Advanced OpenVPN Configuration | OpenVPN: Building and Integrating Virtual Private Networks

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents
Feedback & Rating

OpenVPN: Building and Integrating Virtual Private Networks

3.5 (8)

OpenVPN: Building and Integrating Virtual Private Networks

3.5 (8)

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

OpenVPN

OpenVPN

Credits

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

Preface

Preface

Free Chapter

VPN—Virtual Private Network

VPN—Virtual Private Network

Branches Connected by Dedicated Lines

How Does a VPN Work?

VPN Concepts—Overview

Summary

VPN Security

VPN Security

VPN Security

Privacy—Encrypting the Traffic

SSL/TLS Security

Summary

OpenVPN

OpenVPN

Advantages of OpenVPN

History of OpenVPN

Networking with OpenVPN

OpenVPN Compared to IPsec VPN

Sources for Help and Documentation

The Project Community

Summary

Installing OpenVPN

Installing OpenVPN

Prerequisites

Obtaining the Software

Installing OpenVPN on Windows

Installing OpenVPN on Mac OS X (Tunnelblick)

Installing OpenVPN on SuSE Linux

Installing OpenVPN on Redhat Fedora Using yum

Installing OpenVPN on RPM-Based Systems

Installing OpenVPN on Debian

Installing OpenVPN on FreeBSD

Troubleshooting—Advanced Installation Methods

Internet Links, Installation Guidelines, and Help

Summary

Configuring an OpenVPN Server—The First Tunnel

Configuring an OpenVPN Server—The First Tunnel

OpenVPN on Microsoft Windows

Connecting Windows and Linux

Troubleshooting Firewall Issues

Summary

Setting Up OpenVPN with X509 Certificates

Setting Up OpenVPN with X509 Certificates

Creating Certificates

Certificate Generation on Windows XP with easy-rsa

Distributing the Files to the VPN Partners

Configuring OpenVPN to Use Certificates

Using easy-rsa on Linux

Troubleshooting

Summary

The Command openvpn and its Configuration File

The Command openvpn and its Configuration File

Syntax of openvpn

Using OpenVPN at the Command Line

Configuring OpenVPN with Certificates—Simple TLS Mode

Overview of OpenVPN Parameters

Important Windows-Specific Options

Summary

Securing OpenVPN Tunnels and Servers

Securing OpenVPN Tunnels and Servers

Securing and Stabilizing OpenVPN

Linux and Firewalls

Configuring the Windows Firewall for OpenVPN

Summary

Advanced Certificate Management

Advanced Certificate Management

Certificate Management and Security

Installing xca

Using xca

Using TinyCA2 to Manage Certificates

Summary

Advanced OpenVPN Configuration

Advanced OpenVPN Configuration

Tunneling a Proxy Server and Protecting the Proxy

Scripting OpenVPN—An Overview

Using Authentication Methods

Using a Client Configuration Directory with Per-Client Configurations

Individual Firewall Rules for Connecting Clients

Distributed Compilation through VPN Tunnels with distcc

Ethernet Bridging with OpenVPN

Automatic Installation for Windows Clients

Summary

Troubleshooting and Monitoring

Troubleshooting and Monitoring

Testing the Network Connectivity

Checking Interfaces, Routing, and Connectivity on the VPN Servers

Debugging with tcpdump and IPTraf

Using OpenVPN Protocol and Status Files for Debugging

Scanning Servers with Nmap

Monitoring Tools

Hints to Other Tools

Summary

Index

Index

Customer Reviews

3.5 (8)

5 star

50%

4 star

0%

3 star

12.5%

2 star

25%

1 star

12.5%

Using a Client Configuration Directory with Per-Client Configurations

Another striking feature of OpenVPN is the fact that we can have client configurations pushed through the tunnel on creation and use client-specific configurations, which are simply set by the subject line of the client's certificate. An appropriate server configuration file may look like the following:

port 443 
dev tun0FIT
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/firewall.crt
key /etc/openvpn/certs/firewall.key
dh /etc/openvpn/certs/dh2048.pem
tls-auth /etc/openvpn/certs/ta.key 0
auth SHA1
cipher AES-256-CBC
tls-cipher DHE-RSA-AES256-SHA
server 10.179.0.0 255.255.0.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
client-config-dir clients
keepalive 10 120
resolv-retry 86400
comp-lzo
status /var/log/openvpn/status.log
log /var/log/openvpn/main.log
tls-server
verb 3

There are three lines that are relevant in this context:

1. server 10.179.0.0 255.255.0.0: This tells OpenVPN on this machine to act as a server and...

Visually different images

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

OpenVPN: Building and Integrating Virtual Private Networks

Search

Your notes and bookmarks