On Thu, Mar 20, 2014 at 05:38:18PM +0000, Neil Sedger wrote:
Opening/forwarding ports is risky as anyone can discover them and run exploits against whatever is listening. Someone really clever/determined could snoop on any unencrypted traffic you might send.
Yes, but I have a number of ports open anyway (HTTP, SMTP, SSH) so I need to manage security on these anyway. Using a VPN won't remove the need for the other open ports so no gain there really.
With OpenVPN you open only one port which allows in only encrypted connections from trusted machines. Those machines can then freely do anything as if they were on your local LAN, no need to open/forward any more ports.
No use if I want to connect from, say, someone else's machine, or from an Internet Café. If my home desktop *wasn't* a web server and an ssh server then the above might be of use but as it is I don't see a lot of point.
So it's a good idea. We have to very much trust OpenVPN to do its job properly but better to trust one app than several.
For extra security have OpenVPN listen on - or forward on the router from - a random port rather than the default. But I had to edit its user key file to do that :-S
You still haven't told me what I can actually *do* from a remote machine connected to my VPN server. Having access to my home machine as if it was on a LAN with the remote machine doesn't really strike me as particularly useful, it's not as if I have a typical business environment with everyone sharing files on a server or anything like that.