Some of my devices connect back home via FW VPN so that they enjoy the FW protection as if they were in my home network. The FW app notifies me about such connections. However, it does not say which device connected (device name).
Theoretically, an intruder who got to know about my connection details could happily lock in without me noticing anything suspicious.
Is it possible to somehow identify the devices logging in (MAC address?), and if not, wouldn’t this be an important feature?
Firewalla distinguish VPN devices by the profiles if you are using wireguard, and there is no identifier if using openvpn. While I agree that this is good suggestion, particularly if I would like my mobile phone both at home and outside can automatically share the same rules and routes, for example, I am not sure if this is practical.
But this is unlikely a security feature, because if an intruder can get your VPN profile, I believe it is easier for them to get/spoof your MAC address.
This is a couple days old, but better late than never. As others have stated, you will not see individual device profiles for OpenVPN clients on Firewalla. I would recommend switching to WireGuard for a few reasons.
WireGuard is faster. WireGuard runs at speeds 3-5 faster than OpenVPN depending on which Firewalla product you have. The gold and gold plus max out at 120 Mbps whereas WireGuard will see speeds at 500 Mbps. On the Gold Pro, WireGuard reaches speeds of a rather impressive 2 Gbps where OpenVPN tops out at 500 Mbps. This is due to the fact that WireGuard requires significantly less processing power to encrypt and decrypt packets.
Firewalla generates individual device profiles for WireGuard clients whereas OpenVPN uses the same profile across multiple devices. You’ll see WireGuard clients listed individually in the Firewalla app. You can add this device to device or user groups where they will follow the rules of the assigned group or create device specific rules, thereby giving you greater insight and control over connected devices. OpenVPN devices cannot be managed individually, so any rule you apply to one device will apply to all of them. Also, if you have a security concern with one device (for example, it’s lost or stolen), you will need to reconfigure all of your OpenVPN devices. With WireGuard, you only have to delete the client profile in question, which will leave all your other clients unaffected.
The WireGuard client app allows you to configure the profile to connect on-demand and exclude certain Wi-Fi networks. This allows you to configure the client to automatically connect anytime it leaves your home network and automatically disconnect anytime the device connects to your home network. Again, this will give you better insight and control over devices. With OpenVPN, you can configure the client app to auto-connect, but it will stay connected even when connected to your home Wi-Fi. Due to the lack of individual profiles for OpenVPN clients and the speed limitations previously discussed, you will have no way to control connected devices individually and will likely be unable to fully utilize the bandwidth of your home network.
Setting up WireGuard is super easy. Just go to the VPN Server settings in the Firewalla app, enable WireGuard, and add a client for each device. You can then either download the client profile or simply scan the displayed QR code and you’re off to the races. To configure on-demand settings, edit the profile in the client app, enable on demand for Wi-Fi and Cellular, click on SSIDs, and add your home Wi-Fi network to the list of exceptions.
The Firewalla app tells you exactly which device is connected to it via VPN, or more specifically, the VPN Profile description. If you think a VPN profile has been compromised, delete it. (Referring to WG).
It tells me “Device from IP x.x.x.x connected to Firewalla Box via VPN.”
It is not listed in the Network Manager > Network Detail either.
So, where do I find the details?
Are you using OpenVPN or WireGuard?
Device profiles for VPN clients are only available for wireguard clients.
That said, you can go in to VPN server and look at “active VPN connections” to see what’s currently connected.