OpenVPN configuration: Difference between revisions

From FnordWiki
Jump to navigation Jump to search
(Created page with "Wouldn't it be nice to talk to the private network resources through some sort of secure channel? We make use of [https://openvpn.net/ OpenVPN] for that. This will allow pri...")
(No difference)

Revision as of 19:39, 7 January 2018

Wouldn't it be nice to talk to the private network resources through some sort of secure channel? We make use of OpenVPN for that. This will allow private, authenticated traffic flow over potentially hostile networks.

Some quick bits about the config:

  • Private PKI in use to do certificate based authentication
  • TLS HMAC auth (tls-auth config option) in use. Migrate to using tls-crypt when all clients are compatible (OpenWRT wifi APs for instance probably need updating)
  • template based client and server config file creation
  • client-to-client in use to allow two VPN client systems to talk with each other instead of bouncing through a third system
  • ciphers are currently manually chosen -- after testing all clients, consider switching to "negotiable crypto parameters", an OpenVPN 2.4 feature
Retrieved from "https://wiki.fnord.greeley.co.us/mediawiki/index.php?title=OpenVPN_configuration&oldid=967"