Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

Related Content you might be interested in

Current Title:

Small book image
OpenVPN: Building and Integrating Virtual Private Networks
May, 2006 | 270 pages
No titles found
Table of Contents (17 chapters)
OpenVPN
OpenVPN
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
VPN—Virtual Private Network
VPN—Virtual Private Network
Branches Connected by Dedicated Lines
How Does a VPN Work?
VPN Concepts—Overview
Summary
2
VPN Security
VPN Security
VPN Security
Privacy—Encrypting the Traffic
SSL/TLS Security
Summary
3
OpenVPN
OpenVPN
Advantages of OpenVPN
History of OpenVPN
Networking with OpenVPN
OpenVPN Compared to IPsec VPN
Sources for Help and Documentation
The Project Community
Summary
4
Installing OpenVPN
Installing OpenVPN
Prerequisites
Obtaining the Software
Installing OpenVPN on Windows
Installing OpenVPN on Mac OS X (Tunnelblick)
Installing OpenVPN on SuSE Linux
Installing OpenVPN on Redhat Fedora Using yum
Installing OpenVPN on RPM-Based Systems
Installing OpenVPN on Debian
Installing OpenVPN on FreeBSD
Troubleshooting—Advanced Installation Methods
Internet Links, Installation Guidelines, and Help
Summary
5
Configuring an OpenVPN Server—The First Tunnel
Configuring an OpenVPN Server—The First Tunnel
OpenVPN on Microsoft Windows
Connecting Windows and Linux
Troubleshooting Firewall Issues
Summary
6
Setting Up OpenVPN with X509 Certificates
Setting Up OpenVPN with X509 Certificates
Creating Certificates
Certificate Generation on Windows XP with easy-rsa
Distributing the Files to the VPN Partners
Configuring OpenVPN to Use Certificates
Using easy-rsa on Linux
Troubleshooting
Summary
7
The Command openvpn and its Configuration File
The Command openvpn and its Configuration File
Syntax of openvpn
Using OpenVPN at the Command Line
Configuring OpenVPN with Certificates—Simple TLS Mode
Overview of OpenVPN Parameters
Important Windows-Specific Options
Summary
8
Securing OpenVPN Tunnels and Servers
Securing OpenVPN Tunnels and Servers
Securing and Stabilizing OpenVPN
Linux and Firewalls
Configuring the Windows Firewall for OpenVPN
Summary
9
Advanced Certificate Management
Advanced Certificate Management
Certificate Management and Security
Installing xca
Using xca
Using TinyCA2 to Manage Certificates
Summary
10
Advanced OpenVPN Configuration
Advanced OpenVPN Configuration
Tunneling a Proxy Server and Protecting the Proxy
Scripting OpenVPN—An Overview
Using Authentication Methods
Using a Client Configuration Directory with Per-Client Configurations
Individual Firewall Rules for Connecting Clients
Distributed Compilation through VPN Tunnels with distcc
Ethernet Bridging with OpenVPN
Automatic Installation for Windows Clients
Summary
11
Troubleshooting and Monitoring
Troubleshooting and Monitoring
Testing the Network Connectivity
Checking Interfaces, Routing, and Connectivity on the VPN Servers
Debugging with tcpdump and IPTraf
Using OpenVPN Protocol and Status Files for Debugging
Scanning Servers with Nmap
Monitoring Tools
Hints to Other Tools
Summary
Index
Index

Testing the Network Connectivity

In our typical OpenVPN setup, we have connected two networks (192.168.250.0/24 and 172.16.76.0/24) via two Linux servers that are connected to the Internet via a default gateway. Between the two Linux servers is a tunnel that uses the virtual IPs 10.179.10.1 and 10.179.10.2.

In the connected local networks there are two Linux machines that we will use to test our tunnels (perhaps by conveniently accessing them remotely with Secure Shell). We will now use the tools ifconfig, route, and ping to show and test the network settings.

In our first step, we will check the local system's network address, default route, and if the default router is pingable. The command ifconfig will print statistics of all active network interfaces: 

root@sydney:~ #ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:AE:8C:D7
          inet addr:192.168.250.128  Bcast:192.168.250.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets...
Previous Section
End of Section 2
Next Section