IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [openvpn]

An open source virtual private networking application written by James Yoan and published under the General Public License (GPL).

OpenVPN is an open source virtual private networking application written by James Yoan and published under the General Public License (GPL).

Related reading

234 questions
73
votes
2 answers

Diffie Hellman parameters still calculating after 24 hours

I have a fresh install of Arch Linux on a RaspberryPi model B. I'm setting up OpenVPN and using easy-rsa with OpenSSL 1.0.2d to generate initial keys and certificates. All went fine until I ran ./build-dh(script here). It was 24 hours later when I…
kgizdov
  • 853
  • 1
  • 7
  • 6
27
votes
3 answers

What are the advantages of paying for a VPN service as opposed to hosting your own?

For a person looking to use a VPN solution for personal use, what are the pros and cons of paying for a VPN service as opposed to just hosting a VPN on your own rented, in the cloud server, except for the obvious managed vs unmanaged argument?
devnull
  • 373
  • 3
  • 6
23
votes
2 answers

What's the use of challenge password in build-key-server and build-key from Easy-RSA?

All the OpenVPN/Easy-RSA tutorials that I've found, advise to setting an empty challenge password while building the key for the OpenVPN server. Anybody knows why? What's the intended use for the challenge password in Easy-RSA server's keys? And…
Giacomo Tesio
  • 371
  • 1
  • 2
  • 7
20
votes
2 answers

OpenVPN dhparam

One of the steps for setting up OpenVPN is running the command openssl dhparam -out dh1024.pem 1024. The man page tells me this 1024 value refers to the number of bits. Why is the value 1024 suggested by the examples? Should I use a larger value…
Zoredache
  • 633
  • 1
  • 6
  • 14
17
votes
3 answers

Is my phone carrier monitoring my traffic?

Today I started using a VPN on my phone (nexus 5), and after I switched on mobile data and turned off my WiFi, I received a text message from my carrier offering me roaming packages for Europe (which is where my VPN server is located). Now how would…
Tomer E.
  • 171
  • 1
  • 4
17
votes
3 answers

Does using a VPN protect against KRACK?

Does using a VPN protect against KRACK? How does this work? How can it be bypassed? I use a commercial VPN on my laptop and on Android. Is an OpenVPN connection to your home a good way to protect your devices?
SPRBRN
  • 7,379
  • 6
  • 33
  • 37
13
votes
1 answer

Using RSA-SHA as/instead HMAC in OpenVPN?

While reading the manual of OpenVPN 2.3, I came across the --auth alg option. The manual says: Authenticate packets with HMAC using message digest algorithm alg. (The default is SHA1 ). HMAC is a commonly used message authentication algorithm (MAC)…
NumberFour
  • 195
  • 1
  • 8
11
votes
6 answers

Difference between SSH Tunnel / Proxy and VPN in terms of security

What benefits does a VPN have over just using a regular SSH Tunnel? I'm considering setting up OpenVPN on a server, but was wondering what benefits that would have over just using that same server as an SSH Tunnel which is very easy to setup and…
Jan Vladimir Mostert
  • 261
  • 3
  • 10
10
votes
1 answer

OpenVPN kill switch on Linux

How to prevent IP leak on Linux when OpenVPN fails to connect to the server while I am surfing on the net? I read about kill switch, but after some internet searches I found out that is not implemented in OpenVPN.
g0rbe
  • 133
  • 1
  • 1
  • 8
10
votes
1 answer

How to generate a unique and uncopyable VPN certificate/key for a specific client hardware device?

The problem is : Nothing prevents the user to copy the certficate/key on a different hardware device and use it from a different hardware device... Is it possible to generate a really unique certificate taking hardware in consideration ?
Erwan
  • 203
  • 2
  • 5
10
votes
2 answers

Is there any way to prove that VPN doesn't collect data?

Assume scenario that I'm running a company where we offer VPN service, and people nowadays are rightly concerned if some particular VPN provider is trustworthy or in other words that their traffic is not collected, so I was thinking if there is a…
Mirsad
  • 10,005
  • 8
  • 33
  • 53
9
votes
2 answers

Why OpenVPN is using both certificates and DH?

I am reading about OPENVPN and I am a little bit confused. In the OPENVPN howto website, there is a step by step setup guide for generating certificates and diffie-hellman (DH) params. However, I cant see why the certificates are used in conjunction…
D_E_M
  • 93
  • 1
  • 1
  • 3
7
votes
1 answer

OpenVPN -cipher vs -tls-cipher?

I'm currently using the -tls-cipher command on server to only allow the cipher I want (TLS-DHE-RSA-WITH-AES-256-GCM-SHA384) but there is the command -cipher too, and OpenVPN's man page is not really clear with the differences between them. Googling…
Freedo
  • 2,253
  • 5
  • 18
  • 28
7
votes
3 answers

Pros/Cons to OpenVPN vs "VPN over OpenSSH"

What are the major differences between using OpenVPN and using VPN over OpenSSH? Does adding a virtual tunnel interface to a SSH connection offer the same benefits of OpenVPN? Can PuTTY be used on Windows to use the "layer-3 IP-in-SSH tunnelling"…
cptncrnch
  • 305
  • 3
  • 8
7
votes
2 answers

What are the risks of installing a CA on the same machine as OpenVPN server?

Digital Ocean states in one of it's tutorial about OpenVPN server : While it’s technically possible to use your OpenVPN server or your local machine as your CA, this is not recommended as it opens up your VPN to some security vulnerabilities.…
Arthur Attout
  • 205
  • 2
  • 5
1
2 3
15 16