Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Book Image

OpenVPN: Building and Integrating Virtual Private Networks

Overview of this book

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

Related Content you might be interested in

Current Title:

Small book image
OpenVPN: Building and Integrating Virtual Private Networks
May, 2006 | 270 pages
No titles found
Table of Contents (17 chapters)
OpenVPN
OpenVPN
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
VPN—Virtual Private Network
VPN—Virtual Private Network
Branches Connected by Dedicated Lines
How Does a VPN Work?
VPN Concepts—Overview
Summary
2
VPN Security
VPN Security
VPN Security
Privacy—Encrypting the Traffic
SSL/TLS Security
Summary
3
OpenVPN
OpenVPN
Advantages of OpenVPN
History of OpenVPN
Networking with OpenVPN
OpenVPN Compared to IPsec VPN
Sources for Help and Documentation
The Project Community
Summary
4
Installing OpenVPN
Installing OpenVPN
Prerequisites
Obtaining the Software
Installing OpenVPN on Windows
Installing OpenVPN on Mac OS X (Tunnelblick)
Installing OpenVPN on SuSE Linux
Installing OpenVPN on Redhat Fedora Using yum
Installing OpenVPN on RPM-Based Systems
Installing OpenVPN on Debian
Installing OpenVPN on FreeBSD
Troubleshooting—Advanced Installation Methods
Internet Links, Installation Guidelines, and Help
Summary
5
Configuring an OpenVPN Server—The First Tunnel
Configuring an OpenVPN Server—The First Tunnel
OpenVPN on Microsoft Windows
Connecting Windows and Linux
Troubleshooting Firewall Issues
Summary
6
Setting Up OpenVPN with X509 Certificates
Setting Up OpenVPN with X509 Certificates
Creating Certificates
Certificate Generation on Windows XP with easy-rsa
Distributing the Files to the VPN Partners
Configuring OpenVPN to Use Certificates
Using easy-rsa on Linux
Troubleshooting
Summary
7
The Command openvpn and its Configuration File
The Command openvpn and its Configuration File
Syntax of openvpn
Using OpenVPN at the Command Line
Configuring OpenVPN with Certificates—Simple TLS Mode
Overview of OpenVPN Parameters
Important Windows-Specific Options
Summary
8
Securing OpenVPN Tunnels and Servers
Securing OpenVPN Tunnels and Servers
Securing and Stabilizing OpenVPN
Linux and Firewalls
Configuring the Windows Firewall for OpenVPN
Summary
9
Advanced Certificate Management
Advanced Certificate Management
Certificate Management and Security
Installing xca
Using xca
Using TinyCA2 to Manage Certificates
Summary
10
Advanced OpenVPN Configuration
Advanced OpenVPN Configuration
Tunneling a Proxy Server and Protecting the Proxy
Scripting OpenVPN—An Overview
Using Authentication Methods
Using a Client Configuration Directory with Per-Client Configurations
Individual Firewall Rules for Connecting Clients
Distributed Compilation through VPN Tunnels with distcc
Ethernet Bridging with OpenVPN
Automatic Installation for Windows Clients
Summary
11
Troubleshooting and Monitoring
Troubleshooting and Monitoring
Testing the Network Connectivity
Checking Interfaces, Routing, and Connectivity on the VPN Servers
Debugging with tcpdump and IPTraf
Using OpenVPN Protocol and Status Files for Debugging
Scanning Servers with Nmap
Monitoring Tools
Hints to Other Tools
Summary
Index
Index

Using OpenVPN at the Command Line

In the course of this book we have already invoked openvpn several times from a command line. As a first example, we built a tunnel with a pre-shared key and a rather simple configuration file. Even though there are some other parameters set in the standard configuration file we used, the easiest command to start a tunnel with a static key is: 

debian01:/etc/openvpn# openvpn --remote <IP of System B> --dev tun1 --ifconfig 10.3.0.1 10
.3.0.2 --secret /etc/openvpn/key.txt

You see, it's very easy to connect two systems with an openvpn tunnel, when we know their IPs. All we need is a pre-shared key, a tunnel IP, and a decision on which device type to use.

If the second tunnel endpoint is a Linux system already provided with the pre-shared key /etc/openvpn/key.txt, then all we need to do to start our tunnel is enter the aforementioned command on system A, and enter the following command on system B:

/etc/openvpn# openvpn --remote <IP of System A>...
Previous Section
End of Section 3
Next Section