Security tips for OpenVPN, iptables and port forwarding Stay protected with best practices for network configurations
Security tips for OpenVPN, iptables and port forwarding Stay protected with best practices for network configurations
Hello good people, I could need some security/network architecture advise. My iptable for my Raspi looks like the following: My internal network is build like: Internet | Router -192.168.111.1 - Port Forwarding, 1888 (openvpn) to Pi | Raspi - 192.168.111.10 (PiHole,OpenVPN) Does my iptables make sense? Is there anything I can add or change to further improve security? I plan to change the openvpn port to 443 so I can use my tunnel even on port restricted public wifis. How would I secure my network if I am changing that? I read about using a proxy and an SSL certificate if I make 443 available as openvpn entrance from the outside. Greetings and thanks in advance
Because you're only using port 1888 (or 443), the IP table concern is minimal as your router handles the firewall role. It seems unclear what purpose you have for port 443—if you don’t host a website, you can inform the OpenVPN server to bind there and clients to connect on that port.
I'm managing owncloud, dokuwiki, pihole, a status monitor, and more on nginx. I decided to listen on port 443 externally and route it to 1888 internally to avoid conflicts with nginx. It seems to work perfectly. You're correct—I'm behind a router and using certificates for OpenVPN, so it should be secure. Since I'm still learning about security, I wanted to confirm everything is safe. I also considered setting up a DMZ.
This approach focuses on limiting potential harm when parts of a system are breached. Advanced security measures such as DMZs help reduce the impact of attacks by containing vulnerabilities.