From e9576459f0374bdd8dd86b0d55d494d3c4923110 Mon Sep 17 00:00:00 2001 From: nicholasmanios Date: Wed, 18 Mar 2020 19:04:46 -0400 Subject: [PATCH] Created README.md --- aries/vpn/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 aries/vpn/README.md diff --git a/aries/vpn/README.md b/aries/vpn/README.md new file mode 100644 index 0000000..7aba2c0 --- /dev/null +++ b/aries/vpn/README.md @@ -0,0 +1,12 @@ +# VPN +For the longest time, I have configured an OpenVPN server so that I can connect to my network remotely (tunnel). However, I am currently replacing this deployment with Wireguard due to its speed, easy of use/deployment, and security. + +## OpenVPN +My OpenVPN deployment uses certificates issues from my internal certificate authority for authentication. In addition, each of my devices (laptop, phone, etc) is issued a different certificate so that I can lock the OpenVPN to allow only 1 connection per certificate. As long as OpenVPN is prompted with a user certificate signed from my CA, it lets the connection through. + +You'll note that the firewall needs to route traffic from the VPN network (10.8.0.0/16) to the local network (192.168.0.0./24). + +## Wireguard +Wireguard is quite slim so a lot of the functionality I am expecting (certificate authentication, DHCP, key exchange) is available (this is part of what makes it secure). Instead, I will have to create my own method of distributing and keeping track of keys generated by Wireguard. + +Wireguard appears to handle making the routes itself, so I should be able to remove my OpenVPN route rules from my firewall no problem. \ No newline at end of file