Question

Securing private cluster communication: which VPN?

Posted August 26, 2015 5k views
Networking VPN

I have a small collection of CentOS 7 droplets configured with one droplet exposed on the public Internet and the remaining three accessible only via their private IPv4 addresses.

I plan to lock down all four private interfaces using iptables but first would like to better understand best practices for encrypting the intra-cluster traffic on the DO data center private network.

I found this article on BestVPN to be a fantastic survey of options: https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/

Based on this article it seems the reasonable choices are L2TP/IPsec or OpenVPN with the trade-off being ease of configuration vs. Snowden reputation if I’m understanding correctly.

What do you DevOps pros recommend?

Thanks, Chris

Add a comment
AlpineLakes
By:
AlpineLakes
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

3 answers
JamesMC June 29, 2016

Hello,

I personally prefer to just use OpenVPN. It is rather easy to setup and something I’m just used to using. You can find a nice guide on doing something akin to what you sound like you want here

It allows you to create a private network across your droplets.

How To Secure Traffic Between VPS Using OpenVPN
by Mason Gravitt
OpenVPN is a great tool to ensure traffic is not eavesdropped. You can use this to ensure a secure connection from your laptop to your DigitalOcean VPS (droplet) as well as between cloud servers. This article is to help get you started on your way to setting up a Virtual Private Network.
Reply Report
ginadajani August 11, 2016

As James have explained, in my opinion, and as far as my experience goes, OpenVPN is the best VPN protocol I have used up till now. You can use IKEV2 if you are using mobile, or PPTP if you are doing streaming. L2TP/IPSec is kind of a neutral protocol as I would call it. So, OpenVPN all the way, but you can also use SSTP if you are a Windows user.

Reply Report
ashtonkai November 22, 2017

I have been using IKEv2 VPN Protocol on my Mac OS which is quite working fast.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help