[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Setting up Log Server

  • Subject: [Openvpn-users] Setting up Log Server
  • From: Bradley Alexander <storm@xxxxxxx>
  • Date: Mon, 31 Jan 2005 14:20:33 -0500


I have a couple of questions. I am setting up a log server, and want to 
encrypt the log transmissions instead of simply sending logs cleartext across 
port 514/UDP. The references I have found all point to stunnel. As I recall, 
there were some major security issues with stunnel (these were far earlier 

Since I am already using OpenVPN, I was considering using it for tunnelling 
the logs from the servers on my network, but as I consider it, I'm thinking 
that it may be overkill for the need. Has anyone else set up something along 
these lines? If so, what app did you use for encrypting log traffic? Under 
consideration are the following:

OpenVPN - Looks like it is overkill for the need.
ssh - Issues with key management. I could use something like keyring, but 
           would still have to type in a passphrase each startup (which 
           shouldn't be that often)...
stunnel - Unknown security profile.

Another question. OpenVPN has been assigned an official port by IANA. Does 
OpenVPN manage connections and port assignments? What I mean by this is that 
many listening apps like ssh and telnet listen on a port. The application 
then manages connections on this port so that you can have multiple 
connections on the same port. Does OpenVPN manage its connections similarly? 
Let's say, using the log server as an example, I have 10 incoming 
connections, will OpenVPN manage it, or do I have to assign a separate port 
for each instance? Is there a way to combine the config files on the "server" 
side as well or are those separate?

Bradley M. Alexander                       |
IA Analyst, SysAdmin, Security Engineer    |   storm [at] tux.org
Debian/GNU Linux Developer                 |   storm [at] debian.org
Key fingerprints:
DSA 0x54434E65: 37F6 BCA6 621D 920C E02E  E3C8 73B2 C019 5443 4E65
RSA 0xC3BCBA91: 3F 0E 26 C1 90 14 AD 0A  C8 9C F0 93 75 A0 01 34
"...But a great looking ship, that. Looks like a fish, moves like a fish,
steers like a cow."
       --Ford Prefect

Openvpn-users mailing list