Pi-hole/pi-hole
Pi-hole/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole.git synced 2025-04-30 04:54:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Updated Pi hole OpenVPN server (markdown)

DL6ER 2017-01-18 22:16:05 +01:00
parent 1759d0ed29
commit 66aa4d6022
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Pi-hole---OpenVPN-server.md

@ -79,7 +79,12 @@ Your whole network traffic will now securely be transferred to your Pi-hole.
![](http://www.dl6er.de/pi-hole/openVPN/VPNclients.png) ![](http://www.dl6er.de/pi-hole/openVPN/VPNclients.png)
--- ---
(Optional) If your server is visible to the world, you might want prevent port 53/80 from being accessible from the outside. You will still be able to connect to your Pi-hole from within the VPN. ### Optional: Security information
For security purposes, it is recommended that the CA machine should be separate from the machine running OpenVPN. If you loose control of your CA private key, you can no longer trust any certificates from this CA. Anyone with access to this CA private key can sign new certificates without your knowledge, which then can connect to your OpenVPN server without needing to modify anything on the VPN server. Place your CA files on a storage which can be offline as much as possible, only to be activated when you need to get a new certificate for a client or server.
---
### Optional: Firewall configuration (using iptables)
If your server is visible to the world, you might want prevent port 53/80 from being accessible from the outside. You will still be able to connect to your Pi-hole from within the VPN.
Using `iptables`: First, verify that there is no rule that explicitly accepts `http` requests Using `iptables`: First, verify that there is no rule that explicitly accepts `http` requests
``` ```