Thank you, this is helpful.
-----Original Message----- From: Jan Just Keijser [mailto:janj...@nikhef.nl] Sent: Wednesday, October 16, 2013 7:42 AM To: Sumit Dahiya Cc: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] OpenVPN Security Hi, Sumit Dahiya wrote: > > Hi All, > > Can you please help with following questions: - > > 1. We have successfully configured an OpenVPN server and have created > cert/key pairs for a handful of clients using OpenSSL. Now, we'd like > to establish secure and encrypted connection between OpenVPN clients > and the server. The question is - will OpenSSL cert/key pairs > guarantee a secure, encrypted connection? Do I need to be aware of > additional server.config parameters that will encrypt the data > transfer between server and clients? > an openssl cert/key pair , combined with the default openvpn settings, should give you pretty good security > > 2. My understanding is if we do NOT use the push "redirect-gateway > def1 bypass-dhcp" directive in our server.config file then clients' > *general* browsing data will not pass through OpenVPN server. Also, if > I connect to our OpenVPN server over non-secure public wifi, my > transactions with computers behind our OpenVPN server will be > encrypted. How about my general internet browsing - will that be > encrypted as well? Is it then safe to perform sensitive tasks like > banking transactions over public wifi? > if you do not redirect all traffic then banking transactions are NOT secure > > 3. What happens if we DO use the push "redirect-gateway def1 > bypass-dhcp"? Is it then safer to perform banking transactions over > public wifi vs. not using that directive? > yes HTH, JJK ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
