OpenVPN Security
Posted: Sun Jan 29, 2023 9:18 pm
I have just got my first OpenVPN server and 2 clients working. The server is hosted on an old Windows 10 laptop in my home network. I tried to get a Raspberry Pi but was unable to source one, delivery delay of up to 1 year expected.
I built two different clients on my own laptop and tested them both by connecting the laptop to my mobile hotspot and then connecting to the server. All seems to be working, including routing of specific URLs over the VPN while the rest of my traffic is routed normally.
My problem is that I am worried about exposing my home network to the big bad internet. I have used port forwarding to allow the VPN traffic through the router and on to the server host. I think this means my port is open, right? I tested it using Nmap and it says it is Open/Filtered which I think means that it is not 100% sure if it is open or not? If it is open, then isn't it true that my entire network is vulnerable?
I tried isolating the server host by connecting it to the Guest WiFi but when I tried to port forward to the address of the server host, the router rejected it as an invalid address. Presumably this was because it was in a different subnet than that defined in the router.
Is my reasoning correct? Is my network vulnerable due to the port forwarding? If so, is the only way around this to buy a router with OpenVPN capability to act as the server?
I built two different clients on my own laptop and tested them both by connecting the laptop to my mobile hotspot and then connecting to the server. All seems to be working, including routing of specific URLs over the VPN while the rest of my traffic is routed normally.
My problem is that I am worried about exposing my home network to the big bad internet. I have used port forwarding to allow the VPN traffic through the router and on to the server host. I think this means my port is open, right? I tested it using Nmap and it says it is Open/Filtered which I think means that it is not 100% sure if it is open or not? If it is open, then isn't it true that my entire network is vulnerable?
I tried isolating the server host by connecting it to the Guest WiFi but when I tried to port forward to the address of the server host, the router rejected it as an invalid address. Presumably this was because it was in a different subnet than that defined in the router.
Is my reasoning correct? Is my network vulnerable due to the port forwarding? If so, is the only way around this to buy a router with OpenVPN capability to act as the server?