Why does using only UDP gives more security??
---- Be Tue, 08 Mar 2011 14:04:08 -0800 Kapetanakis Giannis <bil...@edu.physics.uoc.gr> C-rta ---- On 08/03/11 17:34, erikmccaskey64 wrote: > ok, i putted an OpenVPN server on port 1194 on an OpenWrt 10.03 router. > https://pastebin.com/raw.php?i=xEZTvnhT > http://pastebin.mozilla.org/1138443 > > > Questions: what could i do to increase security regarding this OpenVPN server? - i mean on server side! > > > 1 - i sed 's/1194/50000/' the port number to a higher one - it's against the automated robots, ok! > 2 - iptables? i should only allow ip ranges [on the input chain] that i will use in reality? - ok! > 3 - if i don't use my router - e.g.: when i'm sleeping i just turn it off. > 4 - ? what else?? Plese write down you're idea/solution!!! > > > OpenWrt isn't OpenBSD, so from the "ps" command i can see that the OpenVPN is runned by root. it's not so secure. How can i make it more secure? In addition to the above mentioned: Use tls-auth Use tls-remote Use user/group Use udp Use certificates as well as username/password authentication. Use mutual authentication (both client and server) Use strong ciphers, encryption keys and dh parameters. secure your server (host) read the documentation Giannis
