PSK vs PKI on OpenVPN
-
I followed the tutorial posted here http://forum.pfsense.org/index.php/topic,34714.0.html by razzor, but I had a question:
I've been reading about pre-shared key authentication versus X.509 PKI authentication as seen in this article http://www.iceflatline.com/2010/10/secure-remote-access-to-your-home-network-using-pfsense-and-openvpn/, so my question is… which one does this set up.
There appears to be a 2048-bit OpenVPN static key in the server setup, which I assume is the shared key which leads me to believe this is pre-shared key authentication. Am I correct? If so, what would I need to do to turn it into X.509?
Thanks!
-
On OpenVPN Server there is the possibility to chose:
Shared Key
SSL/TLS (thats certificate)
ssl/tls + User Auth (certificate + username and password)
-
So the fact that I'm running the SSL/TLS + User Auth means that I'm essentially running PKI??
-
Yes.
-
There appears to be a 2048-bit OpenVPN static key in the server setup, which I assume is the shared key which leads me to believe this is pre-shared key authentication.
So why is this static key here if this is PKI?
Currently I create users for the VPN through the user manager. How is this different than using RADIUS? Which is more secure?
-
There appears to be a 2048-bit OpenVPN static key in the server setup, which I assume is the shared key which leads me to believe this is pre-shared key authentication.
So why is this static key here if this is PKI?
Currently I create users for the VPN through the user manager. How is this different than using RADIUS? Which is more secure?
http://openvpn.net/index.php/open-source/documentation/howto.html#security