0

I'm setting up a secure remote RDP connection for a 3rd party user to perform maintenance operations on their machine installed in our site.

My frontend firewall is OPNSense and it gives me two built-in VPN options: OpenVPN, IPsec.

I'm familiar with OpenVPN, I never used IPsec before.

I would like to use IPsec to keep it clientless because Windows supports it natively but I'm not sure if it's the right option: I keep reading how IPsec is used in site-to-site configuration and SSL VPN should be used in "road warrior" scenarios.

Is there any reason, security related or otherwise, why I shouldn't use IPsec?

Improve this question
2
  • Have you considered WireGuard? It has a Windows client and is rock solid. Setting up IPSec through firewalls and potentially NAT is rather more challenging that OpenVPN or WireGuard in my opinion. For the latter two, you simply have to port forward a single UDP port.
    – garethTheRed
    Commented Nov 18, 2021 at 12:43
  • AFAIK WireGuard is still too fresh and if I have to go down the road of asking the remote user to install something, that would be the OpenVPN client. I'm not worried about firewalling and NAT because I'm using a test network that is segregated from our corporate network and directly exposed to the internet so I can do pretty much what I want. Including just port forwarding RDP to their machine but obviously we don't like that :-)
    – mfloris
    Commented Nov 18, 2021 at 12:50

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .