Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.
Table of Contents (17 chapters)
OpenVPN
Credits
About the Author
About the Reviewers
Preface
Index

Privacy—Encrypting the Traffic


Often passwords or encryption keys are used to encrypt data. If both sides use the same key to encrypt and decrypt data, this is called symmetric encryption. The encryption key has to be put on all machines that are supposed to take part in the VPN connection.

Symmetric Encryption and Pre-Shared Keys

Anybody who has this key can decrypt the traffic. If an attacker gets hold of this key, he or she can decrypt all traffic and compromise all systems taking part in the VPN, until all systems are supplied with another key. Furthermore, such a static, pre-shared key can be guessed, deciphered, or hacked by brute-force attacks. It is merely a matter of time for an attacker to find out the key and to read, or even worse, change the data.

Therefore, VPN software like IPsec changes keys in defined intervals. Every key is only valid for a certain period of time, called key lifetime. A good combination of key lifetime and key length ensures that an attacker cannot decrypt...