Book Image

Mastering OpenVPN

By : Jan Just Keijser, Eric F Crist
Book Image

Mastering OpenVPN

By: Jan Just Keijser, Eric F Crist

Overview of this book

Security on the internet is increasingly vital to both businesses and individuals. Encrypting network traffic using Virtual Private Networks is one method to enhance security. The internet, corporate, and “free internet” networks grow more hostile every day. OpenVPN, the most widely used open source VPN package, allows you to create a secure network across these systems, keeping your private data secure. The main advantage of using OpenVPN is its portability, which allows it to be embedded into several systems. This book is an advanced guide that will help you build secure Virtual Private Networks using OpenVPN. You will begin your journey with an exploration of OpenVPN, while discussing its modes of operation, its clients, its secret keys, and their format types. You will explore PKI: its setting up and working, PAM authentication, and MTU troubleshooting. Next, client-server mode is discussed, the most commonly used deployment model, and you will learn about the two modes of operation using "tun" and "tap" devices. The book then progresses to more advanced concepts, such as deployment scenarios in tun devices which will include integration with back-end authentication, and securing your OpenVPN server using iptables, scripting, plugins, and using OpenVPN on mobile devices and networks. Finally, you will discover the strengths and weaknesses of the current OpenVPN implementation, understand the future directions of OpenVPN, and delve into the troubleshooting techniques for OpenVPN. By the end of the book, you will be able to build secure private networks across the internet and hostile networks with confidence.
Table of Contents (17 chapters)
Mastering OpenVPN
About the Authors
About the Reviewers

Checking broadcast and non-IP traffic

The tcpdump and wireshark tools are useful for troubleshooting an "almost-working" OpenVPN setup. Wireshark is available for Linux, Mac OS X, and Windows. It can be used as a command-line tool but most often the GUI-based version is used. On most Unix/Linux-based platforms, the command-line tool tcpdump is also available.

We will now use tcpdump and wireshark to view the flow of packets over a tap-based VPN setup.

Address Resolution Protocol traffic

One of the most basic types of Ethernet traffic present on all networks is Address Resolution Protocol (ARP) traffic. ARP is a prime example of an Ethernet protocol that does not travel across point-to-point links (such as tun-based OpenVPN setups). The physical layer (layer 1) is generally an electrical or optical connection between systems. In the case of a VPN, the tunnel takes the place of that physical connection. The next step in the OSI model is the Ethernet layer (layer 2). The ARP protocol is often...