[Chugalug] VPN suggestions

Rod rod-lists at epbfi.com
Sat Sep 7 01:20:39 UTC 2013


What is the difference between a cert and a PSK?

On Fri, 06 Sep 2013 00:29:25 -0400, Mike Robinson  
<miker at sundialservices.com> wrote:

> "++" for OpenVPN (and TunnelBlick on a Mac).
>
> These packages work extremely well, and are very easy to set up ...  
> provided that you always keep firmly in mind the fact that VPN is  
> designed to tell "Eve" absolutely Nothing.  Until you get things set up  
> just-right, VPN by design will basically give you =no= clues as to  
> what's wrong.  Pay very, very close attention to details (as VPN itself  
> does).  For instance, one client had a devil of a time with a  
> certificate, until we noticed that the state-name was "VA" in one place,  
> and "Va" in another.  That was the difference that made all the  
> difference.  Heh.  And the message?  Something about "self-signed  
> certificate in chain."  Heh.  Welcome to the world of VPN error-messages.
>
> Be sure to secure the link with certificates, not passwords (a.k.a.  
> "pre-shared keys" or PSKs).
>
> VPN definitely trumps SSH in my opinion because "providing a secure  
> tunnel" is what VPN was foremost designed to do.  "It's just there, and  
> by-the-by it's secure."  The fact that it's supported by many  
> off-the-shelf routers is an added bonus.


-- 
Using Opera's mail client: http://www.opera.com/mail/


More information about the Chugalug mailing list