Jump to content
Not connected, Your IP: 3.145.109.144

Recommended Posts

Hello,

I just would like to know how things work.

I am aware that AirVPN blocks all ports and that is the way I like it. Say for instance only, if it would not block all ports and I would have to have a firewall to block ports on a Linux PC, could I have a firewall blocking ports.

I take it that the VPN tunnel would start from the adaptor of the PC and extend to the VPN server. Where would the firewall sit?

If I would port probe the VPN server of my tunnel that has all ports open, could someone see into my PC?

Would the connection chain be, The program on the PC to the firewall to the start of the tunnel (the nic) to the VPN server?

Or, The program on the PC to the start of the tunnel to the firewall to..........?

Thanks for answering.

Share this post


Link to post

Or would the VPN tunnel extend from the router to the VPN server. In this case a firewall could be on the PC or a firewall box or on the router. I don't know which?

Share this post


Link to post

Lots of different questions, let's try and untangle this:

 

Where would the firewall sit?

A firewall that's deployed on your computer can be configured to filter all packets coming into (ingress filtering) and/or originating from (egress filtering) your computer's network interfaces.

Whenever your network interfaces try to communicate, the firewall will look at the packets (destination, target, port, protocol, ..) and decide whether to allow, deny, modify or redirect them.

Also, nothing connects to a firewall; it's a transparent layer that either lets you through or not.

 

 

Or would the VPN tunnel extend from the router to the VPN server.

If you establish a connection from your computer to a VPN server, your computer - not the router - is the endpoint of the tunnel.

Of course, your router is still part of the route, so if there's a firewall on your router, that will affect your computer too. Many routers are configured to not allow incoming traffic and/or port forwarding by default.

 

If I would port probe the VPN server of my tunnel that has all ports open, could someone see into my PC?

Unless you use AirVPN's Port Forwarding, a port scan of an AirVPN IP will not reveal any of your computer's services / ports.

 

Regardless of whether you use VPNs or not, it is generally recommended to have your computer's firewall deny incoming traffic by default and selectively open ports for incoming traffic when such a need arises.

 

With regard to VPNs, the talk about firewalls is usually about egress filtering: Configuring the firewall to deny outgoing traffic by default, only allowing communication to AirVPN entry servers. This will prevent accidental, unsecured communication.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...