[asterisk-users] OpenVPN + SIP configuration?
Hans Witvliet
hwit at a-domani.nl
Wed Jan 12 16:54:58 CST 2011
On Wed, 2011-01-12 at 14:18 -0500, Mark Deneen wrote:
> Static Key disadvantages
>
> * Limited scalability -- one client, one server
> * Lack of perfect forward secrecy -- key compromise results in total
> disclosure of previous sessions
> * Secret key must exist in plaintext form on each VPN peer
> * Secret key must be exchanged using a pre-existing secure channel
>
Yeah, that's all true.
people claim that Openvpn is easier to configurate than ipsec,
but the hardest part is: authentication/authorisation and routing.
(which accidentally is with strongswan as easy/difficult as with
openvpn ;-)
When using self-signed certificates (both for the server and client)
life isn't that hard: you can use step-by-step the info from the
openvpn-web-site.
Additional static key can be used to filter among valid certificate
holders. Handy if you accept certificates from a (trusted) third party,
but not all of them. (No, not Orwellians intended)
hw
More information about the asterisk-users
mailing list