VPN Setup Advice for ODK Aggregate

chukolson · July 9, 2019, 5:18pm

Hello everybody!

Very new here, and have been using ODK Collect and Aggregate for a project for the last 8 months or so.

I have been using ODKCollect with teams in various countries, but the teams were having a hard time using encrypted forms through Briefcase. They found the steps too cumbersome, and I'm having a rough time supporting them remotely.

Does anybody have any advice for setting up a VPN which I could just put the ODK Aggregate server inside? Is this the best way to go about tackling this problem? My thought was that if we just get a VPN, I can put the ODK Aggregate server in that network, and that way, nobody can access the data without the appropriate login credentials.

Any help is much much much appreciated!

Best,
Chuck Olson

List item

yanokwa · July 18, 2019, 6:30pm

@chukolson Encrypted forms secures finalized forms on the device, in transmit, and at rest of the server. The data is only at risk when the form is incomplete in Collect or when you enter the key into Briefcase and export the data.

In most data collection scenarios, a VPN only secures the connection between the device and the server. It's functionally equivalent to enabling HTTPS. It's only useful to preventing an attacker from looking at the data in transit.

See https://docs.opendatakit.org/security-privacy/#odk-aggregate for more.