Book Image

Mastering OpenVPN

By : Eric F Crist
Book Image

Mastering OpenVPN

By: Eric F Crist

Overview of this book

Security on the internet is increasingly vital to both businesses and individuals. Encrypting network traffic using Virtual Private Networks is one method to enhance security. The internet, corporate, and “free internet” networks grow more hostile every day. OpenVPN, the most widely used open source VPN package, allows you to create a secure network across these systems, keeping your private data secure. The main advantage of using OpenVPN is its portability, which allows it to be embedded into several systems. This book is an advanced guide that will help you build secure Virtual Private Networks using OpenVPN. You will begin your journey with an exploration of OpenVPN, while discussing its modes of operation, its clients, its secret keys, and their format types. You will explore PKI: its setting up and working, PAM authentication, and MTU troubleshooting. Next, client-server mode is discussed, the most commonly used deployment model, and you will learn about the two modes of operation using "tun" and "tap" devices. The book then progresses to more advanced concepts, such as deployment scenarios in tun devices which will include integration with back-end authentication, and securing your OpenVPN server using iptables, scripting, plugins, and using OpenVPN on mobile devices and networks. Finally, you will discover the strengths and weaknesses of the current OpenVPN implementation, understand the future directions of OpenVPN, and delve into the troubleshooting techniques for OpenVPN. By the end of the book, you will be able to build secure private networks across the internet and hostile networks with confidence.
Table of Contents (17 chapters)
Mastering OpenVPN
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Basic production-level configuration files


We extend the previous client and server configuration files to use the newly created tls-auth key. We do this by adding a line to the configuration file movpn-04-01-server.conf, as well as the second security-enhancing option:

proto udp
port 1194
dev tun
server 10.200.0.0 255.255.255.0
topology subnet
persist-key
persist-tun
keepalive 10 60

remote-cert-tls client
tls-auth /etc/openvpn/movpn/ta.key 0
dh       /etc/openvpn/movpn/dh2048.pem
ca       /etc/openvpn/movpn/movpn-ca.crt
cert     /etc/openvpn/movpn/server.crt
key      /etc/openvpn/movpn/server.key

user  nobody
group nobody

verb 3
daemon
log-append /var/log/openvpn.log

Note

Note that the order of the statements in this configuration file is random. The remote-cert-tls and tls-auth lines could have been added at any point in the file.

This server configuration file is a basic server configuration file that we will reuse throughout this chapter and others. Save it as basic-udp-server.conf so...