Re: VPN suggestions centos 6, 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 4 Apr 2016, david wrote:

I have seen discussions of OpenVPN, OpenSwan, LibreVPN, StrongSwan (and probably others I haven't noted). I'd be interested in hearing from anyone who wishes to comment about which to use, with the following requirements:

1)  As noted, it should be secure (anti NSA?)
2)  Works on Centos 6 and Centos 7 and Windows 7 (and for the
    future, Windows 10)
3)  Can be set up on the server with command line interfaces
    only (no GUI)

OpenVPN can be all that. I say "can be" because you'll want to research how best to configure it. Done poorly, it won't be as secure as you want. Thankfully, there are a lot of blog posts and list threads to consult; it won't take more than a couple hours of reading to work out the base configuration.

And, should not be a nightmare to set up.

This might be a problem. :-)

OpenVPN is designed to scale pretty well, but scaling it requires a decent knowledge of SSL infrastructure: creating, distributing, and revoking certificates. The Easy-RSA utility can ease the process, but using it securely takes time and reading.

A very small OpenVPN setup can be done with shared static key, but that approach has its own disadvantages (no PFS, all keys in plain text, no distribution mechanism).


In short, OpenVPN is an excellent toolset that can be made very secure -- and will manage much of the complexity for you -- but it requires a non-trivial amount of effort to configure correctly.

To paraphrase The Princess Bride: Security is pain. Anyone who says differently is selling something.

--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux