a share with spaces in FreeBSD fstab

as seen on Server Fault - Search for 'Server Fault'
I'm trying to mount a smb network share in fstab on FreeBSD, which works fine for a share without spaces, but fails if a space is in the name. I have replaced the space with \040 which is what everything on google has said, but that didn't help. Share name I'm trying to mount is "Data Backups". Share… >>> More

Related posts about openvpn

Encouter error "Linux ip -6 addr add failed" while setting up OpenVPN client

as seen on Server Fault - Search for 'Server Fault'
I am trying to set up my router to use OpenVPN and have gotten quite far (I think), but something seems to be missing and I am not sure what. Here is my configuration for the client: client dev tun proto udp remote ovpn.azirevpn.net 1194 remote-random resolv-retry infinite auth-user-pass /tmp/password… >>> More
OpenVpn: Setting Up Openvpn in Ubuntu 10.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am trying to setup OpenVpn Server on Ubuntu 10.04. I am not good in network concepts so its hard to understand the IP address that are given in the setup tutorial.. I could find many sites to setup openvpn server but i have few doubts in it. 1.I am mainly setting up the server to make it work… >>> More
pfsense peer-to-peer OpenVPN not connecting

as seen on Server Fault - Search for 'Server Fault'
I'm trying to setup a peer-to-peer OpenVPN between two pfsense servers running 2.0.1-RELEASE, but the client keeps getting the connection dropped, with a status of "reconnecting; ping-restart" and nothing appears to be routing between them. Both these firewalls are also doing PPTP VPNs that are working… >>> More
OpenVPN not connecting

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
There have been a number of post similar to this, but none seem to satisfy my need. Plus I am a Ubuntu newbie. I followed this tutorial to completely set up OpenVPN on Ubuntu 12.04 server. Here is my server.conf file ################################################# # Sample OpenVPN 2.0 config file… >>> More
openVPN GUI does not run error about error opening registry for reading HKLM\SOFTWARE\OpenVPN

as seen on Super User - Search for 'Super User'
I'm trying to run OpenVPN as a portable application and to that effect i have installed it on a Windows 7 machine, copied the files to another windows 7 machine and manually restored the registry settings using a .reg file. Whenever i try to run open vpn GUI i get the following error error opening… >>> More