Page 1 of 1

OpenVPN security

Posted: Mon Feb 22, 2021 4:21 pm
by CorsicaBia
Hello all

First sorry for my poor english

I just installed an OpenVPN server on a Debian Buster (server mode). Before opening OpenVPN and allowing the connection from the internet in warrior mode, I tried to be as secure as possible:

- Of course user need a certificate
- I also activated a module (plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login) which forces users to enter a login / mdp
- Finally, the key is protected by a passphrase (each key has its own passphrase).

So to connect a user must enter his login / mdp and must then enter his passphrase for the key.

Is there something else to do, would I have missed something?

cordially

Re: OpenVPN security

Posted: Tue Feb 23, 2021 12:27 am
by TinCanTech
CorsicaBia wrote:
Mon Feb 22, 2021 4:21 pm
Is there something else to do, would I have missed something?
You can also add some custom TLS key verification steps:
https://github.com/TinCanTech/easy-tls

Re: OpenVPN security

Posted: Tue Feb 23, 2021 12:13 pm
by CorsicaBia
Thank you, i am going to look.