Hello all
First sorry for my poor english
I just installed an OpenVPN server on a Debian Buster (server mode). Before opening OpenVPN and allowing the connection from the internet in warrior mode, I tried to be as secure as possible:
- Of course user need a certificate
- I also activated a module (plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/login) which forces users to enter a login / mdp
- Finally, the key is protected by a passphrase (each key has its own passphrase).
So to connect a user must enter his login / mdp and must then enter his passphrase for the key.
Is there something else to do, would I have missed something?
cordially
OpenVPN security
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN security
You can also add some custom TLS key verification steps:CorsicaBia wrote: ↑Mon Feb 22, 2021 4:21 pmIs there something else to do, would I have missed something?
https://github.com/TinCanTech/easy-tls
-
CorsicaBia
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Feb 22, 2021 4:13 pm
Re: OpenVPN security
Thank you, i am going to look.