1
Fork 0

Make it more obvious that the issues aren't related to just OpenVPN

This commit is contained in:
Jake Howard 2021-05-12 22:45:36 +01:00
parent b907f943af
commit d9a7445b0e
Signed by: jake
GPG key ID: 57AFB45680EDD477

View file

@ -5,17 +5,20 @@ date: 2020-03-21
tags: [self-hosting, security]
---
Last year, I wrote [a post]({{< relref "vpn-gateway" >}}) on setting up OpenVPN-AS as a gateway to a private network. I ran this network setup for quite a while with a lot of success, exposing services on my home network to the public internet, securely.
Last year, I wrote [a post]({{< relref "vpn-gateway" >}}) on setting up a gateway to a private network, powered by OpenVPN-AS. I ran this network setup for quite a while with a lot of success, exposing services on my home network to the public internet, securely.
Unfortunately, there were some issues:
Unfortunately, there were a couple issues with that setup:
- IPTables is weird to configure
- TLS private keys are installed externally
- HTTP traffic is unencrypted over the VPN
and I'm also not too happy with OpenVPN:
- OpenVPN access server isn't open source
- OpenVPN access server is configured through a web UI, which is another _minor_ attack vector
- OpenVPN access server configuration is complex
- OpenVPN is more resource intensive than necessary
- IPTables is weird to configure
- TLS private keys are installed externally
- HTTP traffic is unencrypted over the VPN
- OpenVPN isn't great at repairing flakey connections
Don't get me wrong, none of these issues are actually that bad - I'm just a perfectionist with time to kill! After doing some research, I found an alternative solution which solves all these issues, and is far simpler to set up. By simplifying the VPN setup, and moving the reverse proxy inside the private network, everything gets much nicer!