Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.
Table of Contents (17 chapters)
OpenVPN
Credits
About the Author
About the Reviewers
Preface
Index

Using Authentication Methods


We have learned before that OpenVPN can be used with authentication based on shared secrets (static keys) and X.509 certificates. Another useful option for authentication is authentication plug-ins called with the configuration parameter auth-user-pass-verify, which can be used together with both methods mentioned before. For example, in a certificate-based VPN, we can use an authentication plug-in to make sure that only a user knowing the appropriate username/password combination can start the tunnel. This may be a convenient additional level of security for laptops or other road-warrior machines.

While certificates in this context tend to protect and authenticate machines rather than users, username/password combinations are useful for VPNs that are started by a human. The Windows GUI will pop up a small authentication window where the user must enter a username and password. The VPN client takes these values and sends them to the VPN server, which starts the...