Tightly secured unix distr. needed for VPN

Discussion in 'all things UNIX' started by Mouzer, May 27, 2012.

Thread Status:
Not open for further replies.
  1. Mouzer

    Mouzer Registered Member

    Joined:
    May 27, 2012
    Posts:
    6
    I'm currently using a VPN service but i'd like to setup my own VPN server.

    What i'm looking for is a unix distr. that doesn't come with a lot of packages and is secure by itself. I don't want to have anything running on the unix server except SSH, OpenVPN and a good firewall/iptables.

    My knowledge about Unix is very little but i really want to do this myself.

    Hope to hear some recommendations.

    Thank you.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    You might consider pfSense. That's FreeBSD + OpenVPN and a few other packages.
     
  3. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
  4. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    what about LPS ? it has vpn function and it's supposed to be secure
     
  5. BrandiCandi

    BrandiCandi Guest

    Nothing is going to be secure out of the box. You'll have to do some configuring no matter what. But take a look at this:

    http://engardelinux.org/modules/index/index.cgi

    Which has a lot of built-in features to increase security.

    Edit: Whoops- I failed to notice the "VPN" part of your post. I don't know if this would work as a VPN.
     
    Last edited by a moderator: May 27, 2012
  6. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    out of box are

    untangle

    astaro security gateway (which i feel best)

    clearOS ( base of centos server/gateway)

    zentyal ........ etc many more :))
     
  7. Mouzer

    Mouzer Registered Member

    Joined:
    May 27, 2012
    Posts:
    6
    How hard is it to start using that distro without any experience with FreeBSD?
     
  8. Mouzer

    Mouzer Registered Member

    Joined:
    May 27, 2012
    Posts:
    6
    I will look into it, thank you.
     
  9. Mouzer

    Mouzer Registered Member

    Joined:
    May 27, 2012
    Posts:
    6
    Thanks, but i have read somewhere engarde hasn't been updated since 2008.
     
  10. Mouzer

    Mouzer Registered Member

    Joined:
    May 27, 2012
    Posts:
    6
    Thanks.

    Isn't untangle just a firewall package? And it's GUI no console, right?

    I will look into the others. ClearOS might be interesting, i do have a bit of experience with CentOS.
     
  11. Mouzer

    Mouzer Registered Member

    Joined:
    May 27, 2012
    Posts:
    6
    So once i have chosen a distribution, what should i do?

    - Configure IPtables (any good script around to block EVERYTHING except SSH and OpenVPN?)
    - Intrusion detection?
    - File modification detection?
    - Should i enable SELinux (if available?)
    - Any other security recommendations?

    The server will only run SSH+openvpn.
     
  12. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
  13. BrandiCandi

    BrandiCandi Guest

    If that's all you're running on it, why don't you just install those on a desktop? Why have an entire server running for just those two services?

    As for configuring them, most distros have wikis or how-tos which will give you details on how best to configure each service.
     
  14. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    204
    I might be a little late to the party, but I use Debian for all my server needs. It's light, secure, and you can always find documentation for whatever you want to do. It's all-around a very good OS.

    It comes with few features pre-installed if you want to do a bare bones install, which is good as it reduces the attack surface of your server.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.