openVPN on Azure openVPN on Azure
Posts 1 to 5 of 5
  1. #1

    More fingers than teeth


    Join Date
    Apr 2008
    Posts
    17,245

    Default openVPN on Azure

    I'm looking to get some kind of VPN going to link up a router at a site, a few PCs and my ubuntu VMs on azure. The azure gateway is a bit pricey and I've built an openVPN server before so it's in my capability.

    My main concern is is really if I set one up, openVPN clients on VMs, leave the openVPN server ports open to the world, is that security madness? Should I be restricting the IPs to my locations?

    Is an openVPN server something that gets attacked? Are they known to get compromised? Am I going to go into my VMs and find 10 Chinese in there?

  2. #2

    More time posting than coding

    darrylmg's Avatar
    Join Date
    Sep 2012
    Location
    UK - South West
    Posts
    283

    Default

    Quote Originally Posted by minestrone View Post
    I'm looking to get some kind of VPN going to link up a router at a site, a few PCs and my ubuntu VMs on azure. The azure gateway is a bit pricey and I've built an openVPN server before so it's in my capability.

    My main concern is is really if I set one up, openVPN clients on VMs, leave the openVPN server ports open to the world, is that security madness? Should I be restricting the IPs to my locations?

    Is an openVPN server something that gets attacked? Are they known to get compromised? Am I going to go into my VMs and find 10 Chinese in there?
    It will be fine providing you lock it down good at the OS level and NSG it.
    You still have data egress costs.

    How are you getting on the Ubuntu VMs right now?!
    Don't believe it, until you see it!

  3. #3

    More fingers than teeth


    Join Date
    Apr 2008
    Posts
    17,245

    Default

    i've got my own IPs on the VM NSGs for SSH but they change frequently so see the VPN as fixing that.

    The other public ports come through cloudflare with china and the rest of the hacking nations black listed. So moderately concerned about just opening up a port to the world.

  4. #4

    My post count is Majestic

    NickFitz's Avatar
    Join Date
    Jun 2007
    Location
    Your local branch
    Posts
    50,590

    Default

    Have a look at GitHub - trailofbits/algo: Set up a personal VPN in the cloud - I've used it to set up a VPN before. Although it handles the various cloud providers, you can also use it on your own Ubuntu server if you prefer.

    All clients specified at setup get their own newly-generated keypair to connect with, and you can optionally configure it to allow you to generate keypairs for new clients later (default is to not allow any new clients after initial setup). Should keep (most of) the Chinese out.

  5. #5

    Fingers like lightning


    Join Date
    Jun 2007
    Posts
    707

    Default

    I'm running an OpenVPN server in Azure - having previously tried out the VPN Gateway option (too expensive!).

    It running fine on Ubuntu 18.04, I used the Digital Ocean setup guide.

    I do restrict access to the VPN port 1194 using a Network security group inbound rule as I've got a static IP.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •