Book Image

OpenVPN 2 Cookbook

Book Image

OpenVPN 2 Cookbook

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
OpenVPN 2 Cookbook
Feb, 2011 | 356 pages
No titles found
Table of Contents (19 chapters)
OpenVPN 2 Cookbook
OpenVPN 2 Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Point-to-Point Networks
Point-to-Point Networks
Introduction
Shortest setup possible
OpenVPN secret keys
Multiple secret keys
Plaintext tunnel
Routing
Configuration files versus the command-line
Complete site-to-site setup
3-way routing
2
Client-server IP-only Networks
Client-server IP-only Networks
Introduction
Setting up the public and private keys
Simple configuration
Server-side routing
Using 'client-config-dir' files
Routing: subnets on both sides
Redirecting the default gateway
Using an 'ifconfig-pool' block
Using the status file
Management interface
Proxy-arp
3
Client-server Ethernet-style Networks
Client-server Ethernet-style Networks
Introduction
Simple configuration—non-bridged
Enabling client-to-client traffic
Bridging—Linux
Bridging—Windows
Checking broadcast and non-IP traffic
External DHCP server
Using the status file
Management interface
4
PKI, Certificates, and OpenSSL
PKI, Certificates, and OpenSSL
Introduction
Certificate generation
xCA: a GUI for managing a PKI (Part 1)
xCA : a GUI for managing a PKI (Part 2)
OpenSSL tricks: x509, pkcs12, verify output
Revoking certificates
The use of CRLs
Checking expired/revoked certificates
Intermediary CAs
Multiple CAs: stacking, using --capath
5
Two-factor Authentication with PKCS#11
Two-factor Authentication with PKCS#11
Introduction
Initializing a hardware token
Getting a hardware token ID
Using a hardware token
Using the management interface to list PKCS#11 certificates
Selecting a PKCS#11 certificate using the management interface
Generating a key on the hardware token
Private method for getting a PKCS#11 certificate
Pin caching example
6
Scripting and Plugins
Scripting and Plugins
Introduction
Using a client-side up/down script
Windows login greeter
Using client-connect/client-disconnect scripts
Using a 'learn-address' script
Using a 'tls-verify' script
Using an 'auth-user-pass-verify' script
Script order
Script security and logging
Using the 'down-root' plugin
Using the PAM authentication plugin
7
Troubleshooting OpenVPN: Configurations
Troubleshooting OpenVPN: Configurations
Introduction
Cipher mismatches
TUN versus TAP mismatches
Compression mismatches
Key mismatches
Troubleshooting MTU and tun-mtu issues
Troubleshooting network connectivity
Troubleshooting 'client-config-dir' issues
How to read the OpenVPN log files
8
Troubleshooting OpenVPN: Routing
Troubleshooting OpenVPN: Routing
Introduction
The missing return route
Missing return routes when 'iroute' is used
All clients function except the OpenVPN endpoints
Source routing
Routing and permissions on Windows
Troubleshooting client-to-client traffic routing
Understanding the 'MULTI: bad source' warnings
Failure when redirecting the default gateway
9
Performance Tuning
Performance Tuning
Introduction
Optimizing performance using 'ping'
Optimizing performance using 'iperf'
OpenSSL cipher speed
Compression tests
Traffic shaping
Tuning UDP-based connections
Tuning TCP-based connections
Analyzing performance using tcpdump
10
OS Integration
OS Integration
Introduction
Linux: using NetworkManager
Linux: using 'pull-resolv-conf'
MacOS: using Tunnelblick
Windows Vista/7: elevated privileges
Windows: using the CryptoAPI store
Windows: updating the DNS cache
Windows: running OpenVPN as a service
Windows: public versus private network adapters
Windows: routing methods
11
Advanced Configuration
Advanced Configuration
Introduction
Including configuration files in config files
Multiple remotes and remote-random
Details of ifconfig-pool-persist
Connecting using a SOCKS proxy
Connecting via an HTTP proxy
Connecting via an HTTP proxy with authentication
Using dyndns
IP-less setups (ifconfig-noexec)
12
New Features of OpenVPN 2.1 and 2.2
New Features of OpenVPN 2.1 and 2.2
Introduction
Inline certificates
Connection blocks
Port sharing with an HTTPS server
Routing features: redirect-private, allow-pull-fqdn
Handing out the public IPs
OCSP support
New for 2.2: the 'x509_user_name' parameter
Index
Index

Routing features: redirect-private, allow-pull-fqdn

In OpenVPN 2.1, some of the routing features are expanded. Most notably, there are new options for the directive redirect-gateway and several new routing directives are available:

  • redirect-private: This option behaves very similar to the redirect-gateway, especially when the new parameters are used, but it does NOT alter the default gateway.

  • allow-pull-fqdn: Allows the client to pull DNS names from the OpenVPN server. Previously, only IP addresses could be pushed or pulled. This option cannot be 'pushed' and needs to be added to the client configuration itself.

  • route-nopull: All the options are pulled by a client from the server, except for the routing options. This can be particularly handy when troubleshooting an OpenVPN setup.

  • max-routes n: Defines the maximum number of routes that may be defined or pulled from a remote server.

In this recipe, we will focus on the redirect-private directive and its parameters, as well as the allow-pull...

Previous Section
End of Section 6
Next Section