Re: Is allowing an IPSEC tunnel from my LAN secure?
Any time that you allow connectivity from a resource inside your network to resources outside your network there is some degree of insecurity introduced. Making that connection over an IPSec VPN reduces the degree of insecurity but does not eliminate it.
We can identify a good side and a bad side of allowing the connectivity over an IPSec VPN. The good side: the VPN will encrypt the traffic (which is probably passing over an insecure media), will authenticate the other end of the connection assuring that the data is coming from a trusted source. It will protect against packets that were changed in transit, and against attempts to replay the traffic and other types of man in the middle attacks.
The bad side: if you have a firewall protecting your network traffic, the firewall will only see encrypted traffic which it must trust without knowing what is the content. You are opening some exposure by allowing traffic from the outside to the VPN client and it might be possible that if the other end of the connection were compromised that it could transmit problems onto your network. So if you trust the other end of the connection you should be fine, but if you do not trust the other end of the connection then there could be problems.
In general I would say that connecting over VPN is safer than connecting over clear text. But there is a certain degree of risk in allowing connections over VPN.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...