IPSec (not L2TP/IPSec), strong authentication (not MD5), a short Security Association Life, AES encryption and, where possible, Perfect Forward Secrecy. I have a number of fixed site-to-site VPNs and remote mobile user VPNs.
I also use SSH for simpler remote access.
Sarah
--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat
OpenVPN appears to be the most secure but it is not directly supported on the Windows or Android devices that I have. I do have software that works.
Eh? OpenVPN is supported on Windows, Android, iOS etc using the native OpenVPN app as well as the VPN's suppliers app which in 99.9999% of cases will have an OpenVPN connection protocol.
For connecting to my server at home from anywhere nothing more interesting than SSH.
Diffie-Hellman key exchange, a reasonably strong cipher, just fine.
IPSEC in transport mode for my anywhere to home VPN. Nothing weaker than 1536 bit RSA for key exchange and 128 bit AES cipher on the list.
TLS 1.2 patched with latest and greatest for dialling out from home.
Beyond those I can't say I've obsessed that much over it. It's far more likely that someone who wants to read my traffic will pwn me with zero-day exploit malware than attempt to decrypt anything.
If you are worried about people attempting to decrypt your VPN traffic I have no idea what kind of enemies you have or what you feel you have to hide but am glad I don't share either your enemies or your need for such privacy.
OpenVPN appears to be the most secure but it is not directly supported on the Windows or Android devices that I have. I do have software that works.
Eh? OpenVPN is supported on Windows, Android, iOS etc using the native OpenVPN app as well as the VPN's suppliers app which in 99.9999% of cases will have an OpenVPN connection protocol.
For OpenVPN you have do use add ons for those OS. Both Windows and Android have support for a vaviety of other encryptions but not OpenVPV. So is it worth the extra effort of getting it to work?
OpenVPN appears to be the most secure but it is not directly supported on the Windows or Android devices that I have. I do have software that works.
Eh? OpenVPN is supported on Windows, Android, iOS etc using the native OpenVPN app as well as the VPN's suppliers app which in 99.9999% of cases will have an OpenVPN connection protocol.
For OpenVPN you have do use add ons for those OS. Both Windows and Android have support for a vaviety of other encryptions but not OpenVPV. So is it worth the extra effort of getting it to work?
Definitely! Some VPN companies (eg the highly rated airvpn.org) only allow their service to be used via the OpenVPN protocol as they consider other protocols to be less secure. Like i said earlier its better you use the VPN supplier's app in Windows as that will also support OpenVPN and far less config is required....its just a matter of downloading the app, entering your login credentials and hitting 'connect'. While OpenVPN isn't natively supported in iOS & Android, there is an OpenVPN app available, you need to search for 'OpenVPN Connect' in google play store or iOS app store.
I have my own VPN server on my NAS. Fortunately I did choose OpenVPN. It is a pity that it is not included as standard in Windows or Android but downloading the software is not that difficult. Getting it to work on Windows was more of a challenge. It works but there is something about the way it starts that I have not done properly.
Print Thread
Michael_Chare
