You're reading from OpenVPN Cookbook Get the most out of OpenVPN by exploring it's advanced features.

Product type Paperback

Published in Feb 2017

Publisher

ISBN-13 9781786463128

Length 400 pages

Edition 2nd Edition

Languages

Tools

OpenVPN

Concepts

Networking

Author (1):

Jan Just Keijser

View More author details

Table of Contents (11) Chapters

Preface

1. Point-to-Point Networks FREE CHAPTER

2. Client-server IP-only Networks

3. Client-server Ethernet-style Networks

4. PKI, Certificates, and OpenSSL

5. Scripting and Plugins

6. Troubleshooting OpenVPN - Configurations

7. Troubleshooting OpenVPN - Routing

8. Performance Tuning

9. OS Integration

10. Advanced Configuration

Plaintext tunnel

In the very first recipe, we created a tunnel in which the data traffic was not encrypted. To create a completely plain text tunnel, we also disable the HMAC authentication. This can be useful when debugging a bad connection, as all traffic over the tunnel can now easily be monitored. In this recipe, we will look at how to do this. This type of tunnel is also useful when doing performance measurements, as it is the least CPU-intensive tunnel that can be established.

Getting ready

Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Fedora 22 Linux and OpenVPN 2.3.10.

As we are not using any encryption, no secret keys are needed.

How to do it...

Launch the server-side (listening) OpenVPN process:

         [root@server]# openvpn \
            --ifconfig 10.200.0.1 10.200.0.2 \
            --dev tun --auth none

Then launch the client-side OpenVPN process:

         [root@client]# openvpn \
            --ifconfig 10.200.0.2 10.200.0.1 \
            --dev tun --auth none\
            --remote openvpnserver.example.com

The connection will be established with the following two warning messages as the output:


... ******* WARNING *******: null cipher specified, no encryption will be 
                      used


... ******* WARNING *******: null MAC specified, no authentication will 
                      be used

How it works...

With this setup, absolutely no encryption is performed. All of the traffic that is sent over the tunnel is encapsulated in an OpenVPN packet and then sent as is.

There's more...

To actually view the traffic, we can use tcpdump; follow these steps:

Set up the connection as outlined.

Start tcpdump and listen on the network interface, not the tunnel interface itself:

       [root@client]# tcpdump -l -w -  -i eth0 -s 0 host 
           openvpnserver | strings

Now, send some text across the tunnel, using something like nc (Netcat). First, launch nc on the server side:
```
       [server]$ nc -l 31000
```

On the client side, launch the nc command in client mode and type hello and goodbye:

       [client]$ nc 10.200.0.1 3100
         hello
         goodbye

In the tcpdump window, you should now see the following:
Press Ctrl + C to terminate tcpdump as well as nc.