Thursday, October 10, 2019

Closed port on public IP

Hi guys,

So I need your help. I’m terrified of getting hacked. I have a open vpn server running FreeBSD. I set it to use custom port 667 on UDP.

I put the vpn Server behind a sonicwall into the DMZ zone to separate it from the company LAN.

I’ve forwarded traffic coming into port 667 into the DMZ network IP of the OpenVPN server.

Now if I do a port scan on my public IP I can see port 667 is closed. All other ports are invisible. I use more than one public IP.

I know that theoretically you would need to have the keys and crts to get into port 667 remotely. But it makes me nervous leaving something this valuable on the public internet, even though it’s closed.

I could put a proxy server in front of it to add an additional layer of security. Basically making my OpenVPN server appear to be a proxy server on port 443. The sending clients with the keys through to port 667 after connecting to the Proxy. Then if I do a port scan only port 443 appears to be open, while all other ports are invisible.

But then again the proxy may hide port 667 but it does leave open port 443 with basic login credentials, but getting into the proxy wouldn’t allow access to the VPN, you’d have to be crazy smart to get access to the VPN server after connecting to the proxy. You’d have to know how it was all setup, I don’t think a hacker could figure out there was even a vpn server running on the same computer as the proxy server. I don’t know. Maybe.

What are the chances I get hacked if I leave port 667 closed on the public internet installed on an up to date FreeBSD install?



No comments:

Post a Comment