Yep, I thought that one was obvious but thanks for explaining.
So what managed switch is used then ? I know I think that it can provide, IDS/IPS etc but wouldn't be cheaper for business to just use PfSense as it can provide similar capabilities and features but for free ?
So, how did you get back into it and fixed it ? When Web Interface is locked I imagine there's no other way to get into the box than either tunnel to it via SSH or do a factory reset and restore the configuration file ?
I'm a bit confused by it, I won't be getting another two routers but rather Wi-Fi access point which I would need to pin via Ethernet Port to the PfSense box. Also, I don't think that changing IP addresses like [PFsense 192.168.1.1 / Access Point 192.168.2.1] would do any good because the Access Point is plugged under PfSense and the users under this AP can for example still run scan PfSense IP and discover various devices connected under PfSense box as well as access it's web configuration page. At least that was the case when I was playing around with normal router without VLANs which then had another router connected on the LAN side. I don't know if I have explained it the right way but I have tried my best to do so.
In the recent days I have done more research about Intel processors and their security and it looks like I would rather build my own mini box using AMD Ryzen processor because there are new vulnerabilities in Intel's micro chips which affects most of the Intel processors. I know there will be fixes coming down in a couple of weeks but I think until they appear in PfSense it might take some time. COming back to those vulnerabilities, they are called Meltdown and Spectre. There are no cases in the wild but PoC was released and I would rather not risk anything as it's the matter of time until someone figures it out and start attacking various targets.
Now, to the build itself, I just need to look for AMD Ryzen processor which supports AES-NI and it should work fine I presume ?
Thanks for providing links. I'm a bit confused about selective routing, why do you need to use it ? Sorry, I'm kindda new to PfSense as it's my first time using it. Also, I have find some security issues with some VPN's and I was wondering when deploying OpenVPN via PfSense I would be vulnerable to it ?
Massive security issue:certain VPN providers on OE. Even tho that it looks like the issue is with a VPN Provider as well as the specificly mentioned "OS", I was wondering if this could expose any internal servers, other computers or simply my my PfSense services like SSH in my network to the internet aka WAN side by just using VPN Provider + OpenVPN ?
It might be a stupid question but I would like to ask to make sure I have the right information, when using OpenVPN on the router level, does that mean we as user's give the VPN provider access to all our network and computers since PfSense is our main router which handles our network and its devices, or does VPN only applies to internet packets when travelling from one location to another ?
Last edited:
