Linux webserver with VPN



  • I want to setup a web server which will communicate with a windows 8 tablet to push some sensitive data from remote location. For the web server, I am thinking of configuring a centos 6 box with apache and mysql as backend. And for secure communication between the windows 8 tablet to this server, thinking about setting up an openvpn server. The communication must happen only between this server and the tablet.
    https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-6

    Do you guys suggest anything else or is it secure enough? And for the server security, thinking of installing configserverfirewall.

    Please share your thoughts



  • OpenVPN is a great solution but have you considered Pertino? They have a stable Linux client you can use.



  • I cannot use any third party service. Have to be something on the server.



  • OpenVPN will work fine. But why a VPN? Why not just use a secure (HTTPS) web page? OpenVPN and HTTPS are the same security. It's literally the same thing in this case. Just one is simple and one is complicated.



  • @scottalanmiller said:

    OpenVPN will work fine. But why a VPN? Why not just use a secure (HTTPS) web page? OpenVPN and HTTPS are the same security. It's literally the same thing in this case. Just one is simple and one is complicated.

    I think we need a little better explanation of his exact goals for the VPN.



  • I was also thinking about that, but due to the recent vulnerability on ssl I was requested to do a VPN instead. It's hard to convince for just https instead of VPN in this case!

    Ideally I would like to restrict access only to that tablet IP. Issue is that tablet will be roaming and so don't have a static ip. So VPN would be more useful as I can white list only that traffic.



  • @ambarishrh said:

    I was also thinking about that, but due to the recent vulnerability on ssl I was requested to do a VPN instead. It's hard to convince for just https instead of VPN in this case!

    Ideally I would like to restrict access only to that tablet IP. Issue is that tablet will be roaming and so don't have a static ip. So VPN would be more useful as I can white list only that traffic.

    Isn't OpenVPN an SSL VPN?



  • @ambarishrh said:

    I was also thinking about that, but due to the recent vulnerability on ssl I was requested to do a VPN instead. It's hard to convince for just https instead of VPN in this case!

    This makes zero sense. OpenVPN is an SSL VPN. It is literally the same thing as HTTPS except it is wide open instead of locked down to one page. So OpenVPN has every SSL vulnerability and less protection than HTTPS.



  • @ambarishrh said:

    So VPN would be more useful as I can white list only that traffic.

    No, HTTPS remains more flexible and more secure here too. Anything like that that you can do with a VPN you can do with HTTPS. HTTPS is a VPN built on the same technology as OpenVPN, it is just much more locked down rather than allowing all traffic. To HTTPS is always more secure than OpenVPN.



  • I am trying to convince the same thing! May be take some details on both and show them in detail.



  • @coliver said:

    Isn't OpenVPN an SSL VPN?

    Yes, OpenVPN and HTTPS both use the same SSL libraries to create their VPN tunnels. Both are SSL VPNs and are essentially identical except that HTTPS is locked to a web session and OpenVPN is open all the time and allows all traffic bidirectionally. So you can think of HTTPS as a highly secured OpenVPN session.



  • May be Scott's explanation would help me and even make this task easier to complete! Thank you 🙂



  • I am still waiting for the dev to give me more info on the type of request/data transfer happens between the tab and server. If it's just a Web service request then my life is easier, webserver with ssl and am done. Initial info is that it's a Web service.



  • If you were looking at an IPSec VPN, that would be different but so much more work. The real answer is... yes SSL had a bug, everything does. Reacting to a bug being found and patched should be a positive reaction. SSL did a great job of being patched. Every technology has vulnerabilities. SSL is one of the best for protecting you from those and telling you when they exist.

    If you avoid SSL because it did a good job, you are just making yourself insecure for no reason.



  • @ambarishrh said:

    I am still waiting for the dev to give me more info on the type of request/data transfer happens between the tab and server. If it's just a Web service request then my life is easier, webserver with ssl and am done. Initial info is that it's a Web service.

    Coming from Apache, I would assume so.


Log in to reply