Page 187 of 237
Version: 5.1.6 – June 4
th
, 2018
Authentication
OpenVPN offers three fundamentally different authentication methods.
None: no certificate or key is needed. Used primarily for testing the connection. The tunnel data is also NOT
encrypted.
Static key: a key as required by each peer is generated for the connection. Similar to the password.
Certificates, X.509: the following three certificate variants are distinguished:
o Each subscriber needs the same root CA and a personal certificate signed by the root CA.
o Like 1, but with additional username/password verification.
o Like 2, but without a personal certificate. In other words, subscribers only need a root CA and
username/password.
No authentication
This setting should primarily be used for test purposes. It provides a quick and easy way of testing the con-
nection with a peer (e.g. whether the correct ports are enabled). The data is sent UNENCRYPTED in this mode.
Authentication with static key
With symmetric encryption, authentication and encryption/decryption of the data is performed using one and
the same key (static key). The advantage of symmetric encryption is its speed: encryption and decryption take
much less time than with asymmetric encryption since the symmetric key is secure from a size of 90 bits.
The asymmetric key, on the other hand, must be at least 1024 bits. The disadvantage of symmetric encryp-
tion is that stations need to exchange keys. Each subscriber must obtain the key in a secure manner. A previ-
ously imported or generated key can be selected in the screen shown above.
To Next Page
Loading...
