Which VPN to use to encrypt data between nodes?

M

mustd1e2019-07-26 20:55:09

VPN

mustd1e, 2019-07-26 20:55:09

There is a geographically distributed cluster consisting of N nodes running centos 7.
All nodes inside communicate using various protocols that do not have built-in data encryption mechanisms on board. I want to find a solution that will allow this data to be protected, one of the obvious ones seems to be building a distributed VPN between nodes. But I can't decide which VPN to use. It is necessary that the following requirements are met:
1. The ability to encapsulate data
2. Routing (peer-to-peer and multi-peer are suitable)
3. Authorization / authentication
4. Stable operation on Centos.
Please help me figure out if anyone has experience with this problem.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

R

res2001, 2019-07-26
@mustd1e

OpenVPN, IPSec, something else to choose from, there are enough paid options.
IPSec is part of the IP protocol stack and operates at the core level, and is likely to be faster than the competition. Is in any modern OS. Quite difficult to set up. Usually used in conjunction with something.
OpenVPN - works at the user level. Not difficult to set up, full of various manuals. It's better to use OpenVPN over UDP rather than TCP, although both options are supported.

D

Dmitry, 2019-07-26
@q2digger

wireguard. Works great on centos.

V

Vladimir Zhurkin, 2019-07-27
@icCE

@mustd1e
It all depends of course on the conditions that you need.
I would recommend looking towards
https://meshbird.com/
https://github.com/meshbird/meshbird
is quick and easy to set up.
you can also remember tinc vpn.
Everything else has already been given to you.

C

CityCat4, 2019-07-27
@CityCat4

You described the IPSec protocol stack :) Yes, it's not easy to set up :) But Strongswan on EL6 works for me without glitches (accordingly, I think it won't fail on EL7 either), and at least read the documentation on Schwan's website.