I’m using Untangle and a 2012 terminal server.
Rdp is being used, obviously.
Do you recommend OpenVPN or Wireguard?
My concern with wireguard is the lack of username/password authentication.
Is this a valid concern? Which would you choose?
Thank you!
It’s simple, if lack of user/pass is a problem then don’t use it. If you need the auth methods in OpenVPN, then use that instead.
I’m not sure if it’s a problem. That’s why I defer to you.
(I by no means pretend to have the knowledge that Tom does, however I’m happy to contribute my thoughts. Take it with a grain of salt, there could be something I am overlooking!)
I think for my use-case, I would be fine with wireguard’s lack of user/pass auth. I do not manage an organization of any type, I simply enjoy self-hosting services for my own use. I am the only user so I would not be bothered by the lack of user/pass auth.
If I were not the only user within my “organization,” I would probably stick with OpenVPN. I’ve had an OpenVPN server at my home for years and it’s worked very well for all my needs (remote access to webUI services, SMB shares, RDP/VNC VMs, etc.)
The exception to this is if I had a second home- I would probably create a site-to-site VPN and would consider wireguard for this. This VPN would not be accessible from guest Wi-Fi. Therefore since I trust every device on my trusted/secure WiFi at the second home- I also trust those devices to access site-to-site to my primary home.
Thank you Charles.
Perhaps I should go with OpenVPN since multiple users log into the Terminal Server.
I’d go for OpenVPN, it’s another layer of security on your network, so it comes down to how much you value your own network. Within OpenVPN there are several layers of security on user authentication, encryption, 2FA etc. Plus it’s easy to setup the certificate revocation list for when devices get lost. Though I admit I’ll take a look at wireguard when it’s in pfsense as a backup option, I don’t have any issues with speed so not in a great rush to switch.
I use a site to site openVPN and RDP works very well between home and work. I have not looked into Wireguard yet and probably won’t until it makes it into pfsense. It’s supposed to be faster, but I’m not seeing any issues with oVPN even if I’m editing video on the remote end. I only have a 70/5mbps connection at home to give some sort of scale, work is gig/gig or maybe more now.