OpenVPN configuration

From FnordWiki
Revision as of 19:39, 7 January 2018 by Adj (talk | contribs) (Created page with "Wouldn't it be nice to talk to the private network resources through some sort of secure channel? We make use of [https://openvpn.net/ OpenVPN] for that. This will allow pri...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Wouldn't it be nice to talk to the private network resources through some sort of secure channel? We make use of OpenVPN for that. This will allow private, authenticated traffic flow over potentially hostile networks.

Some quick bits about the config:

  • Private PKI in use to do certificate based authentication
  • TLS HMAC auth (tls-auth config option) in use. Migrate to using tls-crypt when all clients are compatible (OpenWRT wifi APs for instance probably need updating)
  • template based client and server config file creation
  • client-to-client in use to allow two VPN client systems to talk with each other instead of bouncing through a third system
  • ciphers are currently manually chosen -- after testing all clients, consider switching to "negotiable crypto parameters", an OpenVPN 2.4 feature
Retrieved from "https://wiki.fnord.greeley.co.us/mediawiki/index.php?title=OpenVPN_configuration&oldid=967"