Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering OpenVPN
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering OpenVPN

Mastering OpenVPN

By : Jan Just Keijser, Eric F Crist
4.5 (8)
Buy this Book
close
close
Mastering OpenVPN

Mastering OpenVPN

4.5 (8)
By: Jan Just Keijser, Eric F Crist

Overview of this book

Security on the internet is increasingly vital to both businesses and individuals. Encrypting network traffic using Virtual Private Networks is one method to enhance security. The internet, corporate, and “free internet” networks grow more hostile every day. OpenVPN, the most widely used open source VPN package, allows you to create a secure network across these systems, keeping your private data secure. The main advantage of using OpenVPN is its portability, which allows it to be embedded into several systems. This book is an advanced guide that will help you build secure Virtual Private Networks using OpenVPN. You will begin your journey with an exploration of OpenVPN, while discussing its modes of operation, its clients, its secret keys, and their format types. You will explore PKI: its setting up and working, PAM authentication, and MTU troubleshooting. Next, client-server mode is discussed, the most commonly used deployment model, and you will learn about the two modes of operation using "tun" and "tap" devices. The book then progresses to more advanced concepts, such as deployment scenarios in tun devices which will include integration with back-end authentication, and securing your OpenVPN server using iptables, scripting, plugins, and using OpenVPN on mobile devices and networks. Finally, you will discover the strengths and weaknesses of the current OpenVPN implementation, understand the future directions of OpenVPN, and delve into the troubleshooting techniques for OpenVPN. By the end of the book, you will be able to build secure private networks across the internet and hostile networks with confidence.
Table of Contents (12 chapters)
close
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Introduction to OpenVPN
chevron up
1. Introduction to OpenVPN
What is a VPN?
Types of VPNs
Comparison of VPNs
OpenVPN packages
OpenVPN internals
Summary
2
2. Point-to-point Mode
2. Point-to-point Mode
Pros and cons of the key mode
TCP protocol and different ports
OpenVPN secret keys
Routing
The complete setup
Three-way routing
Bridged tap adapter on both ends
Combining point-to-point mode with certificates
Summary
3
3. PKIs and Certificates
3. PKIs and Certificates
An overview of PKI
OpenVPN server certificates
OpenVPN client certificates
Other features
Multiple CAs and CRLs
Extra security – hardware tokens, smart cards, and PKCS#11
Summary
4
4. Client/Server Mode with tun Devices
4. Client/Server Mode with tun Devices
Understanding the client/server mode
Setting up the Public Key Infrastructure
Initial setup of the client/server mode
Adding extra security
Basic production-level configuration files
Routing and server-side routing
Redirecting the default gateway
Client-specific configuration – CCD files
Client-side routing
The OpenVPN status file
The OpenVPN management interface
Session key renegotiation
Using IPv6
Advanced configuration options
Summary
5
5. Advanced Deployment Scenarios in tun Mode
5. Advanced Deployment Scenarios in tun Mode
Enabling file sharing over VPN
Using LDAP as a backend authentication mechanism
Filtering OpenVPN
Windows network locations – public versus private
Using OpenVPN with HTTP or SOCKS proxies
Summary
6
6. Client/Server Mode with tap Devices
6. Client/Server Mode with tap Devices
The basic setup
Enabling client-to-client traffic
Using the tap device (bridging)
Using an external DHCP server
Checking broadcast and non-IP traffic
Comparing tun mode to tap mode
Summary
7
7. Scripting and Plugins
7. Scripting and Plugins
Scripting
Plugins
Summary
8
8. Using OpenVPN on Mobile Devices and Home Routers
8. Using OpenVPN on Mobile Devices and Home Routers
Using the OpenVPN for an Android app
Using the OpenVPN Connect app for Android
Using the OpenVPN Connect app for iOS
Integrating smart phones into an existing VPN setup
Using a home router as a VPN client
Using a home router as a VPN server
Summary
9
9. Troubleshooting and Tuning
9. Troubleshooting and Tuning
How to read the log files
Fixing common configuration mistakes
Troubleshooting routing issues
How to optimize performance by using ping and iperf
Analyzing OpenVPN traffic by using tcpdump
Summary
10
10. Future Directions
10. Future Directions
Current strengths
Current weaknesses
Where we are going
Summary
11
Index
Index

OpenVPN packages

There are several OpenVPN packages available on the Internet:

  • The open source or community version of OpenVPN
  • OpenVPN Access Server, the closed-source commercial offering by OpenVPN Inc.
  • The mobile platform versions of OpenVPN for both Android and iOS (part of the code is closed-source, as a requirement of Apple)

The open source (community) version

Open source versions of OpenVPN are made available as each release is published. The community has resources to build binary packages for multiple platforms, including both 32-bit and 64-bit Windows clients. The currently available download options are available at http://openvpn.net/index.php/download/community-downloads.html.

Some operating system package maintainers track development and make snapshot releases available. FreeBSD, for example, has a security/openvpn-devel port that tracks weekly tarball snapshots from OpenVPN development. If you'd like to run the latest and greatest bleeding-edge version of OpenVPN, look at your package maintainer first. Otherwise, you can always build directly from source.

The community version of OpenVPN can act both as a VPN server and as a VPN client. There is no separate client-only version.

The closed source (commercial) Access Server

OpenVPN Technologies, Inc. offers a commercial version of OpenVPN called Access Server. Compared to the open source project, Access Server offers many features and deployment options that may appeal to some organizations. Access Server is a paid product, but a trial with two license keys enabled is available from the website.

Software packages, virtual appliances, and cloud services are all available from OpenVPN Technologies, Inc. at https://openvpn.net/index.php/access-server/overview.html.

OpenVPN Access Server includes its own OpenVPN client, OpenVPN Connect, for both Windows and Mac OS. This client software generally works only with OpenVPN Access Server. It is also possible to use the community version of OpenVPN as a client for an OpenVPN Access Server.

The mobile platform (mixed) OpenVPN/OpenVPN Connect

For mobile devices, such as iPhones/iPads and Android devices, OpenVPN Technologies, Inc., provides a special OpenVPN Connect Client. OpenVPN Technologies, Inc., and James specifically put a lot of effort and legal wrangling with the likes of Google and Apple to get access to a usable VPN API on each platform.

Due to the nature of Apple's NDA, currently, the source for OpenVPN Connect is unavailable and cannot be shared publicly. The iOS OpenVPN Connection client can be downloaded from the Apple App Store at https://itunes.apple.com/us/app/openvpn-connect/id590379981?mt=8.

There are Android clients written by a few developers, but the officially supported version is OpenVPN for Android, written by Arne Schwabe, which can be found at https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en.

OpenVPN Connect, written by OpenVPN Technologies, Inc., is also available. You can download the Android OpenVPN Connect client at https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en.

One serious advantage of OpenVPN Connect is that it supports / is supported by both the community version of OpenVPN, as well as the closed-source OpenVPN Access Server. If you have a need to access both types of servers, OpenVPN Connect is recommended.

Other platforms

There are some hardware vendors attempting to integrate support for OpenVPN within their devices. Some offer firmware versions for the VoIP phones that include an older version of OpenVPN. Other firmware projects, such as DD-WRT for Linksys routers, as well as other projects such as FreeNAS, pfSense, and others, also integrate OpenVPN.

End of Section 5
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY