On Mon, Nov 16, 2020 at 03:50:21PM +0200, Andreas Gustafsson wrote:
Greg Troxel wrote:
> My suggestion is openvpn.
[...]
> You do need to set up certificates
Not if you use the static key encryption mode.
Whilst this is correct the OP did mention android which could mean a
mobile device
on the internet. In this case, certificate based identity is the
simplest and most
secure way of identifying the end points.
Years ago I used NetBSD to configure a vpn end point for a clint, I
used hybrid
xauth which was a combination of a certificate as well as
username/password that
allowed two classes of access to the network, one being restricted to
certain
services and another admin role that had broader access. The clients
were mostly
windows pcs.
Certainly, start with preshared keys to get the basic vpn config
working even if you
plan something more complex, debugging a psk setup is comparatively
easy. Once psk
is working switch the auth to what is desired to debug that.