Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.
Table of Contents (17 chapters)
About the Author
About the Reviewers

Individual Firewall Rules for Connecting Clients

One striking possibility OpenVPN offers is a setup where:

  • An OpenVPN machine acts as a server that protects the company's network, admitting access for OpenVPN clients.

  • The clients are automatically assigned IPs by the server.

  • The clients are equipped with certificates, and identified and authorized by these certificates.

The scripting parameter learn-address in the server's OpenVPN configuration file will have the server execute a script whenever an authorized client connects to the VPN and is assigned an address. This parameter takes the full path to a script as an option:

learn-address /etc/openvpn/scripts/openvpnFW

In this example, the script openvpnFW will be executed each time a client is assigned an IP address and will be passed three variables by the OpenVPN server process:

  1. 1. $1: The action taken; this may be one of add, delete, update

  2. 2. $2: The IP assigned to the client connecting

  3. 3. $3: The common name in the subject line of the client...