• No results found

Beginning OpenVPN 2.0.9

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Beginning OpenVPN 2.0.9"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

Beginning

OpenVPN

2.0.9

Build

and

integrate

Virtual

Private Networks

using

OpenVPN

Markus Feilner

Norbert Graf

PUBLISHING

(2)

Table

of

Contents

Preface 1

Chapter 1: VPN—Virtual Private Network 7 Broadband Internet access and VPNs 9

How does a VPN work? 10

What are VPNs used for? 12

Networking

concepts—protocols and

layers

13

Tunneling

and overhead 16

VPNconcepts—overview 17

A proposed standard fortunneling 17 Protocols implemented on OSI layer2 18 Protocols

implemented

on OSI layer3 19

Protocols

implemented

on OSI layer 4 20

OpenVPN—a

SSL/TLS-based solution 21

Summary

21

Chapter

2: VPN Security 23

VPN

security

23

Privacy—encrypting

traffic 24

Symmetric encryption

and pre-shared

keys

25

Reliability

and authentication 26

The problem of

complexity

in classic VPNs 26

Asymmetric

encryption

with SSL/TLS 27

SSL/TLS

security

28

HTTPS 29

Understanding

SSL/TLS certificates 30

Trusted certificates 30

(3)

TableofContents

SSL/TLS certificates and VPNs 33

Generating certificates and

keys

34

Summary 34 Chapter3: OpenVPN 35

Advantages

ofOpenVPN 35 History of

OpenVPN

37 OpenVPN Version 1 38 OpenVPNVersion 2 41

The road to version 2.1 42

NetworkingwithOpenVPN 44

OpenVPN

and firewalls 46

Configuring OpenVPN

47

Problems with

OpenVPN

48

OpenVPN compared

to IPsecVPN 49

User spaceversus kernel space 51

Sources for helpanddocumentation 51

The

project

community 52

Documentation in the software packages 52

Summary

53

Chapter

4:

Installing

OpenVPN on Windows and Mac 65

Obtaining

the software 55

Installing

OpenVPN

on Windows 56

Downloading and startinginstallation 56

Selectingthe componentsand location 57

Finishing installation 59

Testing

the installation—a first look at the

panel applet

60

Installing OpenVPN

on Mac OS X

(Tunnelblick)

62

Testing

the installation—the Tunnelblick

panel applet

64

Summary 65

Chapter

5:

Installing OpenVPN

on Linux and Unix

Systems

67

Prerequisites 67

Installing

OpenVPNon SuSE Linux 68

Using

YaSTto install software 69

Installing OpenVPN

on Red Hat Fedora using yum 72

Installing

OpenVPN on RedHat

Enterprise

Linux 75

Installing OpenVPN on RPM-based systems 77

Using wget to download OpenVPN RPMs 78

Installing OpenVPN

and the LZO

library

with wget and RPM 79

(4)

of

Installing OpenVPNon Debian and Ubuntu 82

Installing

Debian

packages

84

Using Aptitude

to search and install packages 86

OpenVPN—the

files installed on Debian 88

Installing

OpenVPN

on FreeBSD 88

Installing a newer version ofOpenVPN on FreeBSD—the ports system 91

Installingthe portsystemwithsysinstall 91

Downloading andinstallinga BSDport 92

Summary 94

Chapter

6:Advanced

OpenVPN

Installation 95

Troubleshooting—advanced

installation methods 95

Installing

OpenVPN fromsource code 96

Building

and

distributing

.deb

packages

102

Building your own RPMfile 104

Enabling Linux kernel TUN/TAP support 106 Using menuconfig 107

Summary 109

Chapter7: Configuring an OpenVPN Server—The First Tunnel 111

OpenVPN

on MicrosoftWindows 112

Generating

a static

OpenVPN key

113

Creatinga sampleconnection - 115

Adaptingthesample configurationfileprovided by OpenVPN 117

Startingandtestingthe tunnel 119

A brief look at Windows

OpenVPN

network interfaces 121

Connecting Windows and Linux 122

File

exchange

betweenWindows and Linux 123

WinSCP 123

Transferringthekeyfile from Windows to Linux with WinSCP 124 The secondpitfall—carriagereturn/end of line 126

Configuring

the Linux system 127

Testing the tunnel 129

A look at the Linux network interfaces 130

Running OpenVPN automatically 131

OpenVPNas a server onWindows 131

OpenVPNas aserveronLinux 133

Runlevels andinitscriptsonLinux 133

Using runleveland inittochangeand check runlevels 134 Thesystemcontrol for runlevels 135

Managing initscripts 136

(5)

TableofContents

Troubleshooting firewall issues 139

Deactivating

the Windows XP service

pack

2 firewall 139

Stopping

the SuSE firewall 141

Summary

142

Chapter

8:

Setting Up

OpenVPN with X.509 Certificates 143

Creating

certificates 143

Certificate generation on Windows Server 2008 with easy-rsa 144

Setting variables—editing vars.bat 145

Creating the Diffie-Hellmankey 146

Building the certificate authority 147

Generating serverand clientkeys 148

Distributing

the files to the VPN partners 152

Configuring OpenVPN

to use certificates 154

Using

easy-rsaon Linux 157

Preparing

variables in vars 158

Creating the Diffie-Hellmankey and thecertificate

authority

158

Creating the firstserver certificate/key pair 159

Creating

furthercertificates and keys 161

Troubleshooting

162

Summary

163

Chapter

9: The Command openvpn and Its

Configuration

File 165

Syntaxof openvpn 166

OpenVPN command-line parameters 166

Using OpenVPN atthe command line 167

Parameters used in the standard

configuration

file fora static

key

client 169

Compressing

the data 169

Controlling

and

restarting

thetunnel 172

Debugging output—troubleshooting 173

Configuring OpenVPNwith certificates—simpleTLS mode 175 Overview of OpenVPN parameters 176

General tunnel

options

176

Routing

179

Controlling

thetunnel 181

Scripting

182

Modules 182

Logging 184

Specifying

a user and group 185

Themanagement interface 186

Proxies 188

(6)

of

Testingthe crypto system with -test-crypto 190

SSL information—command line 191

Server mode 195

Server modeparameters 196

--client-configoptions 199

Client mode parameters 201

Pushoptions 202

Important Windows-specific

options 203

New in Version 2.1 204 Connection profiles 204 Topology mode 205 Script-security 206

Port-sharing

206 Test 206 Summary 207

Chapter 10: Securing OpenVPN Tunnels and Servers 209

Securingand stabilizing OpenVPN 209

Authentication 212

Using

authentication methods 213

Authentication pluginsoverview 216

Authentication with tokens 217

Individual authentication with Pam-per-user 218

Linux and Firewalls 220 Debian Linux and Webminwith Shorewall 221

InstallingWebminand Shorewall 221

LookingatWebmin 222

PreparingWebmin and Shorewall for the first start 223

Preparingthe Shoreline firewall 224

TroubleshootingShorewall—editingtheconfigurationfiles 225

OpenVPN

and SuSEfirewall 228

Routing

and firewalls 230

Configuringa router withoutafirewall 230

iptables—the standard Linuxfirewalltool 230

Configuring

the Windows Firewall for

OpenVPN

234

Summary

238

Chapter

11: Advanced Certificate

Management

239

Certificate managementand security 239

Installing xca 240

Using xca 240

(7)

TableofContents

Importinga CA certificate 242

Creating and signing a newserver/client certificate 244

Revoking certificates with xca 248

Using

TinyCA2

to manage certificates 250

ImportingourCA 250

Using TinyCA2for CA administration 251

Creatingnewcertificates andkeys 252

Exporting keys and certificates withTinyCA2 254

Revokingcertificates withTinyCA2 255

Other tools worth mentioning 255

Summary

256

Chapter

12: OpenVPN GUI Tools 257

OpenVPN

serveradministration: Webmin's

OpenVPN plugin

257

ClientGUIsforLinux 260

KVpnc 260

GAdmin-OpenVPN-Client 262

NetworkManager

263

Summary

264

Chapter

13: Advanced

OpenVPN Configuration

265

Tunneling

a proxyserverand protecting the proxy 266

Scripting

OpenVPN—an overview 268

Using a clientconfiguration directory with per-client

configurations

270 Individual firewall rules for

connecting

clients 273

Distributed

compilation through

VPN tunnels with distcc 275

Ethernet

bridging

with

OpenVPN

277

Automatic installation for Windows clients 279

Clustering

and

redundancy

284

Summary 285

Chapter 14: Mobile Securitywith OpenVPN 287

Anonymous

and uncensored InternetAccess 287

OpenVPN

onWindows Mobile 289

Embedded Linux- Maemo

292

Summary

294

Chapter

15: Troubleshooting andMonitoring 295

Testing networkconnectivity 295

Checking interfaces, routing, and connectivityon the VPN servers 298

Debugging

with tcpdump and IPTraf 303

Using OpenVPN

protocol and status files for

debugging

305

Scanning

servers with Nmap 307

(8)

of Monitoring tools 308 ntop 309 Munin 310

Nagios

311 OpenVPNgraph 312

Summary

313

Appendix: Internet Resources and More 315

References

Download now ( PDF - 8 Page - 267.36 KB )

Related documents

Scotland: Glasgow and the Central Belt

A comparison of the Maryhill and Glasgow speakers gives us some insight into /r/ variation conditioned by social-class during the early twentieth century (see Figure 7). The

Building Sustainable Value Propositions for Multiple Stakeholders: A Practical Tool

The Sustainable Value Proposition Builder is a new tool developed to support the development and com- munication of value propositions to multiple stakeholders participating in

Functional Behavior Assessment Behavior Intervention Plan Purpose and Description

According to the Interview Guide for Functional Assessment completed by a teacher, what the function of the problem behavior and when is it most likely to occur.. Analyze all

Capital Inflow into Developing Economies: A Macroeconomic Study

Making distinctions between direct investment, real and financial, and portfolio investment and incorporating crowding in or crowding out effects we derive some results about

THE UNIVERSITY OF TEXAS SCHOOL OF LAW

23, 2001, at B8 (reporting that the New York Department of Consumer Affairs objected to rent-to-own because “a survey of nearly half of the 40 New York City outlets of the

Comparison of Sonograms and Liver Histologic Findings in Patients with Chronic Hepatitis C Virus Infection

The gray scale patterns of 64 livers with chronic hepatitis C virus infection were categorized as normal, fatty, fibrofatty, fibrotic, or inflammatory and were grad- ed as

Taper model for Eucalyptus nitens, in volcanic ash soils of the region of The Araucanía (Chile)

Un modelo de ahusamiento debiera tener los atributos siguientes: i) ser diferenciable en toda la longitud del fuste, ii) no generar oscilaciones alrededor de la

Guide to Jewish Values and Disability Rights

Recognizing the connections between disability rights and social justice can inspire Jewish communities to incorporate disability issues into our social activism—and encourage us to