Beginning OpenVPN 2.0.9


Beginning OpenVPN 2.0.9
eBook: $35.99
Formats: PDF, PacktLib, ePub and Mobi formats
$30.59
save 15%!
Print + free eBook + free PacktLib access to the book: $95.98    Print cover: $59.99
$59.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Reviews
Support
Sample Chapters
  • A practical guide to using OpenVPN for building both basic and complex Virtual Private Networks (VPNs)
  • Learn how to make use of OpenVPNs modules, high-end-encryption and how to combine it with servers for your individual privacy
  • Advanced management of security certificates
  • Get to know the new features of the forthcoming version 2.1 of OpenVPN

Book Details

Language : English
Paperback : 356 pages [ 235mm x 191mm ]
Release Date : December 2009
ISBN : 184719706X
ISBN 13 : 9781847197061
Author(s) : Markus Feilner, Norbert Graf
Topics and Technologies : All Books, Networking and Servers, Linux Servers, Networking & Telephony, Open Source, Virtualisation


Table of Contents

Preface
Chapter 1: VPN—Virtual Private Network
Chapter 2: VPN Security
Chapter 3: OpenVPN
Chapter 4: Installing OpenVPN on Windows and Mac
Chapter 5: Installing OpenVPN on Linux and Unix Systems
Chapter 6: Advanced OpenVPN Installation
Chapter 7: Configuring an OpenVPN Server—The First Tunnel
Chapter 8: Setting Up OpenVPN with X.509 Certificates
Chapter 9: The Command openvpn and Its Configuration File
Chapter 10: Securing OpenVPN Tunnels and Servers
Chapter 11: Advanced Certificate Management
Chapter 12: OpenVPN GUI Tools
Chapter 13: Advanced OpenVPN Configuration
Chapter 14: Mobile Security with OpenVPN
Chapter 15: Troubleshooting and Monitoring
Appendix: Internet Resources and More
Index
  • Chapter 1: VPN—Virtual Private Network
    • Broadband Internet access and VPNs
    • How does a VPN work?
    • What are VPNs used for?
    • Networking concepts—protocols and layers
    • Tunneling and overhead
    • VPN concepts—overview
      • A proposed standard for tunneling
      • Protocols implemented on OSI layer 2
      • Protocols implemented on OSI layer 3
      • Protocols implemented on OSI layer 4
      • OpenVPN—a SSL/TLS-based solution
    • Summary
  • Chapter 2: VPN Security
    • VPN security
    • Privacy—encrypting traffic
      • Symmetric encryption and pre-shared keys
    • Reliability and authentication
      • The problem of complexity in classic VPNs
      • Asymmetric encryption with SSL/TLS
    • SSL/TLS security
      • HTTPS
      • Understanding SSL/TLS certificates
      • Trusted certificates
      • Self-signed certificates
      • SSL/TLS certificates and VPNs
      • Generating certificates and keys
    • Summary
  • Chapter 3: OpenVPN
    • Advantages of OpenVPN
    • History of OpenVPN
      • OpenVPN Version 1
      • OpenVPN Version 2
      • The road to version 2.1
    • Networking with OpenVPN
      • OpenVPN and firewalls
      • Configuring OpenVPN
      • Problems with OpenVPN
    • OpenVPN compared to IPsec VPN
      • User space versus kernel space
    • Sources for help and documentation
    • The project community
      • Documentation in the software packages
    • Summary
  • Chapter 4: Installing OpenVPN on Windows and Mac
    • Obtaining the software
    • Installing OpenVPN on Windows
      • Downloading and starting installation
      • Selecting the components and location
      • Finishing installation
      • Testing the installation—a first look at the panel applet
    • Installing OpenVPN on Mac OS X (Tunnelblick)
      • Testing the installation—the Tunnelblick panel applet
    • Summary
  • Chapter 5: Installing OpenVPN on Linux and Unix Systems
    • Prerequisites
    • Installing OpenVPN on SuSE Linux
      • Using YaST to install software
    • Installing OpenVPN on Red Hat Fedora using yum
    • Installing OpenVPN on Red Hat Enterprise Linux
    • Installing OpenVPN on RPM-based systems
      • Using wget to download OpenVPN RPMs
      • Installing OpenVPN and the LZO library with wget and RPM
      • Using rpm to obtain information on the installed OpenVPN version
    • Installing OpenVPN on Debian and Ubuntu
      • Installing Debian packages
      • Using Aptitude to search and install packages
      • OpenVPN—the files installed on Debian
    • Installing OpenVPN on FreeBSD
      • Installing a newer version of OpenVPN on FreeBSD—the ports system
        • Installing the port system with sysinstall
        • Downloading and installing a BSD port
    • Summary
  • Chapter 6: Advanced OpenVPN Installation
    • Troubleshooting—advanced installation methods
    • Installing OpenVPN from source code
    • Building and distributing .deb packages
    • Building your own RPM file
    • Enabling Linux kernel TUN/TAP support
      • Using menuconfig
  • Summary
  • Chapter 7: Configuring an OpenVPN Server—The First Tunnel
    • OpenVPN on Microsoft Windows
      • Generating a static OpenVPN key
        • Creating a sample connection
        • Adapting the sample configuration file provided by OpenVPN
        • Starting and testing the tunnel
      • A brief look at Windows OpenVPN network interfaces
    • Connecting Windows and Linux
      • File exchange between Windows and Linux
        • WinSCP
        • Transferring the key file from Windows to Linux with WinSCP
        • The second pitfall—carriage return/end of line
      • Configuring the Linux system
      • Testing the tunnel
        • A look at the Linux network interfaces
      • Running OpenVPN automatically
        • OpenVPN as a server on Windows
        • OpenVPN as a server on Linux
        • Runlevels and init scripts on Linux
        • Using runlevel and init to change and check runlevels
        • The system control for runlevels
        • Managing init scripts
      • Using SuSE's YaST module system services (runlevel)
    • Troubleshooting firewall issues
      • Deactivating the Windows XP service pack 2 firewall
      • Stopping the SuSE firewall
    • Summary
  • Chapter 8: Setting Up OpenVPN with X.509 Certificates
    • Creating certificates
    • Certificate generation on Windows Server 2008 with easy-rsa
      • Setting variables—editing vars.bat
      • Creating the Diffie-Hellman key
      • Building the certificate authority
      • Generating server and client keys
    • Distributing the files to the VPN partners
    • Configuring OpenVPN to use certificates
    • Using easy-rsa on Linux
      • Preparing variables in vars
      • Creating the Diffie-Hellman key and the certificate authority
      • Creating the first server certificate/key pair
      • Creating further certificates and keys
    • Troubleshooting
    • Summary
  • Chapter 9: The Command openvpn and Its Configuration File
    • Syntax of openvpn
      • OpenVPN command-line parameters
    • Using OpenVPN at the command line
      • Parameters used in the standard configuration file for a static key client
      • Compressing the data
      • Controlling and restarting the tunnel
      • Debugging output—troubleshooting
    • Configuring OpenVPN with certificates—simple TLS mode
    • Overview of OpenVPN parameters
      • General tunnel options
      • Routing
      • Controlling the tunnel
      • Scripting
      • Modules
      • Logging
      • Specifying a user and group
      • The management interface
      • Proxies
      • Encryption parameters
      • Testing the crypto system with --test-crypto
      • SSL information—command line
      • Server mode
        • Server mode parameters
        • --client-config options
      • Client mode parameters
        • Push options
    • Important Windows-specific options
    • New in Version 2.1
      • Connection profiles
      • Topology mode
      • Script-security
      • Port-sharing
    • Test
    • Summary
  • Chapter 10: Securing OpenVPN Tunnels and Servers
    • Securing and stabilizing OpenVPN
    • Authentication
      • Using authentication methods
      • Authentication plugins overview
      • Authentication with tokens
      • Individual authentication with Pam-per-user
    • Linux and Firewalls
      • Debian Linux and Webmin with Shorewall
        • Installing Webmin and Shorewall
        • Looking at Webmin
        • Preparing Webmin and Shorewall for the first start
        • Preparing the Shoreline firewall
        • Troubleshooting Shorewall—editing the configuration files
      • OpenVPN and SuSEfirewall
      • Routing and firewalls
        • Configuring a router without a firewall
        • iptables—the standard Linux firewall tool
    • Configuring the Windows Firewall for OpenVPN
    • Summary
  • Chapter 11: Advanced Certificate Management
    • Certificate management and security
    • Installing xca
    • Using xca
      • Creating a database
    • Importing a CA certificate
      • Creating and signing a new server/client certificate
      • Revoking certificates with xca
    • Using TinyCA2 to manage certificates
      • Importing our CA
      • Using TinyCA2 for CA administration
      • Creating new certificates and keys
      • Exporting keys and certificates with TinyCA2
      • Revoking certificates with TinyCA2
  • Other tools worth mentioning
  • Summary
  • Chapter 12: OpenVPN GUI Tools
    • OpenVPN server administration: Webmin's OpenVPN plugin
    • Client GUIs for Linux
      • KVpnc
      • GAdmin-OpenVPN-Client
    • NetworkManager
    • Summary
  • Chapter 13: Advanced OpenVPN Configuration
    • Tunneling a proxy server and protecting the proxy
    • Scripting OpenVPN—an overview
    • Using a client configuration directory with perclient configurations
    • Individual firewall rules for connecting clients
    • Distributed compilation through VPN tunnels with distcc
    • Ethernet bridging with OpenVPN
    • Automatic installation for Windows clients
    • Clustering and redundancy
    • Summary
  • Chapter 15: Troubleshooting and Monitoring
    • Testing network connectivity
    • Checking interfaces, routing, and connectivity on the VPN servers
    • Debugging with tcpdump and IPTraf
    • Using OpenVPN protocol and status files for debugging
    • Scanning servers with Nmap
    • Monitoring tools
      • ntop
      • Munin
      • Nagios
    • OpenVPNgraph
    • Summary

Markus Feilner

Markus Feilner is a Linux professional from Regensburg, Germany, and has been working with open-source software since the mid 1990s. His first contact with UNIX was a SUN cluster and SPARC workstations at Regensburg University (during his studies of geography). Since the year 2000, he has published several documents used in Linux training all over Germany. In 2001, he founded his own Linux consulting and training company, Feilner IT.

He was working as a trainer, consultant, and systems engineer at Millenux, Munich, where he focused on groupware, collaboration, and virtualization with Linux-based systems and networks.

Since 2007, he is an editor at the German Linux-Magazine, where he is writing about Open-Source-Software for both printed and online magazines, including the Linux Technical Review and the Linux Magazine International www.linux-magazine.com. He regularly holds speeches and lectures at conferences in Germany.

He is interested in anything about geography, traveling, photography, philosophy (especially that of open-source software), global politics, soccer and literature, but always has too little time for these hobbies.

Markus Feilner supports Linux4afrika - a project bringing Linux computers into African schools. For more information please visit www.linux4afrika.de!


Norbert Graf

Norbert Graf is a professional IT specialist from Munich with many years of experience in network security and server virtualization. His special fields of interests are Linux based Firewalls, VMware and XEN Virtualization.

Since 2002 he is working, as a Consultant, for an IT company near Munich, for customers from the healthcare sector like hospitals or pharma concerns to small companies.

The first experience with computers he made with commodore c64 learning to program in basic followed by an x86 processor PC with DOS and Windows. He is still working with Windows and Linux networks everyday. His field of work contains especially integrating Linux Servers like Proxies or OpenVPN Servers in Microsoft Active Directory infrastructures.

Since 2007 he published several articles (the most about Windows and Linux cooperation) together with Markus Feilner in the German and International Linux-Magazine.

In November 2007 his son Moritz was born and made the whole family very happy.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Beginning OpenVPN 2.0.9 +    Oracle JDeveloper 11gR2 Cookbook =
50% Off
the second eBook
Price for both: $51.15

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Install OpenVPN on Windows Server, Vista, and Mac OS X and also on different Linux versions and FreeBSD
  • Learn basic security concepts necessary to understand VPNs and OpenVPN in particular
  • Take a look at encryption matters, symmetric and asymmetric keying, and certificates
  • Connect Windows and Linux systems and safely transfer the necessary encryption keys using WinSCP
  • Learn about OpenVPN, its development, features, resources, advantages, and disadvantages compared to other VPN solutions, especially IPsec
  • Discuss non-standard and advanced methods of installing OpenVPN by compiling the source code provided by the OpenVPN project
  • Create an encryption key for OpenVPN and use it to set up an OpenVPN tunnel between two Windows systems in the same network
  • Create X.509 server and client certificates for use with OpenVPN and learn how to use tools to debug and monitor VPN tunnels
  • Create and administer certificates that have to be transferred to the machines that are supposed to take part in the VPN
  • Configure two different firewall networks that connect to each other through the secure OpenVPN tunnel
  • Install and use XCA and TinyCA2 to generate certificate revocation lists that are used to block unwanted connections by formerly authorized clients
  • Install OpenVPN on Windows Mobile and Smartphones running embedded Linux, like Nokia's Maemo platform
  • Analyze the flow of datagrams between the VPN servers and the connected networks with tools like ifconfig, ping, traceroute, and mtr

In Detail

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi, and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPsec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption. This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, it moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting.

This is a practical guide to using OpenVPN for building both basic and complex Virtual Private Networks. It will save you a lot of time and help you build better VPNs that suit your requirements. While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples. It starts with an introduction into the theory of VPNs and OpenVPN, followed by a simple installation example on almost every available platform. After a concise and ordered list of OpenVPN's parameters, we dive into connecting several machines in a safe way. The last third of the book deals with professional and high-end scenarios, and also mobile integration. After having read the whole book and followed and understood all the examples, you will be an expert in VPN, Security, and especially in OpenVPN Technology. This book was written for version 2.0.9 of OpenVPN, but all examples have been tested and run smoothly on version 2.1 too.

Learn how to build secure VPNs using this powerful Open Source application

Approach

This book is an easy introduction to OpenVPN. While providing only necessary theoretical background, it takes a practical approach, presenting plenty of examples. It is written in a friendly style making this complex topic easy and a joy to read. It first covers basic VPN concepts, then moves to introduce basic OpenVPN configurations, before covering advanced uses of OpenVPN.

Who this book is for

This book is for both experienced and new OpenVPN users. If you are interested in security and privacy in the internet, or want to have your notebook or mobile phone connected safely to the internet, the server in your company, or at home, you will find this book useful. It presumes basic knowledge of Linux, but no knowledge of VPNs is required.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software