Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.
Table of Contents (17 chapters)
About the Author
About the Reviewers

Branches Connected by Dedicated Lines

In former times, information exchange between branches of a company was mainly done by mail, telephone, and later by fax. But today there are four main challenges for modern companies:

  • The general acceleration of business processes and the rising need for fast, flexible information exchange between all branches of a company has made "old-fashioned" mail and even fax services appear too slow for modern requirements.

  • Technologies like Groupware, Customer Relationship Management (CRM), and Enterprise Resource Planning (ERP) are used to ensure productive teamwork and every employee is expected to cooperate.

  • Almost every enterprise has several branches in different locations and often field and home workers. All of these must be enabled to participate in the internal information exchange without delays.

  • All computer networks have to fulfill security standards to high levels to ensure data integrity, authenticity, and stability.

These four factors have led to the need of sophisticated networking solutions between a company's offices all over the world. With computer networks connecting all desktops within a single location, the need for connections between the sites has become more and more urgent.

In the very beginning, you could only buy dedicated lines between your sites and these lines were expensive, and thus only large companies could afford to connect their branches to enable world-wide teamwork. To reach this goal, fast and expensive connections had to be installed in every site, costing much more than normal enterprise Internet access.

The concept behind this network design was based on a real network between the branches of the company. A provider was needed to connect every location, and a real cable connection between all branches was established. Like the telephone network, a single line connecting two partners was used for communication.

Security for this line was achieved by providing a dedicated network—every connection between branches had to be installed with a leased line. For a company with four branches (A, B, C, and D), six dedicated lines would then become necessary:

Furthermore, Remote Access Servers (RAS) were used for field or home workers who would only connect temporarily to the company's network. These people had to use special dial-in connections (with a modem or an ISDN line), and the company acted like an Internet provider. For every remote worker a dial-in account had to be configured and field workers could only connect over this line. The telephone company provided one dedicated line for every dial-up, and the central branch had to make sure that enough telephone lines were always available.

By protecting the cables and the dial-in server, a real private network was installed at very high costs. Privacy within the company's network spanning multiple branches was achieved by securing the lines and providing services only to hard-wired connection points. Almost all security and availability tasks were handed over to the service provider at very high costs. But by connecting sites directly, a higher data transfer speed could be achieved than with "normal" Internet connections at that time.

Until the middle of the 1990s, expensive dedicated lines and dial-in access servers were used to ensure team work between different branches and field workers of large companies.

Broadband Internet Access and VPNs

In mid 1990s, the rise of the Internet and the increase of speed for cheap Internet connections paved the way for new technologies. Many developers, administrators, and, last but not the least, managers had discovered that there might be better solutions than spending several hundreds of dollars, if not thousands of dollars, on dedicated and dial-up access lines.

The idea was to use the Internet for communication between branches and at the same time ensure safety and secrecy of the data transferred. In short: providing secure connections between enterprise branches via low-cost lines using the Internet. This is a very basic description of what VPNs are all about.

A VPN is:

  • Virtual, because there is no real direct network connection between the two (or more) communication partners, but only a virtual connection provided by VPN Software, realized normally over public Internet connections.

  • Private, because only the members of the company connected by the VPN Software are allowed to read the data transferred.

With a VPN, your staff in Sydney can work with the London office as if both were in the same location. The VPN Software provides a virtual network between those sites by using a low-cost Internet connection. This network is only virtual because no real, dedicated network connection to the partner is established.

A VPN can also be described as a set of logical connections secured by special software that establishes privacy by safeguarding the connection endpoints. Today the Internet is the network medium used, and privacy is achieved by modern cryptographic methods.