Solved

Hardening the openvpn security

Posted on 2009-03-30
1
525 Views
Last Modified: 2013-12-16
I have configured my openvpn with the following security as mention below. I am using my openvp as routed vpn. Is there any other option to increase my oprnvpn security?

chroot
user nobody
group nobody
tls-auth ta.key 0
tls-auth ta.key 1
cipher AES-256-CBC
ns-cert-type server
0
Comment
Question by:rajasekarramasamy
1 Comment
 
LVL 43

Accepted Solution

by:
ravenpl earned 50 total points
ID: 24026313
That's pretty secure, but
- add crl, so You can revoke client's cert ant any time
- You can add additional user/pass authentication and require to match cert's cname and username (if available); don't cache them at the client's side
- run the server on non-standard and privileged port (<1024)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AWS- KeepAlived notify script not working 23 81
ISP Change 14 50
Internet Service Provider 3 49
linux 13 49
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question