OpenVPN is an outstanding piece of software that was invented by James Yonan in the year 2001 and has steadily been improved since then. No other VPN solution offers a comparable mixture of enterprise-level security, usability, and feature richness. We have been working with OpenVPN for many years now, and it has always proven to be the best solution.
This book is intended to introduce OpenVPN Software to network specialists and VPN newbies alike. OpenVPN works where most other solutions fail and exists on almost any platform; thus it is an ideal solution for problematic setups and an easy approach for the inexperienced.
On the other hand, the complexity of classic VPN solutions, especially IPsec, gives the impression that VPN technology in general is difficult and a topic only for very experienced (network and security) specialists. OpenVPN proves that this can be different, and this book is aimed to document that.
I want to provide both a concise description of OpenVPN's features and an easy-to-understand introduction for the inexperienced. Though there may be many other possible ways to success in the scenarios described, the ones presented have been tested in many setups and have been selected for simplicity reasons.
This book provides in-depth information on OpenVPN. After three introductory chapters about VPNs, security, and OpenVPN, some chapters focus on basic OpenVPN issues like installation and configuration on various platforms. Then a block of chapters dealing with advanced configurations and security follows, and the book closes with a chapter on troubleshooting and an appendix full of Internet links.
Chapter 1: VPN—Virtual Private Network gives a brief introduction to Virtual Private Networks and discusses in brief networking concepts.
Chapter 2: VPN Security introduces basic security concepts necessary to understand VPNs—OpenVPN in particular. We will have a look at encryption matters, symmetric and asymmetric keying, and certificates.
Chapter 3: OpenVPN discusses OpenVPN, its development, features, resources, and advantages and disadvantages compared to other VPN solutions, especially IPsec.
Chapter 4: Installing OpenVPN covers installing OpenVPN on Windows, Mac, Linux, and FreeBSD. It covers the installation on Linux from the source code and RPM packages. Installation on SuSE and Debian is also covered in detail.
Chapter 5: Configuring OpenVPN—The First Tunnel is where we will set up our first VPN tunnel based on a pre-shared encryption key. This chapter also covers tunnels and file exchange between Linux and Windows.
Chapter 6: Setting Up OpenVPN with X509 Certificates explains how to use OpenVPN's easy-rsa tool to create and manage certificates for secure VPN servers.
Chapter 7: The Command openvpn and its Configuration File covers the syntax and options of OpenVPN in detail, including many examples.
Chapter 8: Securing OpenVPN Tunnels and Servers introduces safe and secure configurations and explains how to set up basic firewalls for a VPN Server, using iptables, Shorewall, Webmin, and both the SuSE and the Windows firewall systems.
Chapter 9: Advanced Certificate Management, describes two very useful tools to manage certificates and revocation lists: xca for Windows and TinyCA for Linux. This chapter also explains installation and use of these tools.
Chapter 10: Advanced OpenVPN Configuration focuses on advanced OpenVPN configurations, including tunneling through a proxy server, pushing routing commands to clients, pushing and setting the default route through a tunnel, distributed compilation through VPN tunnels with distcc, OpenVPN scripting, and much else.
Chapter 11: Troubleshooting and Monitoring is what you should refer if you need help when something does not work. Here standard networking tools are covered that can be used for scanning and testing the connectivity of a VPN server.
Appendix A: Internet Resources: Though the Internet changes rapidly, many of the links provided have proven very helpful to me during the writing of this book.
For learning VPN technologies, it may be helpful to have at least two or four PCs. Virtualization tools like XEN or VMware are very helpful here; especially if you want to test with different operating systems and switch between varying configurations easily. However, one PC is completely enough to follow the course of this book.
Two separate networks (connected by the Internet) can provide a useful setup if you want to test firewall and advanced OpenVPN setup.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
There are three styles for code. Code words in text are shown as follows: "We can include other contexts through the use of the include directive."
A block of code will be set as follows:
root=/usr/share/webmin mimetypes=/etc/mime.types port=10000 host=debian03.feilner-it.home addtype_cgi=internal/cgi realm=Webmin Server logfile=/var/log/webmin/miniserv.log pidfile=/var/run/webmin.pid logtime=168 ssl=1
When we wish to draw your attention to a particular part of a code block, the relevant lines or items will be made bold:
root=/usr/share/webmin mimetypes=/etc/mime.types port=10000host=debian03.feilner-it.home addtype_cgi=internal/cgi realm=Webmin Server logfile=/var/log/webmin/miniserv.log pidfile=/var/run/webmin.pid logtime=168 ssl=1
Any command-line input and output is written as follows:
cd "C:\\Program Files\ OpenVPN\easy-rsa\"
New terms and important words are introduced in a bold-type font. Words that you see on the screen, in menus or dialog boxes for example, appear in our text like this: "clicking the Next button moves you to the next screen".
Note
Tips and tricks appear like this.
Feedback from our readers is always welcome. Let us know what you think about this book, what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply drop an email to <[email protected]>, making sure to mention the book title in the subject of your message.
If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or email <[email protected]>.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our contents, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in text or code—we would be grateful if you would report this to us. By doing this you can save other readers from frustration, and help to improve subsequent versions of this book. If you find any errata, report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the Submit Errata link, and entering the details of your errata. Once your errata have been verified, your submission will be accepted and the errata added to the list of existing errata. The existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
You can contact us at <[email protected]> if you are having a problem with some aspect of the book, and we will do our best to address it.