Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

Related Content you might be interested in

Current Title:

Small book image
OpenVPN: Building and Integrating Virtual Private Networks
May, 2006 | 270 pages
No titles found
Table of Contents (17 chapters)
OpenVPN
OpenVPN
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
VPN—Virtual Private Network
VPN—Virtual Private Network
Branches Connected by Dedicated Lines
How Does a VPN Work?
VPN Concepts—Overview
Summary
2
VPN Security
VPN Security
VPN Security
Privacy—Encrypting the Traffic
SSL/TLS Security
Summary
3
OpenVPN
OpenVPN
Advantages of OpenVPN
History of OpenVPN
Networking with OpenVPN
OpenVPN Compared to IPsec VPN
Sources for Help and Documentation
The Project Community
Summary
4
Installing OpenVPN
Installing OpenVPN
Prerequisites
Obtaining the Software
Installing OpenVPN on Windows
Installing OpenVPN on Mac OS X (Tunnelblick)
Installing OpenVPN on SuSE Linux
Installing OpenVPN on Redhat Fedora Using yum
Installing OpenVPN on RPM-Based Systems
Installing OpenVPN on Debian
Installing OpenVPN on FreeBSD
Troubleshooting—Advanced Installation Methods
Internet Links, Installation Guidelines, and Help
Summary
5
Configuring an OpenVPN Server—The First Tunnel
Configuring an OpenVPN Server—The First Tunnel
OpenVPN on Microsoft Windows
Connecting Windows and Linux
Troubleshooting Firewall Issues
Summary
6
Setting Up OpenVPN with X509 Certificates
Setting Up OpenVPN with X509 Certificates
Creating Certificates
Certificate Generation on Windows XP with easy-rsa
Distributing the Files to the VPN Partners
Configuring OpenVPN to Use Certificates
Using easy-rsa on Linux
Troubleshooting
Summary
7
The Command openvpn and its Configuration File
The Command openvpn and its Configuration File
Syntax of openvpn
Using OpenVPN at the Command Line
Configuring OpenVPN with Certificates—Simple TLS Mode
Overview of OpenVPN Parameters
Important Windows-Specific Options
Summary
8
Securing OpenVPN Tunnels and Servers
Securing OpenVPN Tunnels and Servers
Securing and Stabilizing OpenVPN
Linux and Firewalls
Configuring the Windows Firewall for OpenVPN
Summary
9
Advanced Certificate Management
Advanced Certificate Management
Certificate Management and Security
Installing xca
Using xca
Using TinyCA2 to Manage Certificates
Summary
10
Advanced OpenVPN Configuration
Advanced OpenVPN Configuration
Tunneling a Proxy Server and Protecting the Proxy
Scripting OpenVPN—An Overview
Using Authentication Methods
Using a Client Configuration Directory with Per-Client Configurations
Individual Firewall Rules for Connecting Clients
Distributed Compilation through VPN Tunnels with distcc
Ethernet Bridging with OpenVPN
Automatic Installation for Windows Clients
Summary
11
Troubleshooting and Monitoring
Troubleshooting and Monitoring
Testing the Network Connectivity
Checking Interfaces, Routing, and Connectivity on the VPN Servers
Debugging with tcpdump and IPTraf
Using OpenVPN Protocol and Status Files for Debugging
Scanning Servers with Nmap
Monitoring Tools
Hints to Other Tools
Summary
Index
Index

Troubleshooting

If you run into problems, check the following:

  • Ensure basic network connectivity between the two systems. Can they ping each other without problems? Are there firewalls involved between them?

  • Disable all firewalls on both systems during testing the tunnels. We will later set them up properly. Remember that both Windows XP and SuSE activate their firewall solutions by default.

  • OpenVPN and X509 certificates need synchronized time on both systems. For testing purposes you can set the time by hand. On Linux, the commands date and hwclock will help you, for the production environment a time server client should be set up. On Linux, Xntp is probably the most common one; its homepage offers documentation: http://www.eecis.udel.edu/~ntp/.

  • If you copy the files from a Windows machine to a Linux machine, remember to have dos2unix run and convert the end-of-line characters. The same applies to configuration files, certificates, and keys created on Linux and transferred to Windows—apply...

Previous Section
End of Section 7
Next Section