Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:23 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Sep 11, 2014 2:14 am 
Offline

Joined: Thu Aug 28, 2014 9:24 pm
Posts: 23
Location: California
Requirements: Ubuntu 14.04, yubikey-ksm, yubikey-val (recent versions), Yubikey token
Description: Pair of fully redundant OpenVPN servers with multifactor authentication, using Yubikey.

Basically, you need to create your VPN infrastructure, you want multifactor authentication, and you want redundancy. This document shows you how.

Note: This (v01) is a preliminary version. Feel free to review it and point out improvements, if needed. I will revise the document and update it if significant changes are needed. I'm especially interested in the interaction between the DB replication and yubikey-val (ykval-queue is disabled); I think it should work the way I did it, and my tests were successful, but comments and improvements are welcome.

What's in the document:

- Install two OpenVPN servers, fairly classic setup, fine-tuned for this scenario
- Create your own CA (certificate authority), generate certificates for servers and clients
- Configure OpenVPN for SSL certificate authentication
- Add Yubikey OTP authentication, either local (keys stored in DB), or via the Yubico public auth servers
- Add a PIN to the OTP (stored in a local DB)
- Perform master/master replication between DBs, securely
- Customize your Yubikey
- Network security - protect the VPN servers against network-based attacks

Log:
- uploaded v02, containing corrections, some parts of the text are made more clear, etc. Nothing of substance.


Attachments:
RedundantOpenVPNserverswithYubikeyOTPandPIN-v02.pdf [795.6 KiB]
Downloaded 442 times

_________________
Florin Andrei
http://florin.myip.org/


Last edited by FlorinAndrei on Sat Sep 13, 2014 2:01 am, edited 1 time in total.
Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Sep 11, 2014 8:05 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Thank you for this.

You have a PM.

_________________
-Tom


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group