Securing and Stabilizing OpenVPN
Up to now, we have built several tunnels and all of them were built with simple mechanisms and focused on simplicity. In this chapter, we will set up an OpenVPN server and tunnels that can be used in a production environment. For this purpose we will use strong encryption layers, which OpenVPN offers, and set some parameters in our config file to make sure that OpenVPN keeps running. This will be our first task.
Here is a configuration file for our VPN server for enabling access only for one client. Perhaps it's a good idea that you have a look at the following options and parameters before you read on. This is far from perfect, especially because there is a constant development concerning security going on and hence I do not try to give an example with the highest possible security. Nevertheless, there are some features enabled in this configuration that have proven very helpful:
float dev tunVPN0 tun-mtu 1500 ifconfig 10.179.10.1 10.179.10.2 port 5000 route...
