Book Image

Mastering OpenVPN

By : Jan Just Keijser, Eric F Crist
Book Image

Mastering OpenVPN

By: Jan Just Keijser, Eric F Crist

Overview of this book

Security on the internet is increasingly vital to both businesses and individuals. Encrypting network traffic using Virtual Private Networks is one method to enhance security. The internet, corporate, and “free internet” networks grow more hostile every day. OpenVPN, the most widely used open source VPN package, allows you to create a secure network across these systems, keeping your private data secure. The main advantage of using OpenVPN is its portability, which allows it to be embedded into several systems. This book is an advanced guide that will help you build secure Virtual Private Networks using OpenVPN. You will begin your journey with an exploration of OpenVPN, while discussing its modes of operation, its clients, its secret keys, and their format types. You will explore PKI: its setting up and working, PAM authentication, and MTU troubleshooting. Next, client-server mode is discussed, the most commonly used deployment model, and you will learn about the two modes of operation using "tun" and "tap" devices. The book then progresses to more advanced concepts, such as deployment scenarios in tun devices which will include integration with back-end authentication, and securing your OpenVPN server using iptables, scripting, plugins, and using OpenVPN on mobile devices and networks. Finally, you will discover the strengths and weaknesses of the current OpenVPN implementation, understand the future directions of OpenVPN, and delve into the troubleshooting techniques for OpenVPN. By the end of the book, you will be able to build secure private networks across the internet and hostile networks with confidence.
Table of Contents (17 chapters)
Mastering OpenVPN
About the Authors
About the Reviewers

Chapter 1. Introduction to OpenVPN

The Internet in modern society is as ubiquitous as any public utility. When someone buys a home or moves into a new apartment, or a business moves into a new space, an Internet service is the first utility on the list to be ordered, followed by power, heat, trash, and maybe (but not likely) a land line or telephone service. You could even argue that the modern qualifier isn't even necessary. With programs such as One Laptop per Child, coupled with efforts by the likes of Facebook and Google, so-called third-world nations have the Internet where there is no running water, sewers, or even telephone services.

When you have such a wide-reaching service with so many individuals, at a certain point it will be necessary to secure and protect the data transmitted on that network. With most crowds and heavy concentrations of people, there is a more nefarious element looking to take advantage of those with less knowledge. Virtual Private Networks (VPNs) were created out of a greater need for secured communication across an otherwise unprotected infrastructure. The original large-scale network, ARPANET, had very little (if any) protection and authentication and all other nodes were inherently trusted. The network landscapes today are very different and even many casual, nontechnical users are aware of the lack of security of their connections.

Government agencies have long been targets for intelligence. For thousands of years, methods and procedures have been slowly perfected and tuned to protect sensitive information from enemies and other prying eyes. Initially, wax-sealed letters carried by trusted individuals meant you and the receiver could trust a message had arrived safely and untampered. As time and technology have progressed, it became easier to intercept those messages, read or alter them, and send them along their way.

World War II saw some of the greatest advances in cryptography and secure communications. From devices such as the German Enigma machine to the Navajo Code Talkers, communicating securely between troops and command was a never-ending arms race. Today, governments and militaries aren't the only groups with a desire for privacy. Corporations want to maintain data integrity and protection for payment card industry (PCI) standards to protect consumers. Family members want to discuss family matters over private channels, where the community at large isn't able to eavesdrop. Others wish to break through the national firewalls meant to oversee the populous and restrict content deemed controversial or against party politics.

Every day, most people use a VPN or have a use for a VPN, whether they realize it at the time or not. Many different VPN technologies exist, both from commercial vendors and as open source projects. One of the most popular pieces of open source VPN software is OpenVPN. The goal of this book is to make you an OpenVPN master; you will learn not just the technology behind it, but the reasoning, logic, and logistics of everything involved. While this book will mention and touch on the commercial offering from OpenVPN Technologies, Inc., Access Server, the primary focus will be on the open source/community version of OpenVPN.