Hi!
I currently have a Raspberry Pi on a Rasbian setup to be a VPN Gateway to a Network behind a Firewall. The Pi is acting as the Client, the Firewall is the OpenVPN Server.
I successfully created the tunnel and managed to setup the client. Its working just fine.
What bothers me is, that I store everything in textfiles.
I got a user.crt, a ca.crt, a private.key and also a login file.
So if anyone manages to get into my Pi, wouldn't he just be able to copy all the Certificates and the login?
I assume he would be able to access the VPN tunnel with that information.
Isn't there a possibility to "safely" store those files? To be honest, I have no experience in hashing passwords or similar measures.
Storing the username and password in a textfile?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Nov 21, 2018 9:33 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Storing the username and password in a textfile?
The only file which you must take responsibility for protecting is your ca.key
The recommended course of action is to keep that file safely in offline storage.
The recommended course of action is to keep that file safely in offline storage.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Nov 21, 2018 9:33 pm
Re: Storing the username and password in a textfile?
Could you explain what you are talking about?
Offline storage should be pretty obvious. But it is not at all. This could mean anything
Offline storage should be pretty obvious. But it is not at all. This could mean anything
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Storing the username and password in a textfile?
TinCanTech wrote: ↑Tue Apr 30, 2019 11:14 pmThe only file which you must take responsibility for protecting is your ca.key
It means Offline
If you want me to teach you how to secure your server then you are on the wrong Forum.