On OpenVPN:
- https://technofaq.org/posts/2017/08/a-to-z-of-a-secure-hardened-vanilla-openvpn-setup-for-debian-stretch-gnulinux/
- https://forums.freenas.org/index.php?threads/securing-openvpn.54258/
- http://blog.dornea.nu/2015/11/17/openvpn-for-paranoids/
- https://www.linode.com/docs/networking/vpn/set-up-a-hardened-openvpn-server/
- https://community.openvpn.net/openvpn/wiki/Hardening
- https://blog.g3rt.nl/openvpn-security-tips.html
- https://gist.github.com/pwnsdx/8fc14ee1e9f561a0a5b8
- kylemanna/docker-openvpn#276
- https://blog.cavebeat.org/2018/02/openvpn-server-hardening-openwrt-tun-device/
- https://forum.pfsense.org/index.php?topic=128030.0;all
- https://www.informaticar.net/how-to-setup-openvpn-on-pfsense/
On TLS (Transport Layer Security, many still name it SSL after the predecessor Secure Sockets Layer) which is used by OpenVPN:
On HSMs (Hardware Security Modules):
On RNGs (Random Number Generators):
- https://www.cryptopp.com/wiki/RDRAND_and_RDSEED
- https://en.wikipedia.org/wiki/RdRand
- kylemanna/docker-openvpn#276
Hardware sizing
- https://www.firewallhardware.it/en/firewall-hardware-sizing-guide/
- https://www.pfsense.org/products/#requirements
- https://www.freebsd.org/releases/11.1R/hardware.html
- https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi#Create_a_Disk
- https://www.reddit.com/r/homelab/comments/5zqpb3/pfsense_memorydisk_requirements/
On the CA: