security concerns with openvpn client running in jail

Status
Not open for further replies.

wonho

Cadet
Joined
Jun 22, 2018
Messages
3
Hi,

I am trying to set up a freeNAS box which will act as an off-site backup for a freeNAS running at local site. Current plan is to set up a openVPN client in off-site freeNAS box in jail with static route. The off-site freeNAS box will be connecting to openVPN server at the local site and back up storage server. The off-site freeNAS box will be placed in personal home network, where other home devices will be on the network.

Are there any security concerns with this setup? Rather than openVPN's own vulnerabilities?

I have been trying to research on this topic, but I am very new to all this and hard to find something that matches my keywords. I did have read that it is generally recommended to separate freeNAS box from firewalls or VPN server/clients somewhere. I am also considering purchasing a separate mini-firewall device if the current plan is not sufficient enough in terms of security.

Please enlighten me!
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,556
There are several routes to take when considering placing a FreeNAS box in a alien network. But it all boils down to the fact that just like in your own home, you want control after the first interface. You don’t want to rely on the NAT, DNS or NTP of the alien network. Treat it as WAN and you are on a good way to success. Jails are problematic as they initiate after the network stack on the host, but it can be done. Virtualizating FreeNAS and pfSense and thus creating a datacenter-in-a-box is another route, but it has its own challenges. The one I have opted for in the past is having a dedicated hardware pfSense firewall, NTP and DHCP server velcroed to the NAS.

Whatever route you take there are plenty of resources on how to accomplish the individual components on this forum and on the all mighty Google
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,776

gt2416

Patron
Joined
Feb 4, 2018
Messages
262
Lol Patrick before I even clicked on the thread I wanted to suggest that. pfSense is 100% the true answer if you dont want to worry about all this. DNS leaks etc are a thing of the past with a powerful firewall, really worth researching it.
 

wonho

Cadet
Joined
Jun 22, 2018
Messages
3
Thanks everyone for the tips and recommendation.

Possibly this product fits your requirements?
https://www.netgate.com/solutions/pfsense/sg-1000.html

This was actually what I have been considering. I've read some reviews that this device is quiet under-powered. I am not sure if it is enough for the operation which will be mirroring of the on-site backup through fiber connection. I guess I will perform some testing once I get the hands on the device.

I have also came across some bug reports considering static route via openVPN jail, that FreeNAS drops the connection to the static routes.

I think I will be testing both options, since pfsense microfirewall is quiet cheap.
 
Status
Not open for further replies.
Top