SSL VPN for accessing PHPBB on LAN - Advice on best opensource Solution

I have Phpbb running on a server on a Lan.

I would like to be able to grant access to PHPBB but I do not want to make the forum accessible/visible in any way online.

I was wondering if installing openvpn in vmware would help me in acheiving an SSL VPN which would direct users to port 80 of the local ip address of the server which runs phpbb thru the ssl vpn tunnel. Any thoughts?

Are there any other solutions (opensource) which could help me acheive the above?

As to the SSL certificates, what certificate should be used in this scenario and where is it suggested to obtain the certificates from?

Thank you for your time.
SleezedAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ParanormasticCryptographic EngineerCommented:
Um this sounds like overkill to me to do VPN, but as long as the traffic can hit that port it should work.  Why not just not route it to the internet...?  At most I would figure setting up a VLAN would be good enough for the networking aspect of things.

A standard server certificate should be fine for the SSL portion.  If you are going to have this on the LAN and especially if you are going to have it off the main network/not connecting to the web, then you would want to set up your own Certification Authority (CA) server to issue your own certs.  You would need to import the root CA cert into the cert store of the clients that connect to it to establish the trust base.  I would recommend this if you plan on using certs for more than just this one box (e.g. client authentication, as I will mention below).

Alternatively, you could use OpenSSL to generate a self-signed certificate.  Normally I advise against self-signed certs, but this would be a scenario where one would be appropriate.  That cert would need to be installed into the certificate store of whatever clients would need to trust it.  

You would want:
Key Usage:
Signature requirements:
Digital signature
Allow key exchange only with key encryption

Enhanced Key Usage:
Server Authentication

Another thought would be setting up client authentication - I'm not sure how to do that in your environment - RTM and see what's there, otherwise I can see what I can dig up.  Client authentication certs would have the following:
Key Usage:
Digital Signature

Enhanced Key Usage:
Client Authentication

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.