-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/09/14 17:04, Robin wrote: > 1. I am using Ubuntu 14.04 and have set up OpenVpn previously with > VPNbook and so know that at least 3 configuration certificates are > needed to run OpenVpn. Where do I find them to access the openvpn > server.
This question quite vague. The certificates is where you saved them when you configured your own CA. Ideally, your CA keys are saved on an offline media. Your server only needs the CA certificate, server key+cert and a dhparam file. The client only needs the CA certificate, client key+cert. The CA key should never ever reside on an OpenVPN server, as that can be used to sign new certificates and impose itself to be a trusted client. > 2. Although I managed to get it working, I stopped using VPNbook > because of rumours that it is a honeypot. OTH it would suit some > agencies to have that rumour spread. Does anyone here know the > truth? Oh where to start here. First of all, if you have setup and configured your own CA from the bottom of, all the recipes in the OpenVPN book is completely safe. If something is unsafe, it should be stated quite clearly in the book. Of course those who spread those rumours will most likely tell you not to trust me, as I did the technical review of this book. However, if you are able to believe me, OpenVPN is a safe product if it is configured correctly. Further, if you don't trust me, maybe you're able to trust the Dutch government? https://openvpn.fox-it.com/ All patches provided in OpenVPN-NL are available in our upstream OpenVPN. The only difference is that OpenVPN-NL have removed support for disabling encryption or using weak encryptions. But you can have the exact same security level in OpenVPN, if configured correctly. Regarding to the book, you can verify these configs by studying how Public Key Infrastructure works (aka: PKI) and all configuration options used in the examples in the book against the man page [1] of OpenVPN. From there it should be possible to get your own opinion about how safe these instructions are. [1] <https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage> The bottom line is: OpenVPN can be setup to do stupid stuff, maybe even appear as a honeypot. But it can also be set up very safe, even used by governments. As long as you configure your own server and clients, protect your keys, the physical access to your OpenVPN server, ensure the server is configured securely (proper access controll to files/account/programs), then you generally really don't have much to fear. But anything which transports data over the internet may be vulnerable at some point. Nothing on the Internet is safe forever. Encryption only promises privacy for a certain amount of time. How strong the encryption and setup is, depends on how long this time is. Weak encryption => shorter time, strong encryption => longer time. - -- kind regards, David Sommerseth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlQpTWwACgkQDC186MBRfrpofACgqZWCwacxL/EhBbg2k/ibIiQo Sr0AoIZydfJF3jmdCUTbS9TslO5sI+1P =tVES -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Slashdot TV. Videos for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
