Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

disallow all incoming traffic on the VPN interface #34

Open
adrelanos opened this issue Nov 6, 2017 · 1 comment
Open

disallow all incoming traffic on the VPN interface #34

adrelanos opened this issue Nov 6, 2017 · 1 comment
Labels
bug help-wanted

Comments

@adrelanos
Copy link
Owner

As reported by @notDavid (#29 (comment)):

Another question though, i was wondering why to allow all incoming traffic on the VPN interface?

Doesn't this make the system vulnerable, for example a vpn-server config where clients can access each others ips internally in the vpn network, would expose all open ports?
Would it not be better to disable that rule by default, so that only established incoming connections are allowed?
@adrelanos adrelanos added the bug label Nov 6, 2017
@adrelanos adrelanos mentioned this issue Nov 6, 2017
Open
@ghost
Copy link

ghost commented Nov 6, 2017

I tried blocking incoming tun interface traffic but I had connectivity issues with that. IIRC there were problems with key renegotiation, maybe related to blocked ping from server. Anyway I don't think this can be recommended in general use.

To protect system I advice instead:

  1. Don't use vpn server which allows p2p client access.
  2. Don't open ports on your system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help-wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adrelanos