Re: Pptp vpn server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, 3 Nov 2010, Ross Walker wrote:

> As always it's better to use internally generated certificates that 
> are password protected then either passwords or certificates alone. 
> Having said that these password protected certificates are a PITA to 
> distribute to users and to support remotely.

The biggest headache with OpenVPN is PKI. The OpenVPN source ships 
with some scripts for doing certificate authority work, but eventually 
the administrator has to figure out PKI for all but the very smallest 
of deployments.

That said, OpenVPN deals very nicely with certificate revocations, 
making it easy to void a certificate if a key is lost, stolen, or a 
victim of the HR department.

I agree that distributing password-protected keys is a pain. In a 
savvy environment, you can show people how to encrypt their own keys 
using the openssl binary (even on Windows), but that certainly doesn't 
work everywhere. On the upside, all the client OpenVPN GUIs I've used 
(Windows, Tunnelblick for Mac, NetworkManager) handle encrypted keys 
quite nicely these days, prompting for the passphrase at connection 
time.

-- 
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux