SSL VPN for accessing PHPBB on LAN - Advice on best opensource Solution

Posted on 2008-11-17
Medium Priority
Last Modified: 2012-05-05
I have Phpbb running on a server on a Lan.

I would like to be able to grant access to PHPBB but I do not want to make the forum accessible/visible in any way online.

I was wondering if installing openvpn in vmware would help me in acheiving an SSL VPN which would direct users to port 80 of the local ip address of the server which runs phpbb thru the ssl vpn tunnel. Any thoughts?

Are there any other solutions (opensource) which could help me acheive the above?

As to the SSL certificates, what certificate should be used in this scenario and where is it suggested to obtain the certificates from?

Thank you for your time.
Question by:Sleezed
1 Comment
LVL 31

Accepted Solution

Paranormastic earned 1500 total points
ID: 22988737
Um this sounds like overkill to me to do VPN, but as long as the traffic can hit that port it should work.  Why not just not route it to the internet...?  At most I would figure setting up a VLAN would be good enough for the networking aspect of things.

A standard server certificate should be fine for the SSL portion.  If you are going to have this on the LAN and especially if you are going to have it off the main network/not connecting to the web, then you would want to set up your own Certification Authority (CA) server to issue your own certs.  You would need to import the root CA cert into the cert store of the clients that connect to it to establish the trust base.  I would recommend this if you plan on using certs for more than just this one box (e.g. client authentication, as I will mention below).

Alternatively, you could use OpenSSL to generate a self-signed certificate.  Normally I advise against self-signed certs, but this would be a scenario where one would be appropriate.  That cert would need to be installed into the certificate store of whatever clients would need to trust it.  

You would want:
Key Usage:
Signature requirements:
Digital signature
Allow key exchange only with key encryption

Enhanced Key Usage:
Server Authentication

Another thought would be setting up client authentication - I'm not sure how to do that in your environment - RTM and see what's there, otherwise I can see what I can dig up.  Client authentication certs would have the following:
Key Usage:
Digital Signature

Enhanced Key Usage:
Client Authentication


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question