Re: [Hampshire] OpenVPN + TrueCrypt

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMStephen Nelson-Smith at <-
.M 

Reply to this message
Author: Adrian Bridgett
Date:  
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] OpenVPN + TrueCrypt
On Fri, Aug 14, 2009 at 07:42:07 +0100 (+0100), Stephen Nelson-Smith wrote:
> Morning,
>
> I've just deployed an OpenVPN solution for a client, and am
> considering enhancing the security by having the users keep their keys
> on an encrypted USB stick.

We use PAM authentication on top of openvpn which works well. What
doesn't work so well is that openvpn+LDAP+TLS+PAM auth (yes, you need
all four) leaks two file descriptors per connection which I never
managed to track down (on Debian Etch).

We also use the per client key/certs settings but as we can't control
passwords on those keys, we can at least control the PAM passwords :)

Adrian


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] apache redirection problemRe: [Hampshire] Is anybody here using puppet?->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)