[Chugalug] VPN suggestions

Mike Robinson miker at sundialservices.com
Fri Sep 6 04:29:25 UTC 2013


"++" for OpenVPN (and TunnelBlick on a Mac).

These packages work extremely well, and are very easy to set up ... provided that you always keep firmly in mind the fact that VPN is designed to tell "Eve" absolutely Nothing.  Until you get things set up just-right, VPN by design will basically give you =no= clues as to what's wrong.  Pay very, very close attention to details (as VPN itself does).  For instance, one client had a devil of a time with a certificate, until we noticed that the state-name was "VA" in one place, and "Va" in another.  That was the difference that made all the difference.  Heh.  And the message?  Something about "self-signed certificate in chain."  Heh.  Welcome to the world of VPN error-messages.

Be sure to secure the link with certificates, not passwords (a.k.a. "pre-shared keys" or PSKs).

VPN definitely trumps SSH in my opinion because "providing a secure tunnel" is what VPN was foremost designed to do.  "It's just there, and by-the-by it's secure."  The fact that it's supported by many off-the-shelf routers is an added bonus.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2116 bytes
Desc: not available
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130905/de3a83bd/attachment.bin>


More information about the Chugalug mailing list