All of Denbigh's web applications, including Parent Portal and Online Enrolment Enquiries, will require an OpenVPN connection to the Denbigh Filemaker Server so that they can access the Filemaker REST API. Although there are a number of different VPN protocols available, we at Denbigh have determined that OpenVPN is the most ideal solution going forward in terms of security and ease of setup. OpenVPN is an open-source and cross-platform VPN protocol which requires the client to have an installed certificate in order to access the network. It uses It uses open-source technologies such as OpenSSL and SSL/TLS to achieve security, meaning it uses the same modern, standard technology currently being used to secure the Internet.
In comparison, L2TP/IPsec is not as efficient, since it needs to convert to convert traffic into L2TP form first. It is also not as trustworthy as OpenVPN since it is not open-source, and is difficult to set up on web servers. The Secure The Secure Socket Tunneling Protocol (SSTP) is Windows only, and will hence not work on any Filemaker servers running on Macs or on our on our Linux-based web servers. PPTP PPTP is simply old and vulnerable. This leaves OpenVPN as our recommended solution, and is a prerequisite for adopting any of Denbigh's web applications. OpenVPN can be installed on both Windows and Mac servers/clients, and is often also a feature built into many routers.
The following code block is an example configuration file which would need to be supplied to Denbigh, and should be generated by the OpenVPN server or router. Some OpenVPN servers or routers may generate 2 seperate files. This is also fine, as long as all of the information exists. Please note that the configuration file generated by your OpenVPN server will probably no look exactly like this sample.
client dev tun proto udp float nobind cipher AES-128-CBC comp-lzo adaptive resolv-retry infinite persist-key persist-tun verb 3 remote <SERVER IP ADDRESS> <SERVER PORT> reneg-sec 3600 <ca> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- </key>
Please feel free to contact Denbigh if you have any enquiries regarding setting up OpenVPN.