What are the authentication options for OpenVPN?

What are OpenVPN configuration files?

- OpenVPN wiki

An OpenVPN configuration file is a text file with many configuration parameters set for a single instance of OpenVPN on a Linux system.

The configuration file consists of the OpenVPN specific configurations, such as where to save the logs and where to load certain plugins (eg a L2TP/IPSec plugin when using IPsec).

While OpenVPN uses many files, it does not use the .conf or .bak file formats. Instead, OpenVPN saves its configuration in a separate file in a directory called openvpn in the file system where that instance of OpenVPN is running. This method offers all the power and convenience of scripting along with the security of an encrypted tunnel.

Contents. This user-space approach prevents any security issues that can happen in applications that directly edit the file. OpenVPN automatically creates these files for you, although they must be manually configured. These files are used internally in OpenVPN. They can only be changed when running OpenVPN.

If you stop the service while edits have been made to one of the files, OpenVPN will still remember those changes and carry on regardless. If you stop the service, edit the files in the openvpn directory, then start OpenVPN the next time you log in, the changes will be loaded into your OpenVPN service. The .log files are created when this file type was first detected. The logs are placed in the openvpn directory, where the actual logfile is also written to.

When the logs are rotated they can be seen through the service's /var/log/daemon. This happens after the last log file has a count of n, where n is the number of log files in that directory. When a log file is rotated, the nth log in that directory becomes the current log.

It is important that one has access to the log file, and not to /var/log/messages (or possibly similar), because of all of the messages that one can possibly get from OpenVPN. For example, if one sets logging-level warning, then one would not want to receive the message from OpenVPN that says "WARNING - Peer . Has closed TCP connection to us."

If someone finds a flaw in the protocol, there will always be at least one OpenVPN server that contains that flaw.

What are the authentication options for OpenVPN?

I'm interested in securing my local network.

I have OpenVPN running on a Raspberry Pi and on my desktop Linux laptop. OpenVPN is a simple daemon that creates a secure tunnel. I'd like to extend this beyond the network. Since the servers at Amazon are free, what are the best options for authentication of the servers?

Amazon Web Services has free virtual private servers. OpenVPN is a open-source, lightweight VPN implementation for protecting or extending your existing network. All you need is a server or router that supports the OpenVPN protocol and a few other minor items to begin using OpenVPN. With your router running OpenVPN software, all computers (or devices) that connect to the internet via your network automatically get a secure connection through your protected network. (More.)

There is something to be said for simplicity, as long as you have what it takes to solve the problem you are facing. OpenVPN uses RSA authentication for the servers, but other forms of authentications are possible, such as SSL and SSH. The most common authentication type would be a password, but you can also use an SSH key-pair if you prefer.

You should choose your OpenVPN server based on what it provides and on how it looks. It's important for the server to provide a consistent set of features and ease of configuration. I'm happy to offer my thoughts on what would work for your particular situation, but there is no single best type of server, especially if you're planning to expand beyond Amazon or if you're concerned about your VPN being used on more than one device. What you choose comes down to more than just the features you need, but also the cost and level of technical expertise required to get it configured and running. As the saying goes, "there's no shortage of servers."

If your OpenVPN setup needs a little polish, that's fine. This article will walk you through the first steps toward getting your new VPN working. Keep in mind that this method does not add or remove any security from your system, so I'll defer any security discussion to a separate article.

Note: In this article, I'm assuming that your OpenVPN server already exists and has some level of functionality and that you're using a newer release of OpenVPN than OpenVPN 3.0.