DigitalOcean

Report this

What is the reason for this report?
Question

Securing private cluster communication: which VPN?

Posted on August 26, 2015
VPN
Networking
Chris Russell

By Chris Russell

I have a small collection of CentOS 7 droplets configured with one droplet exposed on the public Internet and the remaining three accessible only via their private IPv4 addresses.

I plan to lock down all four private interfaces using iptables but first would like to better understand best practices for encrypting the intra-cluster traffic on the DO data center private network.

I found this article on BestVPN to be a fantastic survey of options: https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/

Based on this article it seems the reasonable choices are L2TP/IPsec or OpenVPN with the trade-off being ease of configuration vs. Snowden reputation if I’m understanding correctly.

What do you DevOps pros recommend?

Thanks, Chris



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
JamesMC
JamesMCDigitalOcean Employee badge
June 29, 2016

Hello,

I personally prefer to just use OpenVPN. It is rather easy to setup and something I’m just used to using. You can find a nice guide on doing something akin to what you sound like you want here

It allows you to create a private network across your droplets.

0
ginadajani
ginadajani
August 11, 2016

As James have explained, in my opinion, and as far as my experience goes, OpenVPN is the best VPN protocol I have used up till now. You can use IKEV2 if you are using mobile, or PPTP if you are doing streaming. L2TP/IPSec is kind of a neutral protocol as I would call it. So, OpenVPN all the way, but you can also use SSTP if you are a Windows user.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.