OpenVPN 2 Cookbook
eBook:
$29.99
Formats:
Formats:
$25.49
save 15%!
save 15%!
Print + free eBook + free PacktLib access to the book:
$79.98
Print cover: $49.99
$49.99
save 37%!
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
| Also available on: |
|
- Set of recipes covering the whole range of tasks for working with OpenVPN
- The quickest way to solve your OpenVPN problems!
- Set up, configure, troubleshoot and tune OpenVPN
- Uncover advanced features of OpenVPN and even some undocumented options
Book Details
Language : EnglishPaperback : 356 pages [ 235mm x 191mm ]
Release Date : February 2011
ISBN : 1849510105
ISBN 13 : 9781849510103
Author(s) : Jan Just Keijser
Topics and Technologies : All Books, Cookbooks, Linux Servers, Networking & Telephony, Open Source
Table of Contents
PrefaceChapter 1: Point-to-Point Networks
Chapter 2: Client-server IP-only Networks
Chapter 3: Client-server Ethernet-style Networks
Chapter 4: PKI, Certificates, and OpenSSL
Chapter 5: Two-factor Authentication with PKCS#11
Chapter 6: Scripting and Plugins
Chapter 7: Troubleshooting OpenVPN: Configurations
Chapter 8: Troubleshooting OpenVPN: Routing
Chapter 9: Performance Tuning
Chapter 10: OS Integration
Chapter 11: Advanced Configuration
Chapter 12: New Features of OpenVPN 2.1 and 2.2
Index
- Chapter 1: Point-to-Point Networks
- Introduction
- Shortest setup possible
- OpenVPN secret keys
- Multiple secret keys
- Plaintext tunnel
- Routing
- Configuration files versus the command-line
- Complete site-to-site setup
- 3-way routing
- Chapter 2: Client-server IP-only Networks
- Introduction
- Setting up the public and private keys
- Simple configuration
- Server-side routing
- Using 'client-config-dir' files
- Routing: subnets on both sides
- Redirecting the default gateway
- Using an 'ifconfig-pool' block
- Using the status file
- Management interface
- Proxy-arp
- Chapter 3: Client-server Ethernet-style Networks
- Introduction
- Simple configuration—non-bridged
- Enabling client-to-client traffic
- Bridging—Linux
- Bridging—Windows
- Checking broadcast and non-IP traffic
- External DHCP server
- Using the status file
- Management interface
- Chapter 4: PKI, Certificates, and OpenSSL
- Introduction
- Certificate generation
- xCA: a GUI for managing a PKI (Part 1)
- xCA: a GUI for managing a PKI (Part 2)
- OpenSSL tricks: x509, pkcs12, verify output
- Revoking certificates
- The use of CRLs
- Checking expired/revoked certificates
- Intermediary CAs
- Multiple CAs: stacking, using --capath
- Chapter 5: Two-factor Authentication with PKCS#11
- Introduction
- Initializing a hardware token
- Getting a hardware token ID
- Using a hardware token
- Using the management interface to list PKCS#11 certificates
- Selecting a PKCS#11 certificate using the management interface
- Generating a key on the hardware token
- Private method for getting a PKCS#11 certificate
- Pin caching example
- Chapter 6: Scripting and Plugins
- Introduction
- Using a client-side up/down script
- Windows login greeter
- Using client-connect/client-disconnect scripts
- Using a 'learn-address' script
- Using a 'tls-verify' script
- Using an 'auth-user-pass-verify' script
- Script order
- Script security and logging
- Using the 'down-root' plugin
- Using the PAM authentication plugin
- Chapter 7: Troubleshooting OpenVPN: Configurations
- Introduction
- Cipher mismatches
- TUN versus TAP mismatches
- Compression mismatches
- Key mismatches
- Troubleshooting MTU and tun-mtu issues
- Troubleshooting network connectivity
- Troubleshooting 'client-config-dir' issues
- How to read the OpenVPN log files
- Chapter 8: Troubleshooting OpenVPN: Routing
- Introduction
- The missing return route
- Missing return routes when 'iroute' is used
- All clients function except the OpenVPN endpoints
- Source routing
- Routing and permissions on Windows
- Troubleshooting client-to-client traffic routing
- Understanding the 'MULTI: bad source' warnings
- Failure when redirecting the default gateway
- Chapter 9: Performance Tuning
- Introduction
- Optimizing performance using 'ping'
- Optimizing performance using 'iperf'
- OpenSSL cipher speed
- Compression tests
- Traffic shaping
- Tuning UDP-based connections
- Tuning TCP-based connections
- Analyzing performance using tcpdump
- Chapter 10: OS Integration
- Introduction
- Linux: using NetworkManager
- Linux: using 'pull-resolv-conf'
- MacOS: using Tunnelblick
- Windows Vista/7: elevated privileges
- Windows: using the CryptoAPI store
- Windows: updating the DNS cache
- Windows: running OpenVPN as a service
- Windows: public versus private network adapters
- Windows: routing methods
- Chapter 11: Advanced Configuration
- Introduction
- Including configuration files in config files
- Multiple remotes and remote-random
- Details of ifconfig-pool-persist
- Connecting using a SOCKS proxy
- Connecting via an HTTP proxy
- Connecting via an HTTP proxy with authentication
- Using dyndns
- IP-less setups (ifconfig-noexec)
- Chapter 12: New Features of OpenVPN 2.1 and 2.2
- Introduction
- Inline certificates
- Connection blocks
- Port sharing with an HTTPS server
- Routing features: redirect-private, allow-pull-fqdn
- Handing out the public IPs
- OCSP support
- New for 2.2: the 'x509_user_name' parameter
Jan Just Keijser
Code Downloads
Download the code and support files for this book.
Submit Errata
Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.
Errata
- 2 submitted: last submission 09 Aug 2012Errata type: Others | Page number: 35 | Errata date: 09 Sep 2011
Section 6 should be "./build-key --batch openvpnclient1" as shown in Example2-1.
The printed command ""./build-key-server --batch openvpnclient1" creates a server certificate and causes the OpenVPN server to reject the client request.
Errata type: Code | Page number: 16 | Errata date: 31st March 2011
Please check the following command listed to view the tunnel traffic under the "Plaintext tunnel" recipe:
tcpdump -w -I ethO -s 0 host openvpnserver \
This is the wrong command.
The actual command should be:
tcpdump -l -w - -i eth0 -s 0 host openvpnserver | strings
Sample chapters
You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.
Frequently bought together
+
=
50% Off
the eBooks
the eBooks
Buy both these recommended eBooks together and get 50% off the total price
- Setting up point-to-point, routed as well as bridged VPNs
- Determining the best type of OpenVPN set up for your networking needs
- Configuring OpenVPN on Linux, Windows and Mac OS X
- Using scripting and plugins to optimize your VPN setup
- Troubleshooting your VPN setup
- Using advanced OpenVPN techniques, such as proxy support, compression, different encryption algorithms
- Setting up a public key infrastructure (PKI) for use with OpenVPN, including X509 certificates, certificate revocation lists and intermediary certificate authorities
- Integrating a hardware security token or smart card into your VPN setup
OpenVPN http://www.openvpn.net is a free and open source virtual private network (VPN) program for creating point-to-point or server-to-multiclient encrypted tunnels between host computers. It is capable of establishing direct links between computers across networks and firewalls. It is powerful software, but getting the most from it can be a daunting task.
OpenVPN 2 Cookbook provides solutions to common OpenVPN problems. The book covers everything a system administrator needs to manage and run an OpenVPN network, from point to point networks to troubleshooting.
OpenVPN 2 Cookbook offers all the information you need to successfully manage your network. Covering all the common networks, including point to point networks, multi-client tun style networks and multi client tap style networks, this practical guide gives quick answers to common questions and problems.
Each technical aspect is broken down into short recipes that demonstrate solutions with working code, then explain why and how that works. The book is intended to be a desk reference for users with a whole range of experience levels.
This is a cookbook, with practical recipes providing tips and tricks to the most common problems and scenarios faced with OpenVPN.
This book is ideal for system administrators and networking professionals who are interested in building secure VPNs using OpenVPN. It is preferable that the reader has a basic knowledge of OpenVPN, as well as general network administration skills.
