Preface
OpenVPN is one of the world's most popular packages for setting up a Virtual Private Network (VPN). OpenVPN provides an extensible VPN framework which has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, or supporting alternative authentication methods via OpenVPN's plugin module interface. It is widely used by many individuals and companies, and some service providers even offer OpenVPN access as a service to users in remote, unsecured environments.
This book provides you with many different recipes for setting up, monitoring, and troubleshooting an OpenVPN network. The author's experience in troubleshooting OpenVPN and networking configurations enables him to share his insights and solutions to get the most out of your OpenVPN setup.
What this book covers
Chapter 1, Point-to-Point Networks gives an introduction into configuring OpenVPN. The recipes are based on a point-to-point style network, meaning that only a single client can connect at a time.
Chapter 2, Client-server IP-only Networks introduces the reader to the most commonly-used deployment model for OpenVPN: a single server with multiple remote clients capable of routing IP traffic. This chapter provides the foundation for many of the recipes found in the other chapters.
Chapter 3, Client-server Ethernet-style Networks covers another popular deployment model for OpenVPN: a single server with multiple clients, capable of routing Ethernet traffic. This includes non-IP traffic as well as bridging. The reader will also learn about the use of an external DHCP server, and also the use of the OpenVPN status file.
Chapter 4, PKI, Certificates, and OpenSSL introduces the reader to the Public Key Infrastructure (PKI) and X.509 certificates, which are used in OpenVPN. You will learn how to generate, manage, manipulate, and view the certificates, and you will also learn about the interactions between OpenVPN and the OpenSSL libraries that it depends upon.
Chapter 5, Two-factor Authentication with PKCS#11 gives an introduction into the support for two-factor authentication in OpenVPN. Two-factor authentication is based on the idea that in order to use a system, you need to possess a security token, such as a smart card or hardware token, and you need to know a password. OpenVPN supports PKCS#11 authentication, which is an industry standard for setting up a secure authentication and authorization system.
Chapter 6, Scripting and Plugins covers the powerful scripting and plugin capabilities that OpenVPN offers. You will learn to use client-side scripting, which can be used to tail the connection process to the site-specific needs. You will also learn about server-side scripting and the use of OpenVPN plugins.
Chapter 7, Troubleshooting OpenVPN: Configurations is all about troubleshooting OpenVPN misconfigurations. Some of the configuration directives used in this chapter have not been demonstrated before, so even if your setup is functioning properly this chapter will still be insightful.
Chapter 8, Troubleshooting OpenVPN: Routing gives an insight into troubleshooting routing problems when setting up a VPN using OpenVPN. You will learn how to detect, diagnose, and repair common routing issues.
Chapter 9, Performance Tuning explains how you can optimize the performance of your OpenVPN setup. You will learn how to diagnose performance issues, and how to tune OpenVPN's settings to speed up your VPN.
Chapter 10, OS Integration covers the intricacies of integrating OpenVPN with the operating system it is run on. You will learn how to use OpenVPN on the most-used client operating systems: Linux, Mac OS X, and Windows.
Chapter 11, Advanced Configuration goes deeper into the configuration options that OpenVPN has to offer. The recipes will cover both advanced server configuration, such as the use of a dynamic DNS, as well as the advanced client configuration, such as using a proxy server to connect to an OpenVPN server.
Chapter 12, New Features of OpenVPN 2.1 and 2.2 focuses on some of the new features found in OpenVPN 2.1 and the upcoming 2.2 release. You will learn to use inline certificates, connection blocks, and port-sharing.
What you need for this book
In order to get the most from this book, there are some expectations of prior knowledge and experience. It is assumed that the reader has a fair understanding of the system administration, as well as knowledge of TCP/IP networking. Some knowledge on installing OpenVPN is required as well, as can be found in the book "Beginning OpenVPN 2.0.9".
Who this book is for
This book is for anyone who wants to know more about securing network connections using the VPN technology provided by OpenVPN. The recipes in this book are useful for individuals who want to set up a secure network to their home network, as well for business system administrators who need to provide secure remote access to their company's network.
This book assumes some prior knowledge about TCP/IP networking and OpenVPN, which is available either from the official documentation, or other books on this topic.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "The open ssl req
command generates both the private key and the certificates in one go."
A block of code is set as follows:
user nobody group nobody persist-tun persist-key keepalive 10 60 ping-timer-rem
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
[Static Encrypt:
CIPHER KEY: 8cf9abdd 371392b1 14b51523 25302c99
Any command-line input or output is written as follows:
[root@server]# openvpn --genkey --secret secret.key
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Click Next on the first screen, and again Next on the second screen."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <feedback@packtpub.com>
, and mention the book title via the subject of your message.
If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail <suggest@packtpub.com>
.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book on, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Tip
Downloading the example code for the book
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <copyright@packtpub.com>
with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <questions@packtpub.com>
if you are having a problem with any aspect of the book, and we will do our best to address it.