eBook - ePub

Mastering OpenVPN

Name: Mastering OpenVPN
Author: Eric F Crist, Jan Just Keijser

Eric F Crist,

Jan Just Keijser,

364 pages
English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Mastering OpenVPN

Eric F Crist,

Jan Just Keijser,

Book details

Book preview

Table of contents

Citations

About This Book

Master building and integrating secure private networks using OpenVPN

About This Book

Discover how to configure and set up a secure OpenVPN
Enhance user experience by using multiple authentication methods
Delve into better reporting, monitoring, logging, and control with OpenVPN

Who This Book Is For

If you are familiar with TCP/IP networking and general system administration, then this book is ideal for you. Some knowledge and understanding of core elements and applications related to Virtual Private Networking is assumed.

What You Will Learn

Identify different VPN protocols (IPSec, PPTP, OpenVPN)
Build your own PKI and manage certificates
Deploy your VPN on various devices like PCs, mobile phones, tablets, and more
Differentiate between the routed and bridged network
Enhance your VPN with monitoring and logging
Authenticate against third-party databases like LDAP or the Unix password file
Troubleshoot an OpenVPN setup that is not performing correctly

In Detail

Security on the internet is increasingly vital to both businesses and individuals. Encrypting network traffic using Virtual Private Networks is one method to enhance security. The internet, corporate, and "free internet" networks grow more hostile every day. OpenVPN, the most widely used open source VPN package, allows you to create a secure network across these systems, keeping your private data secure. The main advantage of using OpenVPN is its portability, which allows it to be embedded into several systems.

This book is an advanced guide that will help you build secure Virtual Private Networks using OpenVPN. You will begin your journey with an exploration of OpenVPN, while discussing its modes of operation, its clients, its secret keys, and their format types. You will explore PKI: its setting up and working, PAM authentication, and MTU troubleshooting. Next, client-server mode is discussed, the most commonly used deployment model, and you will learn about the two modes of operation using "tun" and "tap" devices.

The book then progresses to more advanced concepts, such as deployment scenarios in tun devices which will include integration with back-end authentication, and securing your OpenVPN server using iptables, scripting, plugins, and using OpenVPN on mobile devices and networks.

Finally, you will discover the strengths and weaknesses of the current OpenVPN implementation, understand the future directions of OpenVPN, and delve into the troubleshooting techniques for OpenVPN.

By the end of the book, you will be able to build secure private networks across the internet and hostile networks with confidence.

Style and approach

An easy-to-follow yet comprehensive guide to building secure Virtual Private Networks using OpenVPN. A progressively complex VPN design is developed with the help of examples. More advanced topics are covered in each chapter, with subjects grouped according to their complexity, as well as their utility.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Yes, you can access Mastering OpenVPN by Eric F Crist, Jan Just Keijser in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Packt Publishing

Year

2015

ISBN

9781783553136

Edition

Topic

Computer Science

Subtopic

Computer Networking

Index

Computer Science

Mastering OpenVPN

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Introduction to OpenVPN

What is a VPN?

Types of VPNs

PPTP

IPSec

SSL-based VPNs

OpenVPN

Comparison of VPNs

Advantages and disadvantages of PPTP

Advantages and disadvantages of IPSec

Advantages and disadvantages of SSL-based VPNs

Advantages and disadvantages of OpenVPN

History of OpenVPN

OpenVPN packages

The open source (community) version

The closed source (commercial) Access Server

The mobile platform (mixed) OpenVPN/OpenVPN Connect

Other platforms

OpenVPN internals

The tun/tap driver

The UDP and TCP modes

The encryption protocol

The control and data channels

Ciphers and hashing algorithms

OpenSSL versus PolarSSL

Summary

2. Point-to-point Mode

Pros and cons of the key mode

The first example

TCP protocol and different ports

The TAP mode

The topology subnet

The cleartext tunnel

OpenVPN secret keys

Using multiple keys

Using different encryption and authentication algorithms

Routing

Configuration files versus the command line

The complete setup

Advanced IP-less setup

Three-way routing

Route, net_gateway, vpn_gateway, and metrics

Bridged tap adapter on both ends

Removing the bridges

Combining point-to-point mode with certificates

Summary

3. PKIs and Certificates

An overview of PKI

PKI using Easy-RSA

Building the CA

Certificate revocation list

Server certificates

Client certificates

PKI using ssl-admin

OpenVPN server certificates

OpenVPN client certificates

Other features

Multiple CAs and CRLs

Extra security – hardware tokens, smart cards, and PKCS#11

Background information

Supported platforms

Initializing a hardware token

Generating a certificate/private key pair

Generating a private key on a token

Generating a certificate request

Writing an X.509 certificate to the token

Getting a hardware token ID

Using a hardware token with OpenVPN

Summary

4. Client/Server Mode with tun Devices

Understanding the client/server mode

Setting up the Public Key Infrastructure

Initial setup of the client/server mode

Detailed explanation of the configuration files

Topology subnet versus topology net30

Adding extra security

Using tls-auth keys

Generating a tls-auth key

Checking certificate key usage attributes

Basic production-level configuration files

TCP-based configuration

Configuration files for Windows

Routing and server-side routing

Special parameters for the route option

Masquerading

Redirecting the default gateway

Client-specific configuration – CCD files

How to determine whether a CCD file is properly processed

CCD files and topology net30

Client-side routing

In-depth explanation of the client-config-dir configuration

Client-to-client traffic

The OpenVPN status file

Reliable connection tracking for UDP mode

The OpenVPN management interface

Session key renegotiation

A note on PKCS#11 devices

Using IPv6

Protected IPv6 traffic

Using IPv6 as transit

Advanced configuration options

Proxy ARP

How does Proxy ARP work?

Assigning public IP addresses to clients

Summary

5. Advanced Deployment Scenarios in tun Mode

Enabling file sharing over VPN

Using NetBIOS names

Using nbtstat to troubleshoot connection problems

Using LDAP as a backend authentication mechanism

Troubleshooting the LDAP backend authentication

Filtering OpenVPN

FreeBSD example

A Windows example

Policy-based routing

Windows network locations – public versus private

Background

Changing the TAP-Win adapter location using the redirect-gateway

Using the Group Policy editor to force an adapter to be private

Changing the TAP-Win adapter location using extra gateways

Redirecting all traffic in combination with extra gateways

Using OpenVPN with HTTP or SOCKS proxies

HTTP proxies

SOCKS proxies

Summary

6. Client/Server Mode with tap Devices

The basic setup

Enabling client-to-client traffic

Filtering traffic between clients

Disadvantage of the proxy_arp_pvlan method

Filtering traffic using the pf filter of OpenVPN

Using the tap device (bridging)

Bridging on Linux

Tearing down the bridge

Bridging on Windows

Using an external DHCP server

Checking broadcast and non-IP traffic

Address Resolution Protocol traffic

NetBIOS traffic

Comparing tun mode to tap mode

Layer 2 versus layer 3

Routing differences and iroute

Client-to-client filtering

Broadcast traffic and "chattiness" of the network

Bridging

Summary

7. Scripting and Plugins

Scripting

Server-side scripts

--setenv and --setenv-safe

--script-security

--up-restart

--up

--route-up

--tls-verify

--auth-user-pass-verify

--client-connect

--learn-address

--client-disconnect

--route-pre-down

--down

Client-side scripts

--setenv and --setenv-safe

--script-security

--up-restart

--tls-verify

--ipchange

--up

--route-up

--route-pre-down

--down

Examples of server scripts

Client-connect scripts

Client authentication

Client authorization

Example 1—client-selected routes

Example 2—track client connection statistics

Example 3—disconnect user after X minutes

Examples of client scripts

Example 4—mount NFS share

Example 5—using all scripts at once

The server-side script log

Environment variables set in the server-side scripts

--up

--route-up

--tls-verify

--auth-user-pass-verify

--client-connect

--learn-address

--client-disconnect

--route-pre-down and --down

The client-side script log

Environment variables set in the client-side scripts

Plugins

Down-root

The auth-pam plugin

Summary

8. Using OpenVPN on Mobile Devices and Home Routers

Using the OpenVPN for an Android app

Creating an OpenVPN app profile

Using the PKCS#12 file

Using the OpenVPN Connect app for...

Mastering OpenVPN

About This Book

Frequently asked questions

Information

Mastering OpenVPN

Table of Contents

Table of contents