Results 1 to 2 of 2

Thread: install a VPN server that only use username and password

  1. #1
    Join Date
    Aug 2005
    Location
    Sweden
    Beans
    374
    Distro
    Ubuntu

    install a VPN server that only use username and password

    Hi
    I was thinking about install a VPN server on ubuntu server 20.04.
    I have install one time before OpenVPN but that was a long time ago and it did work but was not so easy to use because I need to export and import cert on client I going to use.
    So after a time I did buy a hardware VPN that only use username and password.

    But now is time that I install VPN at a friend and I wonder does OpenVPN or Wireguard support for only use username and password?
    Or maybe some else VPN server that have support for that?
    I know PPTP have it but is not so secure anymore what I know so I don't like to use it.
    Cazz

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: install a VPN server that only use username and password

    Quote Originally Posted by cazz View Post
    But now is time that I install VPN at a friend and I wonder does OpenVPN or Wireguard support for only use username and password?
    Nope. Passwords alone are considered a security failure. https://www.bcs.org/content-hub/pass...urity-failure/

    Commercial OpenVPN uses both keys AND userid/passwords. The paid version of OpenVPN will generate a QR-Code to help devices "import" the client key and settings. Also, 2FA is possible for greater security. The idea of less security sorta defeats the purpose for using a VPN.

    Wireguard will use QR-codes too: https://serversideup.net/generating-...e-deployments/ I've used this. It was very easy for Android devices. For real computers, I just used my password manager to transfer the client config file for each client. In my setup, each client has a different key, gets a different static IP on the VPN subnet and gets access to different LANs based on which client config is used. My android devices get to read-only media files and a few web servers like nextcloud, wallabag, calibre. My personal key for my laptop can get to any LAN in my home - servers, desktops, games and IoS LANs. https://github.com/angristan/wireguard-install is an example setup. I didn't use this.

    The really security-minded person would go with an IPSec VPN. These are a hassle. I've never run one on Linux, but was part of a team that deployed one into an enterprise for 25K employees long ago using 2FA. Honestly, it was mostly a hardware-based solution integrated and validated by a huge telecom equipment vendor. I think FreeSWAN or LibreSWAN or StrongSWAN are the Linux IPSec implementations. iOS has an IPSec implementation compatible with these built-into the OS. https://github.com/hwdsl2/setup-ipsec-vpn is an example setup. I didn't use this. There are both PSK, userids and passwords.

    There are lots of scripted VPN setup guides on github.

    If you want easy and don't care about security, look for a proxy server, not a VPN. These days, ms-pptp is effectively a proxy server with zero security. The protocol was cracked in 2005 and hasn't been recommended for use since then.
    Last edited by TheFu; July 22nd, 2021 at 05:34 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •