I have a number of servers, including a few on the home office network, that accept SSH connections. Even though they are serving on different (non-standard) SSH ports, there are regular attempts made to break it via brute-force – I can see how some random IP addresses start trying to log in using different standard user names. It's therefore never too late to use additional software for protecting SSH service, something like fail2ban.[Read more…] about How To: Use fail2ban to Protect SSH
Traditionally I've been configuring OpenVPN in a scenario where each client would have a unique certificate. This requires a bit more time initially but is well worth it in terms of security.
Sometimes this is not needed though, so you can probably get away with multiple clients sharing the same certificate. This way you build a client key once and then propagate it across all the clients that you plan on connecting to your VPN server.
While setting this up just now, I noticed a curious thing: by default all clients with the same cert would end up having the same internal IP address. This behaviour is unlikely to be what you wanted though.
So in order to allow multiple OpenVPN clients share the same client certificate but enjoy a unique internal IP address (so that clients could connect to each other, for instance), add the following line to your OpenVPN server:
That's it! Restart your openvpn service and enjoy.