[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Exactly how secure is it??


  • Subject: [Openvpn-users] Exactly how secure is it??
  • From: Jeff Gross <jgross@xxxxxxxxxx>
  • Date: Wed, 29 Mar 2006 15:13:33 -0500 (EST)

OK, It's working, but I'm wondering how secure it is...

Here's what I got:

I created all of the certs outlined in the "how to"

CA, Server, Client and DH.

The server portion runs on our terminal services machine.
I configured the ovpn config file pretty much as defalt as possible.
It runs as a service all the time...

I created a rule in the firewall for UDP only, for port 1194, and from
outside nic to the IP address of the Terminal Services machine
(running server portion of OVPN)

The client computer was connected only by a dial-up connection.
The client machine is configured pretty close to default as well.

In order to connect to Terminal Services, user must connect to the
IP address on the TAP of the server, 10.8.0.1 using remote desktop tool
(that works great even over a crappy dial-up connection)

Using these default certs as outlined in How-to, How secure is this whole
thing?

(see configs below)

===<client.ovpn>=========================================================
client
dev tun
dev-node VPNtap
proto udp
remote ourserver.dynamicdns.com 1194 (it's resolving the IP from this)
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert clientET.crt
key clientET.key
comp-lzo
verb 3
========================================================================

===<server.ovpn>========================================================
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh C:\\OpenVPN\\easy-rsa\\keys\\dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist C:\\OpenVPN\\log\\ipp.txt
keepalive 10 120
comp-lzo
max-clients 5
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3
mute 20
===========================================================================

I am to assume that if the certs get deleted, or if someone runs
ovpn without our certs, there's no way in heck they can connect to me?


-=Jeff Gross=-
jgross@xxxxxxxxxx


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users