We need to decide what VPN system we'll use for administrative access. I don't want anything requiring a physical device on site and don't see any benefit from commercial solutions.
We probably want to have something that can be run over TCP for getting through obsessive firewalls. OpenVPN supports that natively. For wireguard, one can use e.g. tcptunnel to provide use of a TCP connection.
For IPsec based VPNs, there is RFC 9329 to support encapsulation over TCP. Failing that, tcptunnel can also possibly be used. RFC 9329 seems not to be available everywhere yet, but is supported by libreswan it seems.
We need to decide what VPN system we'll use for administrative access. I don't want anything requiring a physical device on site and don't see any benefit from commercial solutions.
Main contestants would be:
There's been a general push for IKEv2 `based VPNs (e.g. https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-ncsc/ncsc-anbefaler-a-erstatte-sslvpn-webvpn-med-sikrere-alternativer) but I haven't seen any Swedish recommendations, might be worth following anyway.
We probably want to have something that can be run over TCP for getting through obsessive firewalls. OpenVPN supports that natively. For wireguard, one can use e.g.
tcptunnelto provide use of a TCP connection.For IPsec based VPNs, there is RFC 9329 to support encapsulation over TCP. Failing that,
tcptunnelcan also possibly be used. RFC 9329 seems not to be available everywhere yet, but is supported by libreswan it seems.