nicholas/showcase
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Created README.md

Browse Source
This commit is contained in:
nicholasmanios
2020-03-18 19:04:46 -04:00
parent 7d3b92daec
commit e9576459f0
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
aries/vpn/README.md Normal file
View File

@@ -0,0 +1,12 @@
# VPN
For the longest time, I have configured an OpenVPN server so that I can connect to my network remotely (tunnel). However, I am currently replacing this deployment with Wireguard due to its speed, easy of use/deployment, and security.
## OpenVPN
My OpenVPN deployment uses certificates issues from my internal certificate authority for authentication. In addition, each of my devices (laptop, phone, etc) is issued a different certificate so that I can lock the OpenVPN to allow only 1 connection per certificate. As long as OpenVPN is prompted with a user certificate signed from my CA, it lets the connection through.
You'll note that the firewall needs to route traffic from the VPN network (10.8.0.0/16) to the local network (192.168.0.0./24).
## Wireguard
Wireguard is quite slim so a lot of the functionality I am expecting (certificate authentication, DHCP, key exchange) is available (this is part of what makes it secure). Instead, I will have to create my own method of distributing and keeping track of keys generated by Wireguard.
Wireguard appears to handle making the routes itself, so I should be able to remove my OpenVPN route rules from my firewall no problem.