Jump to content
Not connected, Your IP: 3.236.112.101
Sign in to follow this  
Guest

Question on LAN security Linux

Recommended Posts

Guest

Hi there,

I am totally new to vpn and I just curious about how that all works and how to do it right, and now I am quite confused about thousand different setup methods.

 

I have a plain linux box which runs a service Y on a specific port that shall go throught airvpn.

So far I only read that once openvpn is started all traffic goes through the vpn.

 

If I simply start the vpn as descibed here

https://airvpn.org/topic/11431-using-airvpn-with-linux-from-terminal/

 

on the box does this mean that everyone on the other side of the vpn can portscan/connect to services that

are running on that box?

 

If I manage that box from another client in my LAN via a vncserver that is installed on that box, can I still reach the box after starting openvpn and can anyone on the other vpn side connect to the vncserver?

 

So my question is what is the easyest way to route only service Y to the vpn and make incomming (from the vpn) request route only to service Y's port?

 

Share this post


Link to post
Guest

Ok I just read that by default all incomming ports on the vpn are blocked. So I dont worry anymore about that someone tries to portscann me.

Share this post


Link to post

The netlock feature of AirVPN I think is one of its biggest selling points. It really, really locks things down. On the down side (sort of), if you're trying to do something new with your router, you don't know if you're going to be messing up AirVPN or vice versa, in the case you would like to try VLAN isolation or bridging, or remote port forwarding, which I have still had trouble getting to work properly. Theres's nobody who can really help you exactly, since your system and your needs are so unique as all of ours are, and people don't really know how to integrate airvpn into whatever it is you're trying to do necessarily. So it's been very touch and go for me on that front. Just keep network lock on the moment your LAN goes live. It should be noted that it can't protect you from LAN-side attacks, but this is mostly a problem with people who have wireless, bluetooth and IoT devices like Roku and other garbage.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...