Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PSK vs PKI on OpenVPN

    OpenVPN
    2
    6
    6288
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      broncoBrad last edited by

      I followed the tutorial posted here http://forum.pfsense.org/index.php/topic,34714.0.html by razzor, but I had a question:

      I've been reading about pre-shared key authentication versus X.509 PKI authentication as seen in this article http://www.iceflatline.com/2010/10/secure-remote-access-to-your-home-network-using-pfsense-and-openvpn/, so my question is… which one does this set up.

      There appears to be a 2048-bit OpenVPN static key in the server setup, which I assume is the shared key which leads me to believe this is pre-shared key authentication. Am I correct? If so, what would I need to do to turn it into X.509?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke last edited by

        On OpenVPN Server there is the possibility to chose:

        Shared Key
        SSL/TLS (thats certificate)
        ssl/tls + User Auth (certificate + username and password)

        1 Reply Last reply Reply Quote 0
        • B
          broncoBrad last edited by

          So the fact that I'm running the SSL/TLS + User Auth means that I'm essentially running PKI??

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke last edited by

            Yes.

            1 Reply Last reply Reply Quote 0
            • B
              broncoBrad last edited by

              There appears to be a 2048-bit OpenVPN static key in the server setup, which I assume is the shared key which leads me to believe this is pre-shared key authentication.

              So why is this static key here if this is PKI?

              Currently I create users for the VPN through the user manager. How is this different than using RADIUS? Which is more secure?

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke last edited by

                @broncoBrad:

                There appears to be a 2048-bit OpenVPN static key in the server setup, which I assume is the shared key which leads me to believe this is pre-shared key authentication.

                So why is this static key here if this is PKI?

                Currently I create users for the VPN through the user manager. How is this different than using RADIUS? Which is more secure?

                http://openvpn.net/index.php/open-source/documentation/howto.html#security

                1 Reply Last reply Reply Quote 0

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2020 Rubicon Communications, LLC | Privacy Policy