[CentOS] Pptp vpn server
Les Mikesell
lesmikesell at gmail.com
Wed Nov 3 22:27:06 UTC 2010
On 11/3/2010 9:04 AM, Ross Walker wrote:
>
>>
>> Errr, what issues does openvpn have?
>
> I'm no fan of any type of VPN as I think it's a way of extending your trusted LAN to an untrusted endpoint compromising internal trust levels, but if you are going to implement a VPN the type is of very little consequence (account/password is more likely to be compromised then traffic intercepted and decrypted) then the authenticating domain is. As always it's better to use internally generated certificates that are password protected then either passwords or certificates alone. Having said that these password protected certificates are a PITA to distribute to users and to support remotely.
I've mostly used openvpn for nailed-up connections with shared secret
keys and separate processes per connection where the configs are trivial
to write.
> You could have the gateway server use a separate database of users and passwords for those users allowed remote access, they authenticate with the gateway, then their IP address is added to a table of authorized clients to connect to the terminal services. As long as the gateway does HTTP TCP keepalive the IP is kept in the table, when the connection is dropped the IP is removed.
If you are going to use a dedicated gateway you might look at clearOS
which, I think, handles both openvpn and pptp with web setup and its own
concept of user/certificate management out of the box.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list