Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm a little unclear on what you are trying to do. Could you elaborate? What exactly do you mean by "browsing internet securely"?
While using a VPN for browsing the internet can solve some problems (like preventing someone on the coffee shop wifi network from spying on you, and hiding your location), it doesn't necessarily "secure" your browsing completely, as the traffic has to leave the VPN at some point to reach the web server (i.e. the connection from the VPN server to the web server).
Assuming this is your network, you control the router, and trust other users on the LAN, there is probably no real benefit in a VPN between the client and the router. You can probably just create a VPN connection from the router to some external VPN server.
If you want to encrypt the LAN traffic too, you can either create two separate VPN connections as you suggested (from client to router, and from router to external VPN server), or just create an end to end VPN connection directly from the client to the VPN server (assuming the firewall rules on the router are set up to allow this).
The essential purpose of VPN is to create a tunnel which encompasses a range of IP-addresses and ports. All information passes securely through this tunnel, and the presence of the encryption is concealed from the users thereof. I think it's a good strategy to do this, when possible, at the router level.
If this is done, the router can usually act as a "trusted insider," in that you don't need to further secure the inside connections made to it. The router communicates securely with its counterparts to create, as the name implies, a "virtual private network."
In all cases, digital certificates, not "PSKs == passwords," should be used to secure the connection, and to uniquely identify every participating device. Every party knows that it is communicating with a bearer of a certificate that it has been told to recognize, and every one of these certificates is one-of-a-kind, issued by a trusted authority (you).
Last edited by sundialsvcs; 09-16-2015 at 07:45 AM.
I don't want to secure the LAN connection at all.
From usual case, OpenVPN client connects to remote OpenVPN server but this setup is very slow. I cann't even browse google search with 2MBps connection.
Therefore, I'm plan to roll out OpenVPN Server on my own OpenBSD router and LAN clients connect to it and tunnel out the connection.
I wonder is this setup possbiel?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
OpenVPN Network Topology Design
