Tightly secured unix distr. needed for VPN

[Mouzer]

I'm currently using a VPN service but i'd like to setup my own VPN server.

What i'm looking for is a unix distr. that doesn't come with a lot of packages and is secure by itself. I don't want to have anything running on the unix server except SSH, OpenVPN and a good firewall/iptables.

My knowledge about Unix is very little but i really want to do this myself.

Hope to hear some recommendations.

Thank you.

[mirimir]

You might consider pfSense. That's FreeBSD + OpenVPN and a few other packages.

[mack_guy911]

http://www.wilderssecurity.com/showthread.php?t=324873

[Ranget]

what about LPS ? it has vpn function and it's supposed to be secure

Nothing is going to be secure out of the box. You'll have to do some configuring no matter what. But take a look at this:

http://engardelinux.org/modules/index/index.cgi

Which has a lot of built-in features to increase security.

Edit: Whoops- I failed to notice the "VPN" part of your post. I don't know if this would work as a VPN.

[mack_guy911]

out of box are

untangle

astaro security gateway (which i feel best)

clearOS ( base of centos server/gateway)

zentyal ........ etc many more )

[Mouzer]

Quote:

Originally Posted by mirimir

You might consider pfSense. That's FreeBSD + OpenVPN and a few other packages.

How hard is it to start using that distro without any experience with FreeBSD?

[Mouzer]

Quote:

Originally Posted by Ranget

what about LPS ? it has vpn function and it's supposed to be secure

I will look into it, thank you.

[Mouzer]

Quote:

Originally Posted by BrandiCandi

Nothing is going to be secure out of the box. You'll have to do some configuring no matter what. But take a look at this:

http://engardelinux.org/modules/index/index.cgi

Which has a lot of built-in features to increase security.

Edit: Whoops- I failed to notice the "VPN" part of your post. I don't know if this would work as a VPN.

Thanks, but i have read somewhere engarde hasn't been updated since 2008.

[Mouzer]

Quote:

Originally Posted by mack_guy911

out of box are

untangle

astaro security gateway (which i feel best)

clearOS ( base of centos server/gateway)

zentyal ........ etc many more )

Thanks.

Isn't untangle just a firewall package? And it's GUI no console, right?

I will look into the others. ClearOS might be interesting, i do have a bit of experience with CentOS.

[Mouzer]

So once i have chosen a distribution, what should i do?

- Configure IPtables (any good script around to block EVERYTHING except SSH and OpenVPN?)
- Intrusion detection?
- File modification detection?
- Should i enable SELinux (if available?)
- Any other security recommendations?

The server will only run SSH+openvpn.

[mack_guy911]

i never used VPN so didnt say much but yes untange you can configure as VPN server so with astaro please check forums they support open VPN

and clearOS and zentyal are very much server base also you can see PFsense (base of BSD) it also support VPN service and right and secure distro

they are more them just router they support many things

http://forums.untangle.com/openvpn/1...l-openvpn.html

http://wiki.untangle.com/index.php/OpenVPN

guess it help

Quote:

Originally Posted by Mouzer

The server will only run SSH+openvpn.

If that's all you're running on it, why don't you just install those on a desktop? Why have an entire server running for just those two services?

As for configuring them, most distros have wikis or how-tos which will give you details on how best to configure each service.

[Fox Mulder]

I might be a little late to the party, but I use Debian for all my server needs. It's light, secure, and you can always find documentation for whatever you want to do. It's all-around a very good OS.

It comes with few features pre-installed if you want to do a bare bones install, which is good as it reduces the attack surface of your server.