- Apr 17, 2010
- 1,372
- 41
- 91
Have been playing with OpenVPN for a couple days and I find it confusing. Especially when it comes to users/certs. Here is what I have done:
1. Installed OpenVPN onto Ubuntu 13.10 Server
2. Uploaded a purchased CA SSL cert to the OpenVPN webserver so that I can connect to the server from the internet and the browser won't complain it's not trusted.
3. Add users to the user authentication area and use PAM
4. After I download the client to a remote computer/phone I can connect to my server by putting in my PAM credentials and I then have LAN and internet access through the VPN which is the goal.
My question has to do with certs. I keep reading all over the place about PKI and setting up a CA in order to sign client certs. I have no idea what the hell any of that is. I didn't do any of that. I just added my user name to the User Management area of OpenVPN server and I log on with my linux username/password.
I'm assuming the way I am currently doing it is not secure. Someone could easily brute force the username/password against the server in order to gain access to my entire LAN (which would be bad).
Are using the cert files in OpenVPN similiar to how SSH can be used with keys? For example, I have SSH locked down so that you cannot log onto my Linux boxes with usernames/passwords. You must use keyfiles that are associated with the servers public key.
What is the recommended way to login to OpenVPN servers?
1. Installed OpenVPN onto Ubuntu 13.10 Server
2. Uploaded a purchased CA SSL cert to the OpenVPN webserver so that I can connect to the server from the internet and the browser won't complain it's not trusted.
3. Add users to the user authentication area and use PAM
4. After I download the client to a remote computer/phone I can connect to my server by putting in my PAM credentials and I then have LAN and internet access through the VPN which is the goal.
My question has to do with certs. I keep reading all over the place about PKI and setting up a CA in order to sign client certs. I have no idea what the hell any of that is. I didn't do any of that. I just added my user name to the User Management area of OpenVPN server and I log on with my linux username/password.
I'm assuming the way I am currently doing it is not secure. Someone could easily brute force the username/password against the server in order to gain access to my entire LAN (which would be bad).
Are using the cert files in OpenVPN similiar to how SSH can be used with keys? For example, I have SSH locked down so that you cannot log onto my Linux boxes with usernames/passwords. You must use keyfiles that are associated with the servers public key.
What is the recommended way to login to OpenVPN servers?
Facebook
Twitter