OpenVPN: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 10: | Line 10: | ||
# tls-version-min | # tls-version-min | ||
* For notes on how OpenVPN was hardened for the [[OSE Development Server]] in 2019, see [[Maltfield_Log/2019_Q3#Mon_Sep_09.2C_2019]] | * For notes on how OpenVPN was hardened for the [[OSE Development Server]] in 2019, see [[Maltfield_Log/2019_Q3#Mon_Sep_09.2C_2019]] and [[Maltfield_Log/2019_Q4#Mon_Dec_02.2C_2019]] for adding 2FA support | ||
==Important Files & Directories== | ==Important Files & Directories== | ||
Latest revision as of 16:38, 13 January 2021
OpenVPN is the VPN solution of choice used by OSE.
Hardening
The server (and client) configs for OpenVPN should be hardened for security. For example, the admin should investigate the time-appropriate choices the following factors:
- server & client RSA key sizes
- DH params key size
- cipher (for data channel)
- tls-cipher (for control channel)
- tls-version-min
- For notes on how OpenVPN was hardened for the OSE Development Server in 2019, see Maltfield_Log/2019_Q3#Mon_Sep_09.2C_2019 and Maltfield_Log/2019_Q4#Mon_Dec_02.2C_2019 for adding 2FA support
Important Files & Directories
For more information about our openvpn configuration, please see the following files & directories on the server:
/etc/openvpn/ /usr/share/easy-rsa/3/pki/