Advanced OpenVPN Configuration | OpenVPN: Building and Integrating Virtual Private Networks

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

OpenVPN: Building and Integrating Virtual Private Networks

3.5 (8)

OpenVPN: Building and Integrating Virtual Private Networks

3.5 (8)

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

OpenVPN

OpenVPN

Credits

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

Preface

Preface

Free Chapter

VPN—Virtual Private Network

VPN—Virtual Private Network

Branches Connected by Dedicated Lines

How Does a VPN Work?

VPN Concepts—Overview

Summary

VPN Security

VPN Security

VPN Security

Privacy—Encrypting the Traffic

SSL/TLS Security

Summary

OpenVPN

OpenVPN

Advantages of OpenVPN

History of OpenVPN

Networking with OpenVPN

OpenVPN Compared to IPsec VPN

Sources for Help and Documentation

The Project Community

Summary

Installing OpenVPN

Installing OpenVPN

Prerequisites

Obtaining the Software

Installing OpenVPN on Windows

Installing OpenVPN on Mac OS X (Tunnelblick)

Installing OpenVPN on SuSE Linux

Installing OpenVPN on Redhat Fedora Using yum

Installing OpenVPN on RPM-Based Systems

Installing OpenVPN on Debian

Installing OpenVPN on FreeBSD

Troubleshooting—Advanced Installation Methods

Internet Links, Installation Guidelines, and Help

Summary

Configuring an OpenVPN Server—The First Tunnel

Configuring an OpenVPN Server—The First Tunnel

OpenVPN on Microsoft Windows

Connecting Windows and Linux

Troubleshooting Firewall Issues

Summary

Setting Up OpenVPN with X509 Certificates

Setting Up OpenVPN with X509 Certificates

Creating Certificates

Certificate Generation on Windows XP with easy-rsa

Distributing the Files to the VPN Partners

Configuring OpenVPN to Use Certificates

Using easy-rsa on Linux

Troubleshooting

Summary

The Command openvpn and its Configuration File

The Command openvpn and its Configuration File

Syntax of openvpn

Using OpenVPN at the Command Line

Configuring OpenVPN with Certificates—Simple TLS Mode

Overview of OpenVPN Parameters

Important Windows-Specific Options

Summary

Securing OpenVPN Tunnels and Servers

Securing OpenVPN Tunnels and Servers

Securing and Stabilizing OpenVPN

Linux and Firewalls

Configuring the Windows Firewall for OpenVPN

Summary

Advanced Certificate Management

Advanced Certificate Management

Certificate Management and Security

Installing xca

Using xca

Using TinyCA2 to Manage Certificates

Summary

Advanced OpenVPN Configuration

Advanced OpenVPN Configuration

Tunneling a Proxy Server and Protecting the Proxy

Scripting OpenVPN—An Overview

Using Authentication Methods

Using a Client Configuration Directory with Per-Client Configurations

Individual Firewall Rules for Connecting Clients

Distributed Compilation through VPN Tunnels with distcc

Ethernet Bridging with OpenVPN

Automatic Installation for Windows Clients

Summary

Troubleshooting and Monitoring

Troubleshooting and Monitoring

Testing the Network Connectivity

Checking Interfaces, Routing, and Connectivity on the VPN Servers

Debugging with tcpdump and IPTraf

Using OpenVPN Protocol and Status Files for Debugging

Scanning Servers with Nmap

Monitoring Tools

Hints to Other Tools

Summary

Index

Index

Individual Firewall Rules for Connecting Clients

One striking possibility OpenVPN offers is a setup where:

An OpenVPN machine acts as a server that protects the company's network, admitting access for OpenVPN clients.
The clients are automatically assigned IPs by the server.
The clients are equipped with certificates, and identified and authorized by these certificates.

The scripting parameter learn-address in the server's OpenVPN configuration file will have the server execute a script whenever an authorized client connects to the VPN and is assigned an address. This parameter takes the full path to a script as an option:

learn-address /etc/openvpn/scripts/openvpnFW

In this example, the script openvpnFW will be executed each time a client is assigned an IP address and will be passed three variables by the OpenVPN server process:

1. $1: The action taken; this may be one of add, delete, update
2. $2: The IP assigned to the client connecting
3. $3: The common name in the subject line of the client...

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

OpenVPN: Building and Integrating Virtual Private Networks

Search

Your notes and bookmarks