Split tunneling question, and security

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

snowatom

Occasional Visitor
I have created a strict policy rule for a VPN connection against one device (my Apple TV for streaming).

Should one disconnect this VPN connection when not in use, or is it safe to keep it connected?

What I’m really asking, is there some way that the VPN connection provider, can gain access to my network using the open connection?

edit: VPV typo corrected.

/snowatom
 
Last edited:

L&LD

Part of the Furniture
Of course, they can. Even if they state otherwise.

RMerlin firmware (I believe) disables that access by default on the 386.1 firmware and later.

Btw, VPV=VPN?
 

snowatom

Occasional Visitor
Of course, they can. Even if they state otherwise.

RMerlin firmware (I believe) disables that access by default on the 386.1 firmware and later.

Btw, VPV=VPN?
I saw that access is disabled by default “Inbound Firewall: block”. But does this prevent the VPN provider from getting in through the “open door”?
 

L&LD

Part of the Furniture
It's supposed to. I can't take an oath to that though. (not a scripter). :)
 

eibgrad

Very Senior Member
I saw that access is disabled by default “Inbound Firewall: block”. But does this prevent the VPN provider from getting in through the “open door”?

Yes. When enabled (blocked), that option prevents *anyone* from initiating connections inbound on the tunnel. It was added about a year ago at my request because most users are using commercial OpenVPN providers and only need *unidirectional* tunnels (i.e.. where only you need to initiate connections). Before this option was added, all tunnels were *bidirectional*, meaning it was possible for some rogue element at the VPN provider (user or malware) to potentially gain access into your network.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top