Bryan Ponder's picture

I would like to setup a vpn with the following setup:

Remote Client -> Internet ->Public VPN Interface -> Private VPN Interface -> Private Network

When I setup openvpn using a public IP it is immediately accessible via the web gui.  This obviously is not good. I do not want the OpenVPN web gui accessible on the public IP side ever.  With that said the wizard states that I need to enter a IP that is reachable by the clients. How do I accomplish setting this up securely?

Jeremy Davis's picture

It sounds like you are on the right track. You need a public IP, or otherwise you have no way of connecting into your private network. The web interfaces on the server bind to the public interface by default (such as the landing page via HTTP or HTTPS, Webshell via HTTPS on port 12320 & Webmin via HTTPS on port 12321). That doesn't really create any security issue (so long as you have good passwords set).

However you can change that if you wish. E.g. you could disable the webserver so there is no response via HTTP or HTTPS.

Add new comment