Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

Related Content you might be interested in

Current Title:

Small book image
OpenVPN: Building and Integrating Virtual Private Networks
May, 2006 | 270 pages
No titles found
Table of Contents (17 chapters)
OpenVPN
OpenVPN
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
VPN—Virtual Private Network
VPN—Virtual Private Network
Branches Connected by Dedicated Lines
How Does a VPN Work?
VPN Concepts—Overview
Summary
2
VPN Security
VPN Security
VPN Security
Privacy—Encrypting the Traffic
SSL/TLS Security
Summary
3
OpenVPN
OpenVPN
Advantages of OpenVPN
History of OpenVPN
Networking with OpenVPN
OpenVPN Compared to IPsec VPN
Sources for Help and Documentation
The Project Community
Summary
4
Installing OpenVPN
Installing OpenVPN
Prerequisites
Obtaining the Software
Installing OpenVPN on Windows
Installing OpenVPN on Mac OS X (Tunnelblick)
Installing OpenVPN on SuSE Linux
Installing OpenVPN on Redhat Fedora Using yum
Installing OpenVPN on RPM-Based Systems
Installing OpenVPN on Debian
Installing OpenVPN on FreeBSD
Troubleshooting—Advanced Installation Methods
Internet Links, Installation Guidelines, and Help
Summary
5
Configuring an OpenVPN Server—The First Tunnel
Configuring an OpenVPN Server—The First Tunnel
OpenVPN on Microsoft Windows
Connecting Windows and Linux
Troubleshooting Firewall Issues
Summary
6
Setting Up OpenVPN with X509 Certificates
Setting Up OpenVPN with X509 Certificates
Creating Certificates
Certificate Generation on Windows XP with easy-rsa
Distributing the Files to the VPN Partners
Configuring OpenVPN to Use Certificates
Using easy-rsa on Linux
Troubleshooting
Summary
7
The Command openvpn and its Configuration File
The Command openvpn and its Configuration File
Syntax of openvpn
Using OpenVPN at the Command Line
Configuring OpenVPN with Certificates—Simple TLS Mode
Overview of OpenVPN Parameters
Important Windows-Specific Options
Summary
8
Securing OpenVPN Tunnels and Servers
Securing OpenVPN Tunnels and Servers
Securing and Stabilizing OpenVPN
Linux and Firewalls
Configuring the Windows Firewall for OpenVPN
Summary
9
Advanced Certificate Management
Advanced Certificate Management
Certificate Management and Security
Installing xca
Using xca
Using TinyCA2 to Manage Certificates
Summary
10
Advanced OpenVPN Configuration
Advanced OpenVPN Configuration
Tunneling a Proxy Server and Protecting the Proxy
Scripting OpenVPN—An Overview
Using Authentication Methods
Using a Client Configuration Directory with Per-Client Configurations
Individual Firewall Rules for Connecting Clients
Distributed Compilation through VPN Tunnels with distcc
Ethernet Bridging with OpenVPN
Automatic Installation for Windows Clients
Summary
11
Troubleshooting and Monitoring
Troubleshooting and Monitoring
Testing the Network Connectivity
Checking Interfaces, Routing, and Connectivity on the VPN Servers
Debugging with tcpdump and IPTraf
Using OpenVPN Protocol and Status Files for Debugging
Scanning Servers with Nmap
Monitoring Tools
Hints to Other Tools
Summary
Index
Index

Using a Client Configuration Directory with Per-Client Configurations

Another striking feature of OpenVPN is the fact that we can have client configurations pushed through the tunnel on creation and use client-specific configurations, which are simply set by the subject line of the client's certificate. An appropriate server configuration file may look like the following: 

port 443 
dev tun0FIT
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/firewall.crt
key /etc/openvpn/certs/firewall.key
dh /etc/openvpn/certs/dh2048.pem
tls-auth /etc/openvpn/certs/ta.key 0
auth SHA1
cipher AES-256-CBC
tls-cipher DHE-RSA-AES256-SHA
server 10.179.0.0 255.255.0.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
client-config-dir clients
keepalive 10 120
resolv-retry 86400
comp-lzo
status /var/log/openvpn/status.log
log /var/log/openvpn/main.log
tls-server
verb 3

There are three lines that are relevant in this context:

  1. 1. server 10.179.0.0 255.255.0.0: This tells OpenVPN on this machine to act as a server and...

Previous Section
End of Section 5
Next Section