-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d500477
commit 5760b2e
Showing
1 changed file
with
16 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# TLS | ||
|
||
## Configuration | ||
|
||
You can enable TLS (https) in the VPN Settings. TLS only works if you have a hostname configured as the "VPN Server Hostname". Make sure you have created a DNS record like vpn.yourcompany.com to the IP address of the VM instance. Once you enable the TLS setting, let's encrypt will be activated. An API call will be made to [letsencrypt.com](https://letsencrypt.org/), which will then make an HTTP call on your hostname to verify ownership. Only when this call succeeds, the TLS certificate will be issued, and the VPN Server will be accessible over https. | ||
|
||
## http to https forward | ||
Make sure to only enable the http to https forwarding when https is fully working. If you enabled the http to https forwarding, but can't access the VPN Server over https, you can still disable the forwarding manually. | ||
|
||
Log in using SSH to the VPN Server and cd into the /vpn/config directory. The config.json file contains an attribute `redirectToHttps` that will be set to `true`. You can either remove the attribute and value or set the value to false. Also make sure that the attribute `protocol` is set back to `http` instead of `https`. Restart the VPN server using `systemctl restart vpn-rest-server`. | ||
|
||
## Alternatives | ||
On Cloud providers like AWS a Load Balancer can be created to ensure access between the client and the AWS Load Balancer is using TLS. | ||
|
||
## VPN Traffic | ||
VPN Traffic between client and VPN Server using WireGuard® is always encrypted. The TLS solution using Let's Encrypt is only to encrypt web traffic between the client (the browser) and the VPN Server Admin Web Interface. |