Securing private cluster communication: which VPN?
I have a small collection of CentOS 7 droplets configured with one droplet exposed on the public Internet and the remaining three accessible only via their private IPv4 addresses.
I plan to lock down all four private interfaces using iptables but first would like to better understand best practices for encrypting the intra-cluster traffic on the DO data center private network.
I found this article on BestVPN to be a fantastic survey of options: https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/
Based on this article it seems the reasonable choices are L2TP/IPsec or OpenVPN with the trade-off being ease of configuration vs. Snowden reputation if I'm understanding correctly.
What do you DevOps pros recommend?