Openvpn: Building And Integrating Virtual Private Networks
暫譯: OpenVPN：建立與整合虛擬私人網路

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption.

This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting.

While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

Table of Contents

Preface

 

Chapter 1: VPN—Virtual Private Network

• Branches Connected by Dedicated Lines
  • Broadband Internet Access and VPNs

• How Does a VPN Work?
  • What are VPNs Used For?
  • Networking Concepts—Protocols and Layers
  • Tunneling and Overhead

• VPN Concepts—Overview
  • A Proposed Standard for Tunneling
  • Protocols Implemented on OSI Layer 2
  • Protocols Implemented on OSI Layer 3
  • Protocols Implemented on OSI Layer 4
  • OpenVPN—An SSL/TLS-Based Solution

• Summary

 

Chapter 2: VPN Security

• VPN Security
• Privacy—Encrypting the Traffic
  • Symmetric Encryption and Pre-Shared Keys
  • Reliability and Authentication
    • The Problem of Complexity in Classic VPNs
  • Asymmetric Encryption with SSL/TLS

• SSL/TLS Security
  • Understanding SSL/TLS Certificates
  • Trusted Certificates
  • Self-Signed Certificates
  • SSL/TLS Certificates and VPNs

• Summary

 

Chapter 3: OpenVPN

• Advantages of OpenVPN
• History of OpenVPN
  • OpenVPN Version 1
  • OpenVPN Version 2

• Networking with OpenVPN
  • OpenVPN and Firewalls
  • Configuring OpenVPN
  • Problems with OpenVPN

• OpenVPN Compared to IPsec VPN
• Sources for Help and Documentation
• The Project Community
  • Documentation in the Software Packages

• Summary

 

Chapter 4: Installing OpenVPN

• Prerequisites
• Obtaining the Software
• Installing OpenVPN on Windows
  • Downloading and Starting Installation
  • Selecting Components and Location
  • Finishing Installation
  • Testing the Installation—A First Look at the Panel Applet

• Installing OpenVPN on Mac OS X (Tunnelblick)
  • Testing the Installation—The Tunnelblick Panel Applet

• Installing OpenVPN on SuSE Linux
  • Using YaST to Install Software

• Installing OpenVPN on Redhat Fedora Using yum
• Installing OpenVPN on RPM-Based Systems
  • Using wget to Download OpenVPN RPMs
  • Testing Installation and Installing with rpm
  • Installing OpenVPN and the LZO Library with wget and RPM
  • Using rpm to Obtain Information on the Installed OpenVPN Version

• Installing OpenVPN on Debian
  • Installing Debian Packages
  • Using Aptitude to Search and Install Packages
  • OpenVPN—The Files Installed on Debian

• Installing OpenVPN on FreeBSD
  • Installing a Newer Version of OpenVPN on FreeBSD—The Port System
    • Installing the Port System with sysinstall
    • Downloading and Installing a BSD Port

• Troubleshooting—Advanced Installation Methods
  • Installing OpenVPN from Source Code
  • Building Your Own RPM File from the OpenVPN Source Code
  • Building and Distributing Your Own DEB Packages
  • Enabling Linux Kernel Support for TUN/TAP Devices
    • Using Menuconfig to Enable TUN/TAP Support

• Internet Links, Installation Guidelines, and Help
• Summary

 

Chapter 5: Configuring an OpenVPN Server—The First Tunnel

• OpenVPN on Microsoft Windows
  • Generating a Static OpenVPN Key
    • Creating a Sample Connection
    • Adapting the Sample Configuration File Provided by OpenVPN
    • Starting and Testing the Tunnel
  • A Brief Look at Windows OpenVPN Network Interfaces

• Connecting Windows and Linux
  • File Exchange between Windows and Linux
    • Installing WinSCP
    • Transferring the Key File from Windows to Linux with WinSCP
    • The Second Pitfall—Carriage Return/End of Line
  • Configuring the Linux System
  • Testing the Tunnel
    • A Look at the Linux Network Interfaces
  • Running OpenVPN Automatically
    • OpenVPN as Server on Windows
    • OpenVPN as Server on Linux
    • Runlevels and init Scripts on Linux
    • Using runlevel and init to Change and Check Runlevels
    • The System Control for Runlevels
    • Managing init Scripts
  • Using Webmin to Manage init Scripts
  • Using SuSE's YaST Module System Services (Runlevel)

• Troubleshooting Firewall Issues
  • Deactivating Windows XP Service Pack 2 Firewall
  • Stopping the SuSE Firewall

• Summary

 

Chapter 6: Setting Up OpenVPN with X509 Certificates

• Creating Certificates
• Certificate Generation on Windows XP with easy-rsa
  • Setting Variables—Editing vars.bat
  • Creating the Diffie-Hellman Key
  • Building the Certificate Authority
  • Generating Server and Client Keys

• Distributing the Files to the VPN Partners
• Configuring OpenVPN to Use Certificates
• Using easy-rsa on Linux
  • Preparing Variables in vars
  • Creating the Diffie-Hellman Key and the Certificate Authority
  • Creating the First Server Certificate/Key Pair
  • Creating Further Certificates and Keys

• Troubleshooting
• Summary

 

Chapter 7: The Command openvpn and its Configuration File

• Syntax of openvpn
  • OpenVPN Command-Line Parameters

• Using OpenVPN at the Command Line
  • Parameters Used in the Standard Configuration File for a Static Key Client
  • Compressing the Data
  • Controlling and Restarting the Tunnel
  • Debugging Output—Troubleshooting

• Configuring OpenVPN with Certificates—Simple TLS Mode
• Overview of OpenVPN Parameters
  • General Tunnel Options
  • Routing
  • Controlling the Tunnel
  • Scripting
  • Logging
  • Specifying a User and Group
  • The Management Interface
  • Proxies
  • Encryption Parameters
  • Testing the Crypto System with --test-crypto
  • SSL Information—Command Line
  • Server Mode
    • Server Mode Parameters
    • --client-config Options
  • Client Mode Parameters
    • Push Options

• Important Windows-Specific Options
• Summary

 

Chapter 8: Securing OpenVPN Tunnels and Servers

• Securing and Stabilizing OpenVPN
• Linux and Firewalls
  • Debian Linux and Webmin with Shorewall
    • Installing Webmin and Shorewall
    • Preparing Webmin and Shorewall for the First Start
    • Starting Webmin
    • Configuring the Shorewall with Webmin
    • Creating Zones
    • Editing Interfaces
    • Default Policies
    • Adding Firewall Rules
  • Troubleshooting Shorewall—Editing the Configuration Files
  • OpenVPN and SuSEfirewall
  • Troubleshooting OpenVPN Routing and Firewalls
    • Configuring a Router without a Firewall
    • iptables—The Standard Linux Firewall Tool

• Configuring the Windows Firewall for OpenVPN
• Summary

 

Chapter 9: Advanced Certificate Management

• Certificate Management and Security
• Installing xca
• Using xca
  • Creating a Database
  • Importing a CA Certificate
  • Creating and Signing a New Server/Client Certificate
  • Revoking Certificates with xca

• Using TinyCA2 to Manage Certificates
  • Importing Our CA
  • Using TinyCA2 for CA Administration
  • Creating New Certificates and Keys
  • Exporting Keys and Certificates with TinyCA2
  • Revoking Certificates with TinyCA2

• Summary

 

Chapter 10: Advanced OpenVPN Configuration

• Tunneling a Proxy Server and Protecting the Proxy
• Scripting OpenVPN—An Overview
• Using Authentication Methods
• Using a Client Configuration Directory with Per-Client Configurations
• Individual Firewall Rules for Connecting Clients
• Distributed Compilation through VPN Tunnels with distcc
• Ethernet Bridging with OpenVPN
• Automatic Installation for Windows Clients
• Summary

 

Chapter 11: Troubleshooting and Monitoring

• Testing the Network Connectivity
• Checking Interfaces, Routing, and Connectivity on the VPN Servers
• Debugging with tcpdump and IPTraf
• Using OpenVPN Protocol and Status Files for Debugging
• Scanning Servers with Nmap
• Monitoring Tools
  • ntop
  • Munin

• Hints to Other Tools
• Summary

 

Appendix A: Internet Resources

• VPN Basics
  • OpenVPN Resources

• Configuration
• Scripts and More
• Network Tools
• Howtos
• Openvpn GUIs

 

Index