On 08/03/11 17:34, erikmccaskey64 wrote:
ok, i putted an OpenVPN server on port 1194 on an OpenWrt 10.03 router.
https://pastebin.com/raw.php?i=xEZTvnhT
http://pastebin.mozilla.org/1138443
Questions: what could i do to increase security regarding this OpenVPN server?
- i mean on server side!
1 - i sed 's/1194/50000/' the port number to a higher one - it's against the
automated robots, ok!
2 - iptables? i should only allow ip ranges [on the input chain] that i will
use in reality? - ok!
3 - if i don't use my router - e.g.: when i'm sleeping i just turn it off.
4 - ? what else?? Plese write down you're idea/solution!!!
OpenWrt isn't OpenBSD, so from the "ps" command i can see that the OpenVPN is
runned by root. it's not so secure. How can i make it more secure?
In addition to the above mentioned:
Use tls-auth
Use tls-remote
Use user/group
Use udp
Use certificates as well as username/password authentication.
Use mutual authentication (both client and server)
Use strong ciphers, encryption keys and dh parameters.
secure your server (host)
read the documentation
Giannis
