View Source

All of Denbigh's web applications, including Parent Portal and Online Enrolment Enquiries, will require an OpenVPN connection to the Denbigh Filemaker Server so that they can access the Filemaker REST API. Although there are a number of different VPN protocols available, we at Denbigh have determined that OpenVPN is the most ideal solution going forward in terms of security and ease of setup. OpenVPN is an open-source and cross-platform VPN protocol which requires the client to have an installed certificate in order to access the network. It uses open-source technologies such as OpenSSL and SSL/TLS to achieve security, meaning it uses the same modern, standard technology currently being used to secure the Internet.

In comparison, L2TP/IPsec is not as efficient, since it needs to convert traffic into L2TP form first. It is also not as trustworthy as OpenVPN since it is not open-source, and is difficult to set up on web servers. The Secure Socket Tunneling Protocol (SSTP) is Windows only, and will hence not work on any Filemaker servers running on Macs or on our Linux-based web servers. PPTP is simply old and vulnerable. This leaves OpenVPN as our recommended solution, and is a prerequisite for adopting any of Denbigh's web applications. OpenVPN can be installed on both Windows and Mac servers/clients, and is often also a feature built into many routers.

The following code block is an example configuration file which would need to be supplied to Denbigh, and should be generated by the OpenVPN server or router. Some OpenVPN servers or routers may generate 2 seperate files. This is also fine, as long as all of the information exists. Please note that the configuration file generated by your OpenVPN server will probably no look exactly like this sample.

  client
  dev tun
  proto udp
  float
  nobind
  cipher AES-128-CBC
  comp-lzo adaptive
  resolv-retry infinite
  persist-key
  persist-tun
  verb 3
  remote <SERVER IP ADDRESS> <SERVER PORT>
  reneg-sec 3600
  <ca>
  -----BEGIN CERTIFICATE-----

  -----END CERTIFICATE-----
  </ca>
  <cert>
  -----BEGIN CERTIFICATE-----

  -----END CERTIFICATE-----
  </cert>
  <key>
  -----BEGIN RSA PRIVATE KEY-----

  -----END RSA PRIVATE KEY-----
  </key>

Please feel free to contact Denbigh if you have any enquiries regarding setting up OpenVPN.