Help with SSL VPN

[Swiso]

Hello,
I have a question regarding Setting up a SSL VPN Connection.

I just set up my Draytek Vigor 2860 as a SSL VPN Server following this guide : http://just.draytek.com/index.php?option=com_k2&view=item&id=2035&Itemid=293&lang=en
After that I set up the Clients following this guide :http://just.draytek.com/index.php?option=com_k2&view=item&id=5760&Itemid=293&lang=en

When I connected to my SSL VPN Server, I used only username and Password and it worked perfectly.

My doubt....for the authentication between server and clients, on the previous two guides, there is no mention of creating any kind of X509 certificates...

In the X509 part of the guides there are only two articles about using X509...and both are not SSL VPN related...(http://just.draytek.com/index.php?o...&task=category&id=130:x509&Itemid=293&lang=en)

I know for example that for OpenVPN Connections they are a MUST...even for IPSec...
Now looking at SSL VPN I dont have found any kind of information in this regard.
Security is the most important thing...should I implement the certificates ?..is that a MUST DO?...or are they an optional thing in SSL VPN ?
I am confused...
Thanks for the help.

 

[yorgi]

Hello,
I have a question regarding Setting up a SSL VPN Connection.

I just set up my Draytek Vigor 2860 as a SSL VPN Server following this guide : http://just.draytek.com/index.php?option=com_k2&view=item&id=2035&Itemid=293&lang=en
After that I set up the Clients following this guide :http://just.draytek.com/index.php?option=com_k2&view=item&id=5760&Itemid=293&lang=en

When I connected to my SSL VPN Server, I used only username and Password and it worked perfectly.

My doubt....for the authentication between server and clients, on the previous two guides, there is no mention of creating any kind of X509 certificates...

In the X509 part of the guides there are only two articles about using X509...and both are not SSL VPN related...(http://just.draytek.com/index.php?o...&task=category&id=130:x509&Itemid=293&lang=en)

I know for example that for OpenVPN Connections they are a MUST...even for IPSec...
Now looking at SSL VPN I dont have found any kind of information in this regard.
Security is the most important thing...should I implement the certificates ?..is that a MUST DO?...or are they an optional thing in SSL VPN ?
I am confused...
Thanks for the help.

if your VPN server requires certificates there is no way you can establish a proper connection without them.
So if you setup a Server it must have certificates that it generates. Even if you setup a VPN server for speed it still needs to use certificates in order to secure the connection.
Also as far as security is concerned with VPN's there are mixed reviews about that subject in the forum.
Most gurus will tell you that VPN security is crap.
I on the other hand believe that VPN is better then no VPN at all

 

[Swiso]

Hello yorgi, thanks for the Explanation.
Actually, my Vigor 2860 VPN Server has the ability to use certificates...check the Dashboard here : http://eu.draytek.com:12860 (you can interact with all the options of the Dashboard)
As I said, I was able to connect to my NAS from my mobile phone after establishing a SSL VPN Connection...all without using any kind of certificates....
Is that safe ? Or is safer to implement all the certificates ?

This is another information from Draytek regarding SSL VPN : http://www.draytek.co.uk/information/our-technology/sslvpn

EDIT : changed the link...this one should work and a new article about SSL VPN

 

[yorgi]

Hello yorgi, thanks for the Explanation.
Actually, my Vigor 2860 VPN Server has the ability to use certificates...check the Dashboard here : http://eu.draytek.com:12860 (you can interact with all the options of the Dashboard)
As I said, I was able to connect to my NAS from my mobile phone after establishing a SSL VPN Connection...all without using any kind of certificates....
Is that safe ? Or is safer to implement all the certificates ?

This is another information from Draytek regarding SSL VPN : http://www.draytek.co.uk/information/our-technology/sslvpn

EDIT : changed the link...this one should work and a new article about SSL VPN

Its safer with certificates. I never heard of a VPN that works without them.

 

[sfx2000]

Its safer with certificates. I never heard of a VPN that works without them.

certs/keys are optional, but recommended - there are VPN configurations out there that are still userid/pass (and hashed from there) that are secure...

OVPN does insist on some level of certs, unlike others.. and this isn't a bad thing, but self-signed certs can be a problem for some...

 

[Swiso]

Thanks.
Ill try to implement them and see if it work.

 

[micjustin33]

I have same issue and will try this way hope it will work...

 

[Swiso]

I have same issue and will try this way hope it will work...

Hello, check this link, a Draytek support guy explained what to do :
https://forums.whirlpool.net.au/forum-replies.cfm?t=2576464&#bottom

Hope it can be of help.