From d9a7445b0e89979871f74a513ba00b74d149c1f1 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Wed, 12 May 2021 22:45:36 +0100 Subject: [PATCH] Make it more obvious that the issues aren't related to just OpenVPN --- content/posts/wireguard-haproxy-gateway.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/content/posts/wireguard-haproxy-gateway.md b/content/posts/wireguard-haproxy-gateway.md index 74d6756..2364bd8 100644 --- a/content/posts/wireguard-haproxy-gateway.md +++ b/content/posts/wireguard-haproxy-gateway.md @@ -5,17 +5,20 @@ date: 2020-03-21 tags: [self-hosting, security] --- -Last year, I wrote [a post]({{< relref "vpn-gateway" >}}) on setting up OpenVPN-AS as a gateway to a private network. I ran this network setup for quite a while with a lot of success, exposing services on my home network to the public internet, securely. +Last year, I wrote [a post]({{< relref "vpn-gateway" >}}) on setting up a gateway to a private network, powered by OpenVPN-AS. I ran this network setup for quite a while with a lot of success, exposing services on my home network to the public internet, securely. -Unfortunately, there were some issues: +Unfortunately, there were a couple issues with that setup: + +- IPTables is weird to configure +- TLS private keys are installed externally +- HTTP traffic is unencrypted over the VPN + +and I'm also not too happy with OpenVPN: - OpenVPN access server isn't open source - OpenVPN access server is configured through a web UI, which is another _minor_ attack vector - OpenVPN access server configuration is complex - OpenVPN is more resource intensive than necessary -- IPTables is weird to configure -- TLS private keys are installed externally -- HTTP traffic is unencrypted over the VPN - OpenVPN isn't great at repairing flakey connections Don't get me wrong, none of these issues are actually that bad - I'm just a perfectionist with time to kill! After doing some research, I found an alternative solution which solves all these issues, and is far simpler to set up. By simplifying the VPN setup, and moving the reverse proxy inside the private network, everything gets much nicer!