[CentOS] Pptp vpn server

Wed Nov 3 22:27:06 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 11/3/2010 9:04 AM, Ross Walker wrote:
>
>>
>> Errr, what issues does openvpn have?
>
> I'm no fan of any type of VPN as I think it's a way of extending your trusted LAN to an untrusted endpoint compromising internal trust levels, but if you are going to implement a VPN the type is of very little consequence (account/password is more likely to be compromised then traffic intercepted and decrypted) then the authenticating domain is. As always it's better to use internally generated certificates that are password protected then either passwords or certificates alone. Having said that these password protected certificates are a PITA to distribute to users and to support remotely.

I've mostly used openvpn for nailed-up connections with shared secret 
keys and separate processes per connection where the configs are trivial 
to write.

> You could have the gateway server use a separate database of users and passwords for those users allowed remote access, they authenticate with the gateway, then their IP address is added to a table of authorized clients to connect to the terminal services. As long as the gateway does HTTP TCP keepalive the IP is kept in the table, when the connection is dropped the IP is removed.

If you are going to use a dedicated gateway you might look at clearOS 
which, I think, handles both openvpn and pptp with web setup and its own 
concept of user/certificate management out of the box.

-- 
   Les Mikesell
    lesmikesell at gmail.com