On Mon, Nov 16, 2020 at 03:50:21PM +0200, Andreas Gustafsson wrote: > Greg Troxel wrote: > > My suggestion is openvpn. > [...] > > You do need to set up certificates > > Not if you use the static key encryption mode.
Whilst this is correct the OP did mention android which could mean a mobile device on the internet. In this case, certificate based identity is the simplest and most secure way of identifying the end points. Years ago I used NetBSD to configure a vpn end point for a clint, I used hybrid xauth which was a combination of a certificate as well as username/password that allowed two classes of access to the network, one being restricted to certain services and another admin role that had broader access. The clients were mostly windows pcs. Certainly, start with preshared keys to get the basic vpn config working even if you plan something more complex, debugging a psk setup is comparatively easy. Once psk is working switch the auth to what is desired to debug that. -- Brett Lymn -- Sent from my NetBSD device. "We are were wolves", "You mean werewolves?", "No we were wolves, now we are something else entirely", "Oh"
