I posted this question on the Networking section, but it seems that despite the interest nobody came up with a solution, so I’d like to suggest a video on this solution. I’m particularly interested in understanding whether there is an additional security benefit on not opening inbound ports on pfSense.
1 Like
Just use OpenVPN at home, putting a jump box in between adds to the complexity but not necessarily to the security.
2 Likes
Thank you @LTS_Tom, but would you mind elaborate why it would not add to the security? I thought not opening inbound ports on pfSense would help with security.
1 Like
You are just moving the point of access to be the jump server. Also, OpenVPN is a well vetted solid protocol for access.
2 Likes
IDK, I am mixed on this. Site to site VPN requires you to punch holes ingress to the destination network, where as a jump server doesn’t. With regards to something like Zero Tier, you ALMOST face the same issue as a hosted solution. However with a cloud hosted Jump Box, you control the base security and the certs, the server, all the things etc. If you lock down that MGMT Interface good enough with IPTables and put in some things like BFD and APF to thwart some of the everyday scanners/crackers out there, you might have something there. https://www.rfxn.com/
I have another reason to do this.
I have a server at home running a few service, basically Next cloud.
My ISP doesn’t allow to open port 80.
So i cannot setup a reverse proxy at home (lets encrypt requires port 80 to be open)
So setup an openvpn server at home, connected a VPS and setup reverse proxy on the VPS to access nextcloud and other servers on my home server 