SSL VPN for accessing PHPBB on LAN - Advice on best opensource Solution

Posted on 2008-11-17
Last Modified: 2012-05-05
I have Phpbb running on a server on a Lan.

I would like to be able to grant access to PHPBB but I do not want to make the forum accessible/visible in any way online.

I was wondering if installing openvpn in vmware would help me in acheiving an SSL VPN which would direct users to port 80 of the local ip address of the server which runs phpbb thru the ssl vpn tunnel. Any thoughts?

Are there any other solutions (opensource) which could help me acheive the above?

As to the SSL certificates, what certificate should be used in this scenario and where is it suggested to obtain the certificates from?

Thank you for your time.
Question by:Sleezed
    1 Comment
    LVL 31

    Accepted Solution

    Um this sounds like overkill to me to do VPN, but as long as the traffic can hit that port it should work.  Why not just not route it to the internet...?  At most I would figure setting up a VLAN would be good enough for the networking aspect of things.

    A standard server certificate should be fine for the SSL portion.  If you are going to have this on the LAN and especially if you are going to have it off the main network/not connecting to the web, then you would want to set up your own Certification Authority (CA) server to issue your own certs.  You would need to import the root CA cert into the cert store of the clients that connect to it to establish the trust base.  I would recommend this if you plan on using certs for more than just this one box (e.g. client authentication, as I will mention below).

    Alternatively, you could use OpenSSL to generate a self-signed certificate.  Normally I advise against self-signed certs, but this would be a scenario where one would be appropriate.  That cert would need to be installed into the certificate store of whatever clients would need to trust it.  

    You would want:
    Key Usage:
    Signature requirements:
    Digital signature
    Allow key exchange only with key encryption

    Enhanced Key Usage:
    Server Authentication

    Another thought would be setting up client authentication - I'm not sure how to do that in your environment - RTM and see what's there, otherwise I can see what I can dig up.  Client authentication certs would have the following:
    Key Usage:
    Digital Signature

    Enhanced Key Usage:
    Client Authentication


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
    Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now