Page 1 of 1

1 rpi + openvpn + Domoticz + pihole > secure???

Posted: Sunday 08 December 2019 15:43
by Jan Jansen
Today I thought of my lack of knowledge. I now wonder whether my system is sufficiently secure.

Openvpn, domoticz and pihole run on the same raspberrypi. It works as desired but I don't know if this setup is safe. In my router only port 1194 (openvpn) to the raspberrypi is open. Fail2ban is also installed on the same raspberrypi with prisons for openvpn and ssh. Fail2ban is working properly.

However, I am now worried about potential risks caused by pihole. My internet traffic now runs through the joint raspberrypi (pihole). I use a strong password for the pihole web interface.

Who can take away my worries?

Thanks in advance

Re: 1 rpi + openvpn + Domoticz + pihole > secure???

Posted: Sunday 08 December 2019 16:47
by jake
Jan Jansen wrote:Today I thought of my lack of knowledge. I now wonder whether my system is sufficiently secure.

Openvpn, domoticz and pihole run on the same raspberrypi. It works as desired but I don't know if this setup is safe. In my router only port 1194 (openvpn) to the raspberrypi is open. Fail2ban is also installed on the same raspberrypi with prisons for openvpn and ssh. Fail2ban is working properly.

However, I am now worried about potential risks caused by pihole. My internet traffic now runs through the joint raspberrypi (pihole). I use a strong password for the pihole web interface.

Who can take away my worries?

Thanks in advance
I've exactly the same setup. Pihole is none of your worries, since it's only the middle man retrieving DNS requests. The only real worry is the OpenVPN port, because that one is exposed to the world. A brute force attack on the poor RPI will bring it down, I suppose.

Re: 1 rpi + openvpn + Domoticz + pihole > secure???

Posted: Sunday 08 December 2019 18:58
by gizmocuz
Hmmm ain't a Synolog nas running openvpn even worse ? (CPU wise ?)
If you keep your system up2date (via unattended-upgrades) I it should be very secure.
But you can also forward a different port then 1194 to openvpn to make it harder to scan

Re: 1 rpi + openvpn + Domoticz + pihole > secure???

Posted: Sunday 08 December 2019 19:07
by Jan Jansen
@ Jake, @ Gizmocuz,

Thanks for the replys.

I conclude that changing the port to a 5-digit number should be sufficient.