[colug-432] OpenVPN Security Help

[Rick Troth]

On 06/23/2016 08:00 PM, Alon Ganon wrote:
> So I have been teaching myself quite a lot with VPS and such, and I have
> built my own OpenVPN for me to securely connect while on possibly
> insecure wifi. What are some additional steps I should take to increase
> security. I built my current one on Digital Ocean using this guide,
> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
> . I have added Fail2Ban with a filter just for OpenVPN as well as
> changed encryption to AES. I am only planning on my laptop, cell phone
> to be used, but am planning to have it work for at least 5-10 devices
> max including the girlfriends devices. Thank you in advance for any help

The tutorial looks good.
I would certainly recommend the IP forwarding enablement. The rest of it
may be more tedious than required.

I finally got OpenVPN flying with a lot of help from Jim Wildman and
others. I even have an IPv6 variant (but primary server doles out only
IPv4 addrs for an older LAN space). This coincided with me learning more
about "how to run your own CA".

The CA work is probably the most time consuming.
OpenVPN itself is built from source. (Except for the Windows and Android
clients.) Compiling the package took less time and effort than
establishing the private CA. But the CA work is scripted, so it has
become point-and-shoot now.

If you're running OpenVPN in PKI mode, you'll need a certificate for the
server and a certificate for each client. Kinda cool to watch the log
file as a client connects.

-- R; <><