Thinking about this article here where there is a an recommendation by Norway to replace all SSL VPNs if possible
Although OpenVPN has been touted as a secure SSL VPNs, when deploying a pfSense especially, is it better to run IPsec or OVPN? They seem to have the same feature set and integration with Active Directory.
As a best practice should we be avoiding SSL vpns?
As it reads to me it brought up fortigate (no surprise there) and a few other instances of not complete configurations and gamin authentication access. OpenVPN has multiple layers of authentication with TLS key, user certificates and username and password. I would say this has better security than most. Unless I am missing something?
OpenVPN in pfsnese uses certificates by default to establish the secure connection, the SSL VPN setups they are probably referring to are using public web interfaces that ask for user / pass which means that is all you need to get connected. But for example having my user/pass for my OpenVPN get’s you no where without also having my certificate.