Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
OpenVPN: Building and Integrating Virtual Private Networks
OpenVPN: Building and Integrating Virtual Private Networks

OpenVPN: Building and Integrating Virtual Private Networks: Learn how to build secure VPNs using this powerful Open Source application

eBook
$9.99 $39.99
Paperback
$65.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

OpenVPN: Building and Integrating Virtual Private Networks

Chapter 1. VPN—Virtual Private Network

This chapter will start with networking solutions used in the past for connecting several branches of a company. Technological advances like broadband Internet access brought about new possibilities and new concepts for this issue, one of them being the Virtual Private Network (VPN). In this chapter, you will learn what the term VPN means, how it evolved during the last decade, why it is necessary to modern enterprises, and how typical VPNs work. Basic networking concepts are necessary to understand the variety of VPN solutions discussed in this chapter.

Branches Connected by Dedicated Lines


In former times, information exchange between branches of a company was mainly done by mail, telephone, and later by fax. But today there are four main challenges for modern companies:

  • The general acceleration of business processes and the rising need for fast, flexible information exchange between all branches of a company has made "old-fashioned" mail and even fax services appear too slow for modern requirements.

  • Technologies like Groupware, Customer Relationship Management (CRM), and Enterprise Resource Planning (ERP) are used to ensure productive teamwork and every employee is expected to cooperate.

  • Almost every enterprise has several branches in different locations and often field and home workers. All of these must be enabled to participate in the internal information exchange without delays.

  • All computer networks have to fulfill security standards to high levels to ensure data integrity, authenticity, and stability.

These four factors have led to the need of sophisticated networking solutions between a company's offices all over the world. With computer networks connecting all desktops within a single location, the need for connections between the sites has become more and more urgent.

In the very beginning, you could only buy dedicated lines between your sites and these lines were expensive, and thus only large companies could afford to connect their branches to enable world-wide teamwork. To reach this goal, fast and expensive connections had to be installed in every site, costing much more than normal enterprise Internet access.

The concept behind this network design was based on a real network between the branches of the company. A provider was needed to connect every location, and a real cable connection between all branches was established. Like the telephone network, a single line connecting two partners was used for communication.

Security for this line was achieved by providing a dedicated network—every connection between branches had to be installed with a leased line. For a company with four branches (A, B, C, and D), six dedicated lines would then become necessary:

Furthermore, Remote Access Servers (RAS) were used for field or home workers who would only connect temporarily to the company's network. These people had to use special dial-in connections (with a modem or an ISDN line), and the company acted like an Internet provider. For every remote worker a dial-in account had to be configured and field workers could only connect over this line. The telephone company provided one dedicated line for every dial-up, and the central branch had to make sure that enough telephone lines were always available.

By protecting the cables and the dial-in server, a real private network was installed at very high costs. Privacy within the company's network spanning multiple branches was achieved by securing the lines and providing services only to hard-wired connection points. Almost all security and availability tasks were handed over to the service provider at very high costs. But by connecting sites directly, a higher data transfer speed could be achieved than with "normal" Internet connections at that time.

Until the middle of the 1990s, expensive dedicated lines and dial-in access servers were used to ensure team work between different branches and field workers of large companies.

Broadband Internet Access and VPNs

In mid 1990s, the rise of the Internet and the increase of speed for cheap Internet connections paved the way for new technologies. Many developers, administrators, and, last but not the least, managers had discovered that there might be better solutions than spending several hundreds of dollars, if not thousands of dollars, on dedicated and dial-up access lines.

The idea was to use the Internet for communication between branches and at the same time ensure safety and secrecy of the data transferred. In short: providing secure connections between enterprise branches via low-cost lines using the Internet. This is a very basic description of what VPNs are all about.

A VPN is:

  • Virtual, because there is no real direct network connection between the two (or more) communication partners, but only a virtual connection provided by VPN Software, realized normally over public Internet connections.

  • Private, because only the members of the company connected by the VPN Software are allowed to read the data transferred.

With a VPN, your staff in Sydney can work with the London office as if both were in the same location. The VPN Software provides a virtual network between those sites by using a low-cost Internet connection. This network is only virtual because no real, dedicated network connection to the partner is established.

A VPN can also be described as a set of logical connections secured by special software that establishes privacy by safeguarding the connection endpoints. Today the Internet is the network medium used, and privacy is achieved by modern cryptographic methods.

How Does a VPN Work?


Let's use an example to explain how VPNs work. The Virtual Entity Networks Inc. (VEN Inc.) has two branches, London and Sydney. If the Australian branch in Sydney decides to contract a supplier, then the London office might need to know that immediately. The main part of the IT infrastructure is set up in London. In Sydney there are twenty people whose work depends on the availability of the data hosted on London servers.

Both sites are equipped with a permanent Internet line. An Internet gateway router is set up to provide Internet access for the staff. This router is configured to protect the local network of the site from unauthorized access from the other side, which is the "evil" Internet. Such a router set up to block special traffic can be called a firewall and must be found in every branch that is supposed to take part in the VPN.

The VPN Software must be installed on this firewall (or a device or server protected by it). Many modern firewall appliances from manufacturers like Cisco or BinTec include this feature, and there is VPN Software for all hardware and software platforms.

In the next step, the VPN Software has to be configured to establish the connection to the other side: e.g. the London VPN server has to accept connections from the Sydney server, and the Sydney server must connect to London (or vice versa).

If this step is successfully completed, the company has a working Virtual Network. The two branches are connected via the Internet and can work together like in a real network. Here, we have a VPN without privacy, because any Internet router between London and Sydney can read the data exchanged. A competitor gaining control over an Internet router could read all relevant business data going through the virtual network.

So how do we make this Virtual Network private? The solution is encryption. The VPN traffic between two branches is locked with special keys, and only computers or persons owning this key can open this lock and look at the data sent.

All data sent from Sydney to London or from London to Sydney must be encrypted before and decrypted after transmission. The encryption safeguards the data in the connection like the walls of a tunnel protect the train from the mountain around it. This explains why Virtual Private Networks are often simply known as tunnels or VPN tunnels, and the technology is often called tunneling—even if there is no quantum mechanics or other magic involved.

The exact method of encryption and providing the keys to all parties involved makes one of the main distinguishing factors between different VPN solutions.

A VPN connection normally is built between two Internet access routers equipped with a firewall and VPN software. The software must be set up to connect to the VPN partner, the firewall must be set up to allow access, and the data exchanged between VPN partners must be secured (by encryption). The encryption key must be provided to all VPN partners, so that the data exchanged can only be read by authorized VPN partners.

What are VPNs Used For?

In the earlier examples, we have discussed several possible scenarios for the use of VPN technology. But one typical VPN solution must be added here: More and more enterprises offer their customers or business partners a protected access to relevant data for their business relations, like ordering formulas or stocking data. Thus, we have three typical scenarios for VPN solutions in modern enterprises:

  • An intranet spanning over several locations of a company

  • A dial-up access for home or field workers with changing IPs

  • An extranet for customers or business partners

Each of these typical scenarios requires special security considerations and setups. The external home workers will need different access to servers in the company than the customers and business partners. In fact, access for business partners and customers must be restricted severely.

Now that we have seen how a VPN can securely connect a company in different ways, we will have a closer look at the way VPNs work. To understand the functionality, some basic network concepts need to be understood.

All data exchange in computer networks is based on protocols. Protocols are like languages or rituals that must be used between communication partners in networks. Without the correct use of the correct protocol, communication fails.

Networking Concepts—Protocols and Layers

There is a huge number of protocols involved in any action you take when you access the Internet or a PC in your local network. Your Network Interface Card (NIC) will communicate with a hub, a switch, or a router; your application will communicate with its pendant or a server on the other PC, and many more protocol-based communication procedures are necessary to exchange data.

Because of this the Open Systems Interconnection (OSI) specification was created. Every protocol used in today's networks can be classified by this scheme.

The OSI specification defines seven numbered layers of data exchange, which start at Layer 1 (the physical layer) of the underlying network media (electrical, optical, or radio signals) and span up to Layer 7 (the application layer), where applications on PCs communicate with each other.

The layers of the OSI model are:

  1. 1. Physical Layer: Sending and receiving through the hardware.

  2. 2. Data Link Layer: Direct communication between network devices within the same medium.

  3. 3. Network Layer: Routing, addressing, error handling, etc.

  4. 4. Transport Layer: End-to-end error recovery and flow control.

  5. 5. Session Layer: Establishing connections and sessions between applications.

  6. 6. Presentation Layer: Translating between application data formats and network formats.

  7. 7. Application Layer: Application-specific protocols.

This set of layers is hierarchical and every layer is serving the layer above and the layer below. If the protocols of the physical layer could communicate successfully, then the control is handed to the next layer, the Data Link Layer. Only if all layers, 1 through 6, can communicate successfully, can data exchange between applications (on Layer 7) be achieved.

In the Internet, however, a slightly different approach is used.

The Internet is mainly based on the Internet Protocol (IP).

The layers of the IP model are:

  1. 1. Link Layer: A concatenation of OSI Layers 1 and 2 (Physical and Data Link Layers).

  2. 2. Network Layer: Comprises the Network Layer of the OSI model.

  3. 3. Transport Layer: Comprises protocols like Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which are the basis for protocols of the Application Layer.

  4. 4. Application Layer: Concatenation of OSI Layers 5 through 7 (Session, Presentation, and Application Layers). The protocols in the Transport Layer are the basis for protocols of the Application Layer (Layer 5 through Layer 7) like HTTP, FTP, or others.

A network packet consists of two parts: header and data. The header is a sort of label containing metadata on sender, recipient, and administrative information for the transfer. On the networking level of an Ethernet network, these packets are called frames. In the context of the Internet Protocol these packets are called datagrams, Internet datagrams, IP datagrams, or simply packets.

So what do VPNs do? VPN Software takes IP packets or Ethernet frames and wraps them into another packet. This may sound complicated, but it is a very simple trick, as the following examples will show:

Example 1: Sending a (not really) anonymous parcel

You want to send a parcel to a friend who lives in a community with strange people, whom you don't trust. Your parcel has the address label with sender and recipient data (like an Internet packet). If you do not want the commune to know that you sent your friend a parcel, but at the same time you want your friend to realize this before he opens it, what would you do? Just wrap the whole parcel in another packet with a different address label (e.g. without your sender information) and no one in the commune will know that this parcel is from you. But your friend will unpack the first layer and see a parcel still unpacked, and with an address label from you.

Example 2: Sending a locked parcel

OK, now let's distrust the commune still more. Somebody might want to open the parcel in order to find out what's inside. To prevent this, you will use a locked case. There are only two keys to the lock, one for you and one for your friend. Only you and your friend can unlock the case and look inside the packet.

VPN Software uses a combination of the earlier two examples:

  • Whole Network packets (frames, datagrams) consisting of header and data are wrapped into new packets.

  • All data including metadata like recipient and sender are encrypted.

  • The new packets are labeled with new headers containing meta-information about the VPN and are addressed to the VPN partner.

All VPN Software systems differ only in the special way of wrapping and locking the data.

Tunneling and Overhead

We have learned already that VPN technology often is called tunneling, because the data in a VPN connection is protected from the Internet as the walls of the a road or rail tunnel protect the traffic in the tunnel from the masses of stone of the mountain above. Let's now have a closer look at how VPN Software does this:

The VPN software in the locations A and B encrypts (lock) and decrypts (unlock) the data and sends it through the tunnel. Like cars or trains in a tunnel, the data cannot go anywhere else but the other tunnel endpoint.

The following are put together and wrapped into one new package:

  • Tunnel information (like the address of the other endpoint)

  • Encryption data and methods

  • The original IP packet (or network frame)

The new package is then sent to the other tunnel endpoint. The payload of this package now holds the complete IP packet (or network frame), but in encrypted form and thus not readable for anyone not possessing the right key. The new header of the packet simply contains the addresses of sender and recipient and other metadata necessary for and provided by the VPN software used.

Perhaps you have noticed that the amount of data sent grows during the process of "wrapping". Depending on the VPN software used, this so called overhead can become a very important factor. The overhead is the difference between net data sent to the tunnel software and gross data sent through the tunnel by the VPN software. If a file of 1 MB is sent from user A to user B, and this file causes 1.5 MB traffic in the tunnel, then the overhead would be 50%, a very high level. (Please note that every protocol used causes overhead, so not all of that 50% might be the fault of the VPN solution.) The overhead caused by the VPN Software depends on the amount of organizational data and the encryption used. Whereas the first depends only on the VPN Software used, the latter is simply a matter of choice between security and speed. In other words, the better the encryption you use, the more overhead you will produce. Speed versus security is your choice.

VPN Concepts—Overview


During the last ten years, many different VPN concepts have evolved. You may have noticed that I always added "network frames" in brackets when I spoke of tunneling IP packets. This became necessary, because in principle, tunneling can be done on almost all layers of the OSI model.

A Proposed Standard for Tunneling

The General Routing Encapsulation (GRE) provides a standard for tunneling data, which was defined in 1994 in Request for Comments (RFCs) 1701 and 1702. Perhaps, because this definition is not a protocol definition, but more or less a standard proposal on how to tunnel data, this implementation has found its way into many devices and become the basis for other protocols.

The concept of GRE is pretty simple. A protocol header and a delivery header are added to the original packet and its payload is encapsulated in the new packet. No encryption is done. The advantage of this model are almost obvious—the simplicity offers many possibilities, the transparency enables administrators and routers to look inside the packets and pass decisions based on the type of payload sent. By doing so, special applications can be privileged.

There are many implementations for GRE tunneling software under Linux; only kernel support is necessary, which is fulfilled by most modern distributions.

Protocols Implemented on OSI Layer 2

Encapsulating packages on the OSI Layer 2 has a significant advantage: the tunnel is able to transfer non-IP protocols. IP is a standard used widely in the Internet and in Ethernet networks. However, there are different standards too. Netware Systems, for example, uses the Internetwork Packet Exchange (IPX) protocol to communicate. VPN technologies residing in Layer 2 can theoretically tunnel any kind of packet. In most cases, a virtual Point-to-Point Protocol (PPP) device is established which is used to connect to the other tunnel endpoint. (A PPP device is normally used for modem or DSL connections.)

Four well-known Layer 2 VPN technologies, which are defined by RFCs, use encryption methods and provide user authentication:

  • The Point to Point Tunneling Protocol (PPTP), which was developed with the help of Microsoft, is an expansion of the PPP and is integrated in all newer Microsoft Operating Systems. PPTP uses GRE for encapsulation and can tunnel IP, IPX, and other packages over the Internet. The main disadvantage is the restriction that there can only be one tunnel at a time between communication partners.

  • The Layer 2 Forwarding (L2F) was developed almost at the same time by companies like Cisco and others and offers more possibilities than PPTP, especially regarding tunneling of network frames and multiple simultaneous tunnels.

  • The Layer 2 Tunneling Protocol (L2TP) is accepted as an industry standard and is being used widely by Cisco and other manufacturers. Its success is based on the fact that it combines the advantages of L2F and PPTP without suffering from their disadvantages. Even though it provides no own security mechanisms, it can be combined with technologies offering such mechanisms like IPsec (see the section Protocols Implemented on OSI Layer 3).

  • The Layer 2 Security Protocol (L2Sec) was developed to provide a solution to the security flaws of IPsec. Even though its overhead is rather big, the security mechanisms used are secure, because mainly SSL/TLS is used.

Other distinguishing factors between the mentioned systems and protocols are:

  • Availability of authentication mechanisms

  • Support for advanced networking features like Network Address Translation (NAT)

  • Dynamic allocation of IP addresses for tunnel partners in dial-up mode

  • Support for Public Key Infrastructures (PKI)

These features will be discussed in later chapters.

Protocols Implemented on OSI Layer 3

IPsec is probably the most wide-spread tunneling technology. In fact, it is rather a set of protocols, standards, and mechanisms than a single technology. The wide range of definitions, specifications, and protocols are already the main disadvantages about IPsec. It is a complex technology with many different implementations and many security loopholes. IPsec was a compromise accepted by a commission and therefore is something like a least common denominator agreed upon. This means that IPsec can be used in many different setups and environments, ensuring compatibility, but almost no aspect of it offers the best possible solution.

IPsec was developed as an Internet Security Standard on Layer 3, and has been standardized by the Internet Engineering Task Force (IETF) since 1995. IPsec can be used to encapsulate any traffic of application layers, but no traffic of lower network layers. Neither network frames, IPX packets, nor broadcast messages can be transferred, and network address translation is only possible with restrictions.

Nevertheless, IPsec can use a variety of encryption mechanisms, authentication protocols, and other security associations. IPsec software exists for almost every platform, and compatibility with the implementation of other manufacturers is secured in most cases even though there are significant problems resulting from proprietary extensions.

The main advantage of IPsec is the fact that it is being used everywhere. An administrator can choose from an abundant number of hardware devices and software implementations to provide his or her networks with a secure tunnel.

Basically there are two relevant methods that IPsec uses:

  • Tunnel Mode: The tunnel mode works like the examples listed above; the whole IP packets are encapsulated in a new packet and sent to the other tunnel endpoint, where the VPN software unpacks them and forwards them to the recipient. In this way the IP addresses of sender and recipient, and all other metadata are protected as well.

  • Transport Mode: In transport mode, only the payload of the data section is encrypted and encapsulated. By doing so, the overhead is significantly smaller than in tunnel mode, but an attacker can easily read the metadata and find out who is communicating with whom. However, the data is encrypted and therefore protected, which makes IPsec a real "private" VPN solution.

IPsec's security model is probably the most complex of all existing VPN solutions and will be discussed in brief in the next chapter.

Protocols Implemented on OSI Layer 4

It is also possible to establish VPN tunnels only on the application layer. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) solutions follow this approach. The user can access the VPN network of a company through a browser connection between his or her client and the VPN server in the enterprise. A connection is simply started by logging into an HTTPS-secured website with a browser. Meanwhile, there are several promising products available, like SSL-Explorer from http://3sp.com/showSslExplorer.do, and products like these offer great flexibility combined with strong security and easy setup. Using the secure connection the browser offers, users can connect network drives and access services in the remote network. Security is achieved by encrypting traffic using SSL/TLS mechanisms, which have proven to be very reliable and are permanently improved and tested.

OpenVPN—An SSL/TLS-Based Solution

OpenVPN is a newer and an outstanding VPN solution. It implements Layer 2 or Layer 3 connections, uses the industry standard SSL/TLS for encryption, and combines almost all features of the mentioned VPN solutions. Its main disadvantage is the fact that there are still few hardware manufacturers integrating it in their solutions.

Summary


In this chapter, you have learned about techniques that have been and are used in companies that have computer networks spanning over several branches. You have learned network basics like protocols, networking layers, the OSI reference model, and which VPN solutions work on which layer. You have read what tunneling is, how it works, and how different VPN solutions implement it.

Left arrow icon Right arrow icon

Key benefits

  • Learn how to install, configure, and create tunnels with OpenVPN on Linux, Windows, and MacOSX
  • Use OpenVPN with DHCP, routers, firewall, and HTTP proxy servers
  • Advanced management of security certificates

Description

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

Who is this book for?

Network administrators and any one who is interested in building secure VPNs using OpenVPN. It presumes basic knowledge of Linux, but no knowledge of VPNs is required. All basic VPN and relevant security concepts are covered.

What you will learn

  • Chapter 1 looks at what VPNs are, how they evolved during the last decade, why it is necessary to modern enterprises, how typical VPNs work. The chapter also covers some essential networking concepts.
  • Chapter 2 explains VPN security issues, including symmetric and asymmetric encryption, the SSL/TLS library, and SSL certificates.
  • Chapter 3 introduces OpenVPN. In this chapter, we learn about the history of OpenVPN, how OpenVPN works, and how OpenVPN compares to IPSec VPN applications.
  • Chapter 4 covers installing OpenVPN on both Windows, the Mac, Linux, and FreeBSD. It covers the installation on Linux from the source code and RPM packages. Installation on Suse and Debian is covered in detail.
  • In Chapter 5, an encryption key for OpenVPN is created and it is then used to setup up our first OpenVPN Tunnel between two windows systems in the same network. The key is then copied on a Linux system and this system is connected through a tunnel to the first windows machine.
  • Chapter 6 shows how to create x509 server and client certificates for use with OpenVPN. easy-rsa which comes with OpenVPN and is available for both Windows and Linux is used.
  • Chapter 7 reviews the syntax of the command line tool openvpn, which enables building tunnels quickly. The configuration options of openvpn are covered in detail with examples.
  • Chapter 8 shows how to make the example tunnels created earlier safer and persistent by choosing a reliable combination of configuration file parameters. It then covers how to configure firewalls on Linux and Windows to work with OpenVPN.
  • Chapter 9 focuses on using xca, the advanced Windows tool with which x509 certificates can be easily managed. Its Linux equivalent, Tinyca2, which can even manage multiple certificate authorities, is also covered.
  • Chapter 10 covers advanced OpenVPN configurations, including Tunneling through a proxy server, pushing routing commands to clients, pushing and setting the default route through a tunnel, Distributed compilation through VPN tunnels with distcc, and OpenVPN scripting.
  • Chapter 11 shows how to debug and monitor VPN tunnels. It covers standard networking tools that can be used for scanning and testing the connectivity of a VPN server.
Estimated delivery fee Deliver to Ukraine

Economy delivery 10 - 13 business days

$6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : May 11, 2006
Length: 270 pages
Edition : 1st
Language : English
ISBN-13 : 9781904811855
Languages :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Ukraine

Economy delivery 10 - 13 business days

$6.95

Premium delivery 6 - 9 business days

$21.95
(Includes tracking information)

Product Details

Publication date : May 11, 2006
Length: 270 pages
Edition : 1st
Language : English
ISBN-13 : 9781904811855
Languages :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 159.97
OpenVPN Cookbook
$54.99
Troubleshooting OpenVPN
$38.99
OpenVPN: Building and Integrating Virtual Private Networks
$65.99
Total $ 159.97 Stars icon
Banner background image

Table of Contents

11 Chapters
VPN—Virtual Private Network Chevron down icon Chevron up icon
VPN Security Chevron down icon Chevron up icon
OpenVPN Chevron down icon Chevron up icon
Installing OpenVPN Chevron down icon Chevron up icon
Configuring an OpenVPN Server—The First Tunnel Chevron down icon Chevron up icon
Setting Up OpenVPN with X509 Certificates Chevron down icon Chevron up icon
The Command openvpn and its Configuration File Chevron down icon Chevron up icon
Securing OpenVPN Tunnels and Servers Chevron down icon Chevron up icon
Advanced Certificate Management Chevron down icon Chevron up icon
Advanced OpenVPN Configuration Chevron down icon Chevron up icon
Troubleshooting and Monitoring Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.5
(8 Ratings)
5 star 50%
4 star 0%
3 star 12.5%
2 star 25%
1 star 12.5%
Filter icon Filter
Top Reviews

Filter reviews by




Hang Vuong Jun 22, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It was a used book, but the cover and pages are clean , a nice book, have not start reading yet!
Amazon Verified review Amazon
J C. Jan 14, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book should be very useful when I start with VPN. Thanks
Amazon Verified review Amazon
Amazon Customer Sep 04, 2006
Full star icon Full star icon Full star icon Full star icon Full star icon 5
OpenVPN is an excellent open source SSL-based VPN solution that still isn't very well-known, but this book should make it more accessible to network administrators, and help accelerate its adoption. The book is a practical reference, suitable to both beginning and advanced users. The author, Markus Feilner, has done his homework well, and the book reflects his extensive experience using OpenVPN, particularly with Linux and Windows networks. He has structured the book so that it starts at the basics, and then it builds in complexity. It makes good use of informal explanatory text, as well as tables, examples, exercises, and screenshots. The book also covers additional programs that are useful in working with OpenVPN. Finally, there is an appendix with links to further information on many related topics, followed by a good index. One minor area that the book does not discuss is the use of OpenVPN with the OpenWrt Linux distribution for wireless routers. Nevertheless, the book should save users many hours of searching for OpenVPN solutions.
Amazon Verified review Amazon
Simone Boniolo Mar 16, 2013
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Clear and full description of the OpenVPN package functionality. Suggested to anyone wants to fully understand how OpenVPN works and how to configure it!Suggested for middle-advanced user.
Amazon Verified review Amazon
R. Van Drunen Feb 19, 2007
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
OpenVPN is an easy-to deploy system to get VPNs running. it Uses SSL to secure the data you are about to send over the net. OpenVPN is an all userland thing and therefore is easy to maintin. The book describes in detail how to get started with openVPN using a number of different platforms. It has an ease followable roadmap to get your VPN up and running in most cases. But it lacks imho the details on specific more complex cases. Also the book touches briefly on version 2.1 but does not address some of the interesting details of it and how to handle them. The book has a number of screenshots that describe how to handle things on different platforms (windows, unix). THe appendix is a valuable tool to find more resources on the net, once you get started.In short: good beginners book, but when it comes to complex setups do not expect that much from this book.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela