• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Which is theoretically more secure? (VPN vs. Firewall rules)

dave_the_nerd

dave_the_nerd

Lifer
So, I have some stuff at home I wouldn't mind being able to access remotely.

I've used port forwarding in the past. It works, but I feel creeped out - like I'm showing the universe my underwear. Even if I have authentication set up - I just don't trust myself when it comes to setting up a secure public server.

I've also used the VPN server built into my router. It also works, but it isn't accessible from everywhere. (Some places seem to block the GRE (?) packets that are used to establish a PPTP connection.)

Which is better, theoretically? What if I wanted to have multiple users? (The VPN supports up to 10 users, I'd only be using 2-3.) Also, I'm using PPTP right now because that's built into my phone, but i also have the option of OpenVPN - is one particularly superior to the other?
 
PPTP should be retired. Go OpenVPN.
Also, VPN just makes the pipe secure, the firewall is what secures your home network.
 
Last edited:
sdifox said:
PPTP should be retired. Go OpenVPN.
Also, VPN just makes the pipe secure, the firewall is what secures your home network.
Click to expand...
Yeah, I have a typical built-into-the-router firewall, set to basically not allow anything in. I'd rather not start poking holes in it if I can get a VPN working properly.

Did some more reading; didn't realize PPTP was so outdated. Thanks for the heads up.
 
sdifox said:
dont need vpn for plex... access to files is doable as well. Minecraft as well.
Click to expand...
Right, but I'd have to mess with that port forwarding stuff.

Is one method generally regarded as superior to the other? I notice most businesses don't stick their file servers on the public WAN.
 
dave_the_nerd said:
Right, but I'd have to mess with that port forwarding stuff.

Is one method generally regarded as superior to the other? I notice most businesses don't stick their file servers on the public WAN.
Click to expand...

opening port for plex is not exactly rocket science. one port, that is it.

I am not saying open up your file server, I am saying use TeamViewer to transfer files.

plex%252520port%252520forward.png
 
Last edited:
I would go with VPN.

You still need to forward ports, however I would prefer to let OpenVPN handle the port traffic and security rather than my firewall.

What Ports need to be forwarded?

(From the OpenVPN site):Short answer: TCP 443, TCP 943, UDP 1194Long answer: By default OpenVPN Access Server has 2 OpenVPN daemons running. One of them on UDP port 1194 and another on TCP 443. We recommend that you use the UDP port because this functions better for an OpenVPN tunnel. However, many public locations block all sorts of ports except very common ones like http, https, ftp, pop3, and so on. Therefore we also have TCP 443 as an option. TCP port 443 is the default port for https:// (SSL) traffic and so this is usually allowed through at the user’s location.TCP port 943 is the port where the web server interface is listening by default. You can either approach this directly using a URL like https://yourserverhostnamehere:943/ or by approaching it through the standard https:// port TCP 443, since the OpenVPN daemon will automatically internally route browser traffic to TCP 943 by default. (https://yourserverhostnamehere/).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top