Hello, Experienced linux sysadmin here, though rather novice with regard to openvpn, openssl, PKI, and encryption matters in general.
Context: I am currently in the middle of rebuilding the whole vpn infra of the company I work for, and feeling quite overwhelmed by the amount of critical-to-security choices I have to make that I don't understand (nor can expect to in the limited amount of time I have). I would rather someone more knowledgeable had either a) made those choices, or b) pointed at secure-enough defaults. The people at wireguard did just that, and that seems to be one of their strongest "selling points" (simplicity of setup of security part of things). Because of this, I have been thinking that mimicking their choices to the extent possible might be a good idea (if you think this is wrong, please tell me so, and explain why). I searched the openvpn-*@lists.sourceforge.net archives for wireguard, but couldn't find any mentions to a way to replicate wireguard's choices with regard to encryption in openvpn roadwarrior-type of setups. I don't expect to be able to completely replicate what is described in [1] (it would be nice, though), just the next best option. If you're about to suggest that I "just use wireguard, then!", please notice that I 1) can't (the pfsense machines I am running openvpn server on don't support it) and 2) don't want to. [1] https://www.wireguard.com/protocol/ Thank you in advance for your time and advice, Mário Barbosa _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
