OpenVPN

OpenVPN is the VPN solution of choice used by OSE.

Hardening

The server (and client) configs for OpenVPN should be hardened for security. For example, the admin should investigate the time-appropriate choices the following factors:

1. server & client RSA key sizes
2. DH params key size
3. cipher (for data channel)
4. tls-cipher (for control channel)
5. tls-version-min

• For notes on how OpenVPN was hardened for the OSE Development Server in 2019, see Maltfield_Log/2019_Q3#Mon_Sep_09.2C_2019 and Maltfield_Log/2019_Q4#Mon_Dec_02.2C_2019 for adding 2FA support

Important Files & Directories

For more information about our openvpn configuration, please see the following files & directories on the server:

/etc/openvpn/
/usr/share/easy-rsa/3/pki/

See Also

• Web server configuration
• Wordpress
• Vanilla Forums
• Mediawiki
• Munin
• Awstats
• Ossec
• VPN