4. OpenVPN road warrior

OpenVPN road warrior

  • J

    Hi,

    I have implemented a road warrior config against my pfSense installation succesfully. I am nor a security expert but if someone is able to copy the config folder of my openVPN client, this person will be able to have access to my LAN. Am I wrong or there is some way to avoid it?

    Regards,

    0
  • H

    didn't you have a password setup with the certificate ?

    0
  • N

    There are three possibilities for an OpenVPN client to connect to your OpenVPN server:

    • Just an username and password combination (User Auth)

    • Just a OpenVPN client certificate

    • A combination of client certificate and username/password

    So if you just have a client certificate and someone else got this certificate he is able to connect to your VPN. If you know that someone lost his certificate or someone has stolen a certificate you can put this certificate on a so called "Certificate Revocation List" which means that connections with this cert will be blocked.

    So best thing would be that you think about a username/password and certificate combination.

    A more secure possibility would be a certificate + username and one-time-password combination. This can be done in less steps with the freeradius2 package in combination with your OpenVPN Server.
    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Enable_Mobile-One-Time-Password_.28OTP.29_support

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy