The easiest I’ve seen is pfSense (I think OpnSense is a clone). It gives you a nice webby to manage users, passwords, certificates, and you can use openvpn or ipsec. I’ve used it for a number of years to facilitate mobile connections to a home network and/or work network (laptops, phones, tablets).
I haven’t done anything with 2FA for it. per-device certificate was sufficient. > On Jul 3, 2018, at 10:43 PM, David Barr <[email protected]> wrote: > > Good Morning, > > If I were to build a VPN server for transient client connections, like mobile > devices or laptops, what would you recommend? > > - Bonus points for using certificates for the server ~and clients~, so > devices would have to be "registered" in advance. > - Bonus points for requiring 2FA on top of that, to reduce the risk of a > lost/stolen device. > > I haven't looked in a while, but I recall OpenVPN was really oriented towards > setting up permanent connections, and configuring for transient connections > was really convoluted. > > Thanks! > David > > -- > > David - Offbeat http://pgp.mit.edu/ > dafydd - Online 0xda3f18449337d6b5 > > ----5----1----5----2----5----3----5----4----5----5----5----6----5----7-- > > Rene Descartes walks into his neighborhood watering hole. The publican sees > him and asks, "Will you have your usual, sir?" > > Descartes ponders a moment and replies, "I think not." > > And promptly disappears... > > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug -- Louis Kowolowski [email protected] Cryptomonkeys: http://www.cryptomonkeys.com/ Making life more interesting for people since 1977
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
