Securing private cluster communication: which VPN?

August 26, 2015 3.7k views
Networking VPN
AlpineLakes
By:
AlpineLakes

I have a small collection of CentOS 7 droplets configured with one droplet exposed on the public Internet and the remaining three accessible only via their private IPv4 addresses.

I plan to lock down all four private interfaces using iptables but first would like to better understand best practices for encrypting the intra-cluster traffic on the DO data center private network.

I found this article on BestVPN to be a fantastic survey of options: https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/

Based on this article it seems the reasonable choices are L2TP/IPsec or OpenVPN with the trade-off being ease of configuration vs. Snowden reputation if I'm understanding correctly.

What do you DevOps pros recommend?

Thanks, Chris

Log In to Comment
3 Answers
JamesMC June 29, 2016

Hello,

I personally prefer to just use OpenVPN. It is rather easy to setup and something I'm just used to using. You can find a nice guide on doing something akin to what you sound like you want here

It allows you to create a private network across your droplets.

How To Secure Traffic Between VPS Using OpenVPN
by Mason Gravitt
OpenVPN is a great tool to ensure traffic is not eavesdropped. You can use this to ensure a secure connection from your laptop to your DigitalOcean VPS (droplet) as well as between cloud servers. This article is to help get you started on your way to setting up a Virtual Private Network.
Reply
ginadajani August 11, 2016

As James have explained, in my opinion, and as far as my experience goes, OpenVPN is the best VPN protocol I have used up till now. You can use IKEV2 if you are using mobile, or PPTP if you are doing streaming. L2TP/IPSec is kind of a neutral protocol as I would call it. So, OpenVPN all the way, but you can also use SSTP if you are a Windows user.

Reply
ashtonkai November 22, 2017

I have been using IKEv2 VPN Protocol on my Mac OS which is quite working fast.

Reply
Have another answer? Share your knowledge.

Related Questions