You're reading from OpenVPN Cookbook Get the most out of OpenVPN by exploring it's advanced features.

Product type Paperback

Published in Feb 2017

Publisher

ISBN-13 9781786463128

Length 400 pages

Edition 2nd Edition

Languages

Tools

OpenVPN

Concepts

Networking

Author (1):

Jan Just Keijser

View More author details

Table of Contents (11) Chapters

Preface

1. Point-to-Point Networks FREE CHAPTER

2. Client-server IP-only Networks

3. Client-server Ethernet-style Networks

4. PKI, Certificates, and OpenSSL

5. Scripting and Plugins

6. Troubleshooting OpenVPN - Configurations

7. Troubleshooting OpenVPN - Routing

8. Performance Tuning

9. OS Integration

10. Advanced Configuration

OpenVPN secret keys

This recipe uses OpenVPN secret keys to secure the VPN tunnel. It is very similar to the previous recipe, but this time, we will use a shared secret key to encrypt the traffic between the client and the server.

Getting ready

Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 64 bit and OpenVPN 2.3.10.

How to do it...

First, generate a secret key on the server (listener):

          [root@server]# openvpn --genkey --secret secret.key

Transfer this key to the client side over a secure channel (for example, using scp).

Next, launch the server-side (listening) OpenVPN process:

          [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 \
            --dev tun --secret secret.key

Then, launch the client-side OpenVPN process:

         [WinClient] C:\>"\Program Files\OpenVPN\bin\openvpn.exe" \
           --ifconfig 10.200.0.2 10.200.0.1 \
           --dev tun --secret secret.key \
           --remote openvpnserver.example.com

The connection is now established, as shown in the following screenshot:

How it works...

This example works exactly as the first one: the server listens to the incoming connections on UDP port 1194. The client connects to the server on this port. After the initial handshake, the server configures the first available TUN device with the IP address 10.200.0.1 and it expects the remote end (Peer address) to be 10.200.0.2. The client does the opposite.

There's more...

By default, OpenVPN uses two symmetric keys when setting up a point-to-point connection:

A cipher key to encrypt the contents of the packets being exchanged.
An HMAC key to sign packets. When packets arrive that are not signed using the appropriate HMAC key, they are dropped immediately. This is the first line of defense against a "denial-of-service" attack.
The same set of keys are used on both ends and both keys are derived from the file specified using the --secret parameter.

An OpenVPN secret key file is formatted as follows:

# 
# 2048 bit OpenVPN static key 
# 
-----BEGIN OpenVPN Static key V1----- 
<16 lines of random bytes> 
-----END OpenVPN Static key V1-----

From the random bytes, the OpenVPN Cipher and HMAC keys are derived. Note that these keys are the same for each session.

You're reading from OpenVPN Cookbook Get the most out of OpenVPN by exploring it's advanced features.

Table of Contents (11) Chapters

OpenVPN secret keys

Getting ready

How to do it...

How it works...

There's more...

See also

Authors (1)

Other recommended products

Personalised recommendations for you