Hi,
I wonder how I can secure this kind of topology.
I have 2 internal networks on a pfsense (192.168.1.0/24, 192.168.2.0/24)
There is no firewall rule allowing communications between these two networks.
Then I want to have 2 openvpn servers (10.10.1.0/24 on port 1194, 10.10.2.0/24 on port 1196)
I want to connect 10.10.1.0 on 192.168.1.0 and connect 10.10.2.0 on 192.168.2.0 but I want to be sure that one vpn cannot connect to the ressources of the other vpn (10.10.1.0 cannot have access to 192.168.2.0 or 10.10.2.0 and the same the other way 10.10.2.0 cannot have access to 192.168.1.0 and 10.10.1.0)
I have tried some configuration on the openvpn interface in the firewall (doing one rule for each vpn network) but not really sure it’s done the right way…
Thanks a lot for your help !!!
I think that should be straight forward.
The traffic for your network exits via the VPN gateway, setup the rules in the VPN to not allow it to see the other network and vice versa. That way the two networks should be totally isolated.
Once you’re done with the configurations, test it. Nothing beats making sure it is doing the things you need it to do.
Ping, traceroute, port scan.
From the networks to the VPN devices, from the VPN connected devices back to each of the internal networks, between the internal networks, between the connected devices.