OpenVPN: Building and Integrating Virtual Private Networks 190481185X, 9781904811855

Table of contents :
OpenVPN......Page 1
Table of Contents......Page 7
What This Book Covers......Page 13
Conventions......Page 14
Reader Feedback......Page 15
Questions......Page 16
Branches Connected by Dedicated Lines......Page 17
Broadband Internet Access and VPNs......Page 18
How Does a VPN Work?......Page 19
What are VPNs Used For?......Page 21
Networking Concepts—Protocols and Layers......Page 22
Tunneling and Overhead......Page 23
Protocols Implemented on OSI Layer 2......Page 25
Protocols Implemented on OSI Layer 3......Page 26
Summary......Page 27
VPN Security......Page 29
Symmetric Encryption and Pre-Shared Keys......Page 30
The Problem of Complexity in Classic VPNs......Page 31
SSL/TLS Security......Page 32
Trusted Certificates......Page 33
Self-Signed Certificates......Page 35
Summary......Page 37
Advantages of OpenVPN......Page 39
History of OpenVPN......Page 40
OpenVPN Version 1......Page 41
OpenVPN Version 2......Page 43
Networking with OpenVPN......Page 44
OpenVPN and Firewalls......Page 45
Configuring OpenVPN......Page 46
OpenVPN Compared to IPsec VPN......Page 47
The Project Community......Page 48
Summary......Page 49
Prerequisites......Page 51
Obtaining the Software......Page 52
Downloading and Starting Installation......Page 53
Selecting Components and Location......Page 54
Finishing Installation......Page 56
Testing the Installation—A First Look at the Panel Applet......Page 57
Installing OpenVPN on Mac OS X (Tunnelblick)......Page 58
Testing the Installation—The Tunnelblick Panel Applet......Page 59
Installing OpenVPN on SuSE Linux......Page 60
Using YaST to Install Software......Page 61
Installing OpenVPN on Redhat Fedora Using yum......Page 64
Using wget to Download OpenVPN RPMs......Page 67
Installing OpenVPN and the LZO Library with wget and RPM......Page 68
Using rpm to Obtain Information on the Installed OpenVPN Version......Page 69
Installing OpenVPN on Debian......Page 70
Installing Debian Packages......Page 72
Using Aptitude to Search and Install Packages......Page 74
Installing OpenVPN on FreeBSD......Page 76
Installing the Port System with sysinstall......Page 78
Downloading and Installing a BSD Port......Page 80
Installing OpenVPN from Source Code......Page 81
Building Your Own RPM File from the OpenVPN Source Code......Page 83
Enabling Linux Kernel Support for TUN/TAP Devices......Page 84
Using Menuconfig to Enable TUN/TAP Support......Page 85
Internet Links, Installation Guidelines, and Help......Page 87
Summary......Page 88
OpenVPN on Microsoft Windows......Page 89
Generating a Static OpenVPN Key......Page 90
Creating a Sample Connection......Page 92
Adapting the Sample Configuration File Provided by OpenVPN......Page 93
Starting and Testing the Tunnel......Page 95
A Brief Look at Windows OpenVPN Network Interfaces......Page 96
File Exchange between Windows and Linux......Page 98
Installing WinSCP......Page 99
Transferring the Key File from Windows to Linux with WinSCP......Page 101
The Second Pitfall—Carriage Return/End of Line......Page 102
Configuring the Linux System......Page 103
A Look at the Linux Network Interfaces......Page 105
OpenVPN as Server on Windows......Page 106
OpenVPN as Server on Linux......Page 107
Runlevels and init Scripts on Linux......Page 108
The System Control for Runlevels......Page 109
Managing init Scripts......Page 110
Using Webmin to Manage init Scripts......Page 111
Using SuSE's YaST Module System Services (Runlevel)......Page 113
Troubleshooting Firewall Issues......Page 116
Deactivating Windows XP Service Pack 2 Firewall......Page 117
Stopping the SuSE Firewall......Page 118
Summary......Page 120
Creating Certificates......Page 121
Certificate Generation on Windows XP with easy-rsa......Page 122
Setting Variables—Editing vars.bat......Page 123
Creating the Diffie-Hellman Key......Page 124
Building the Certificate Authority......Page 125
Generating Server and Client Keys......Page 126
Distributing the Files to the VPN Partners......Page 129
Configuring OpenVPN to Use Certificates......Page 131
Using easy-rsa on Linux......Page 133
Creating the Diffie-Hellman Key and the Certificate Authority......Page 134
Creating the First Server Certificate/Key Pair......Page 135
Troubleshooting......Page 136
Summary......Page 137
Syntax of openvpn......Page 139
OpenVPN Command-Line Parameters......Page 140
Using OpenVPN at the Command Line......Page 141
Compressing the Data......Page 142
Controlling and Restarting the Tunnel......Page 144
Debugging Output—Troubleshooting......Page 145
Configuring OpenVPN with Certificates—Simple TLS Mode......Page 146
General Tunnel Options......Page 147
Routing......Page 149
Controlling the Tunnel......Page 150
Scripting......Page 151
Logging......Page 152
The Management Interface......Page 153
Encryption Parameters......Page 155
Testing the Crypto System with --test-crypto......Page 156
SSL Information—Command Line......Page 157
Server Mode......Page 159
Server Mode Parameters......Page 160
--client-config Options......Page 162
Client Mode Parameters......Page 163
Push Options......Page 164
Important Windows-Specific Options......Page 165
Summary......Page 166
Securing and Stabilizing OpenVPN......Page 167
Linux and Firewalls......Page 169
Installing Webmin and Shorewall......Page 170
Preparing Webmin and Shorewall for the First Start......Page 172
Starting Webmin......Page 173
Configuring the Shorewall with Webmin......Page 177
Creating Zones......Page 179
Editing Interfaces......Page 180
Default Policies......Page 181
Adding Firewall Rules......Page 183
Troubleshooting Shorewall—Editing the Configuration Files......Page 185
OpenVPN and SuSEfirewall......Page 187
iptables—The Standard Linux Firewall Tool......Page 191
Configuring the Windows Firewall for OpenVPN......Page 194
Summary......Page 198
Installing xca......Page 199
Using xca......Page 201
Creating a Database......Page 202
Importing a CA Certificate......Page 203
Creating and Signing a New Server/Client Certificate......Page 207
Revoking Certificates with xca......Page 212
Importing Our CA......Page 214
Using TinyCA2 for CA Administration......Page 215
Creating New Certificates and Keys......Page 216
Exporting Keys and Certificates with TinyCA2......Page 218
Revoking Certificates with TinyCA2......Page 219
Summary......Page 220
Tunneling a Proxy Server and Protecting the Proxy......Page 221
Scripting OpenVPN—An Overview......Page 223
Using Authentication Methods......Page 224
Using a Client Configuration Directory with Per Client Configurations......Page 226
Individual Firewall Rules for Connecting Clients......Page 228
Distributed Compilation through VPN Tunnels with distcc......Page 230
Ethernet Bridging with OpenVPN......Page 231
Automatic Installation for Windows Clients......Page 234
Summary......Page 238
Testing the Network Connectivity......Page 239
Checking Interfaces, Routing, and Connectivity on the VPN Servers......Page 241
Debugging with tcpdump and IPTraf......Page 244
Using OpenVPN Protocol and Status Files for Debugging......Page 246
Scanning Servers with Nmap......Page 248
ntop......Page 249
Munin......Page 250
Summary......Page 251
VPN Basics......Page 253
OpenVPN Resources......Page 254
Configuration......Page 257
Network Tools......Page 259
Howtos......Page 260
Openvpn GUIs......Page 261
Index......Page 263