On 03/08/2011 12:34 PM, erikmccaskey64 wrote: > ok, i putted an OpenVPN server on port 1194 on an OpenWrt 10.03 router. > https://pastebin.com/raw.php?i=xEZTvnhT > http://pastebin.mozilla.org/1138443 > > > Questions: what could i do to increase security regarding this OpenVPN > server? - i mean on server side! > > > 1 - i sed 's/1194/50000/' the port number to a higher one - it's against the > automated robots, ok! > 2 - iptables? i should only allow ip ranges [on the input chain] that i will > use in reality? - ok! > 3 - if i don't use my router - e.g.: when i'm sleeping i just turn it off. > 4 - ? what else?? Plese write down you're idea/solution!!! > > > OpenWrt isn't OpenBSD, so from the "ps" command i can see that the OpenVPN is > runned by root. it's not so secure. How can i make it more secure? >
Google OpenVPN+chroot, and run it as another user as well. This isn't related to OpenBSD in any way; OpenWRT is based on linux, OpenVPN is someone else's product. -- Hugo Osvaldo Barrera
