Book Image

Mastering OpenVPN

By : Jan Just Keijser, Eric F Crist
Book Image

Mastering OpenVPN

By: Jan Just Keijser, Eric F Crist

Overview of this book

Security on the internet is increasingly vital to both businesses and individuals. Encrypting network traffic using Virtual Private Networks is one method to enhance security. The internet, corporate, and “free internet” networks grow more hostile every day. OpenVPN, the most widely used open source VPN package, allows you to create a secure network across these systems, keeping your private data secure. The main advantage of using OpenVPN is its portability, which allows it to be embedded into several systems. This book is an advanced guide that will help you build secure Virtual Private Networks using OpenVPN. You will begin your journey with an exploration of OpenVPN, while discussing its modes of operation, its clients, its secret keys, and their format types. You will explore PKI: its setting up and working, PAM authentication, and MTU troubleshooting. Next, client-server mode is discussed, the most commonly used deployment model, and you will learn about the two modes of operation using "tun" and "tap" devices. The book then progresses to more advanced concepts, such as deployment scenarios in tun devices which will include integration with back-end authentication, and securing your OpenVPN server using iptables, scripting, plugins, and using OpenVPN on mobile devices and networks. Finally, you will discover the strengths and weaknesses of the current OpenVPN implementation, understand the future directions of OpenVPN, and delve into the troubleshooting techniques for OpenVPN. By the end of the book, you will be able to build secure private networks across the internet and hostile networks with confidence.
Table of Contents (17 chapters)
Mastering OpenVPN
About the Authors
About the Reviewers

OpenVPN packages

There are several OpenVPN packages available on the Internet:

  • The open source or community version of OpenVPN

  • OpenVPN Access Server, the closed-source commercial offering by OpenVPN Inc.

  • The mobile platform versions of OpenVPN for both Android and iOS (part of the code is closed-source, as a requirement of Apple)

The open source (community) version

Open source versions of OpenVPN are made available as each release is published. The community has resources to build binary packages for multiple platforms, including both 32-bit and 64-bit Windows clients. The currently available download options are available at

Some operating system package maintainers track development and make snapshot releases available. FreeBSD, for example, has a security/openvpn-devel port that tracks weekly tarball snapshots from OpenVPN development. If you'd like to run the latest and greatest bleeding-edge version of OpenVPN, look at your package maintainer first. Otherwise, you can always build directly from source.

The community version of OpenVPN can act both as a VPN server and as a VPN client. There is no separate client-only version.

The closed source (commercial) Access Server

OpenVPN Technologies, Inc. offers a commercial version of OpenVPN called Access Server. Compared to the open source project, Access Server offers many features and deployment options that may appeal to some organizations. Access Server is a paid product, but a trial with two license keys enabled is available from the website.

Software packages, virtual appliances, and cloud services are all available from OpenVPN Technologies, Inc. at

OpenVPN Access Server includes its own OpenVPN client, OpenVPN Connect, for both Windows and Mac OS. This client software generally works only with OpenVPN Access Server. It is also possible to use the community version of OpenVPN as a client for an OpenVPN Access Server.

The mobile platform (mixed) OpenVPN/OpenVPN Connect

For mobile devices, such as iPhones/iPads and Android devices, OpenVPN Technologies, Inc., provides a special OpenVPN Connect Client. OpenVPN Technologies, Inc., and James specifically put a lot of effort and legal wrangling with the likes of Google and Apple to get access to a usable VPN API on each platform.

Due to the nature of Apple's NDA, currently, the source for OpenVPN Connect is unavailable and cannot be shared publicly. The iOS OpenVPN Connection client can be downloaded from the Apple App Store at

There are Android clients written by a few developers, but the officially supported version is OpenVPN for Android, written by Arne Schwabe, which can be found at

OpenVPN Connect, written by OpenVPN Technologies, Inc., is also available. You can download the Android OpenVPN Connect client at

One serious advantage of OpenVPN Connect is that it supports / is supported by both the community version of OpenVPN, as well as the closed-source OpenVPN Access Server. If you have a need to access both types of servers, OpenVPN Connect is recommended.

Other platforms

There are some hardware vendors attempting to integrate support for OpenVPN within their devices. Some offer firmware versions for the VoIP phones that include an older version of OpenVPN. Other firmware projects, such as DD-WRT for Linksys routers, as well as other projects such as FreeNAS, pfSense, and others, also integrate OpenVPN.