• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

SSL VPN for accessing PHPBB on LAN - Advice on best opensource Solution

I have Phpbb running on a server on a Lan.

I would like to be able to grant access to PHPBB but I do not want to make the forum accessible/visible in any way online.

I was wondering if installing openvpn in vmware would help me in acheiving an SSL VPN which would direct users to port 80 of the local ip address of the server which runs phpbb thru the ssl vpn tunnel. Any thoughts?

Are there any other solutions (opensource) which could help me acheive the above?

As to the SSL certificates, what certificate should be used in this scenario and where is it suggested to obtain the certificates from?

Thank you for your time.
0
Sleezed
Asked:
Sleezed
1 Solution
 
ParanormasticCryptographic EngineerCommented:
Um this sounds like overkill to me to do VPN, but as long as the traffic can hit that port it should work.  Why not just not route it to the internet...?  At most I would figure setting up a VLAN would be good enough for the networking aspect of things.

A standard server certificate should be fine for the SSL portion.  If you are going to have this on the LAN and especially if you are going to have it off the main network/not connecting to the web, then you would want to set up your own Certification Authority (CA) server to issue your own certs.  You would need to import the root CA cert into the cert store of the clients that connect to it to establish the trust base.  I would recommend this if you plan on using certs for more than just this one box (e.g. client authentication, as I will mention below).

Alternatively, you could use OpenSSL to generate a self-signed certificate.  Normally I advise against self-signed certs, but this would be a scenario where one would be appropriate.  That cert would need to be installed into the certificate store of whatever clients would need to trust it.  

You would want:
Key Usage:
Signature requirements:
Digital signature
Allow key exchange only with key encryption

Enhanced Key Usage:
Server Authentication

Another thought would be setting up client authentication - I'm not sure how to do that in your environment - RTM and see what's there, otherwise I can see what I can dig up.  Client authentication certs would have the following:
Key Usage:
Digital Signature

Enhanced Key Usage:
Client Authentication

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now