Assuming an adversary has full access to intercept your network traffic, and
virtually limitless computing power, What would you do to make the best OpenVPN
setup? Performance taking a backseat to security here.
Here are a few ideas I’ve come across in my last day of seeking, and I would
really love feedback on any of these. I really want to know if there are other,
or better suggestions, and if any of these are misguided.
(Anyone googling who finds this, be warned, this is a provisional list of ideas
from an end user, NOT a guide for anything !)
1. Use easy-rsa3 or equivalent openssl commands to generate your
keys/certificates using elliptic curve (instead of RSA).
2. Use the new —tis-crypt feature rather than just —tis-auth (openvpn 2.4 )
3. Set tls-minimum to 1.2 on both client/server
4. Use a great tls-cipher that utilizes elliptic curve :
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ( ?? )
5. Use a great cipher for openvpn data channel: AES-256-GCM (openvpn 2.4) (
?? )
Feedback much appreciated.
Feed
-Kevin
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users