OpenVPN 2 Cookbook

OpenVPN 2 Cookbook
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Set of recipes covering the whole range of tasks for working with OpenVPN
  • The quickest way to solve your OpenVPN problems!
  • Set up, configure, troubleshoot and tune OpenVPN
  • Uncover advanced features of OpenVPN and even some undocumented options

Book Details

Language : English
Paperback : 356 pages [ 235mm x 191mm ]
Release Date : February 2011
ISBN : 1849510105
ISBN 13 : 9781849510103
Author(s) : Jan Just Keijser
Topics and Technologies : All Books, Networking and Servers, Cookbooks, Linux Servers, Networking & Telephony, Open Source

Table of Contents

Chapter 1: Point-to-Point Networks
Chapter 2: Client-server IP-only Networks
Chapter 3: Client-server Ethernet-style Networks
Chapter 4: PKI, Certificates, and OpenSSL
Chapter 5: Two-factor Authentication with PKCS#11
Chapter 6: Scripting and Plugins
Chapter 7: Troubleshooting OpenVPN: Configurations
Chapter 8: Troubleshooting OpenVPN: Routing
Chapter 9: Performance Tuning
Chapter 10: OS Integration
Chapter 11: Advanced Configuration
Chapter 12: New Features of OpenVPN 2.1 and 2.2
  • Chapter 1: Point-to-Point Networks
    • Introduction
    • Shortest setup possible
    • OpenVPN secret keys
    • Multiple secret keys
    • Plaintext tunnel
    • Routing
    • Configuration files versus the command-line
    • Complete site-to-site setup
    • 3-way routing
    • Chapter 2: Client-server IP-only Networks
      • Introduction
      • Setting up the public and private keys
      • Simple configuration
      • Server-side routing
      • Using 'client-config-dir' files
      • Routing: subnets on both sides
      • Redirecting the default gateway
      • Using an 'ifconfig-pool' block
      • Using the status file
      • Management interface
      • Proxy-arp
      • Chapter 3: Client-server Ethernet-style Networks
        • Introduction
        • Simple configuration—non-bridged
        • Enabling client-to-client traffic
        • Bridging—Linux
        • Bridging—Windows
        • Checking broadcast and non-IP traffic
        • External DHCP server
        • Using the status file
        • Management interface
        • Chapter 4: PKI, Certificates, and OpenSSL
          • Introduction
          • Certificate generation
          • xCA: a GUI for managing a PKI (Part 1)
          • xCA: a GUI for managing a PKI (Part 2)
          • OpenSSL tricks: x509, pkcs12, verify output
          • Revoking certificates
          • The use of CRLs
          • Checking expired/revoked certificates
          • Intermediary CAs
          • Multiple CAs: stacking, using --capath
          • Chapter 5: Two-factor Authentication with PKCS#11
            • Introduction
            • Initializing a hardware token
            • Getting a hardware token ID
            • Using a hardware token
            • Using the management interface to list PKCS#11 certificates
            • Selecting a PKCS#11 certificate using the management interface
            • Generating a key on the hardware token
            • Private method for getting a PKCS#11 certificate
            • Pin caching example
            • Chapter 6: Scripting and Plugins
              • Introduction
              • Using a client-side up/down script
              • Windows login greeter
              • Using client-connect/client-disconnect scripts
              • Using a 'learn-address' script
              • Using a 'tls-verify' script
              • Using an 'auth-user-pass-verify' script
              • Script order
              • Script security and logging
              • Using the 'down-root' plugin
              • Using the PAM authentication plugin
              • Chapter 7: Troubleshooting OpenVPN: Configurations
                • Introduction
                • Cipher mismatches
                • TUN versus TAP mismatches
                • Compression mismatches
                • Key mismatches
                • Troubleshooting MTU and tun-mtu issues
                • Troubleshooting network connectivity
                • Troubleshooting 'client-config-dir' issues
                • How to read the OpenVPN log files
                • Chapter 8: Troubleshooting OpenVPN: Routing
                  • Introduction
                  • The missing return route
                  • Missing return routes when 'iroute' is used
                  • All clients function except the OpenVPN endpoints
                  • Source routing
                  • Routing and permissions on Windows
                  • Troubleshooting client-to-client traffic routing
                  • Understanding the 'MULTI: bad source' warnings
                  • Failure when redirecting the default gateway
                  • Chapter 9: Performance Tuning
                    • Introduction
                    • Optimizing performance using 'ping'
                    • Optimizing performance using 'iperf'
                    • OpenSSL cipher speed
                    • Compression tests
                    • Traffic shaping
                    • Tuning UDP-based connections
                    • Tuning TCP-based connections
                    • Analyzing performance using tcpdump
                    • Chapter 10: OS Integration
                      • Introduction
                      • Linux: using NetworkManager
                      • Linux: using 'pull-resolv-conf'
                      • MacOS: using Tunnelblick
                      • Windows Vista/7: elevated privileges
                      • Windows: using the CryptoAPI store
                      • Windows: updating the DNS cache
                      • Windows: running OpenVPN as a service
                      • Windows: public versus private network adapters
                      • Windows: routing methods
                      • Chapter 11: Advanced Configuration
                        • Introduction
                        • Including configuration files in config files
                        • Multiple remotes and remote-random
                        • Details of ifconfig-pool-persist
                        • Connecting using a SOCKS proxy
                        • Connecting via an HTTP proxy
                        • Connecting via an HTTP proxy with authentication
                        • Using dyndns
                        • IP-less setups (ifconfig-noexec)
                        • Chapter 12: New Features of OpenVPN 2.1 and 2.2
                          • Introduction
                          • Inline certificates
                          • Connection blocks
                          • Port sharing with an HTTPS server
                          • Routing features: redirect-private, allow-pull-fqdn
                          • Handing out the public IPs
                          • OCSP support
                          • New for 2.2: the 'x509_user_name' parameter

                          Jan Just Keijser

                          Jan Just Keijser is an open source professional from Utrecht, the Netherlands. He has broad experience in IT, ranging from providing user support, system administration, and systems programming to network programming. He has worked for various IT companies since 1989 and has been working mainly on UNIX/Linux platforms since 1995. He was an active USENET contributor in the early 1990s. Currently, he is employed as a senior scientific programmer in Amsterdam, the Netherlands, at Nikhef, the institute for sub-atomic physics from the Dutch Foundation for Fundamental Research on Matter (FOM). He is working on grid computing and grid application programming, as well as smartcard applications. His open source interests include all types of Virtual Private Networking, including IPSec, PPTP, and of course, OpenVPN. In 2004 he discovered OpenVPN and has been using it ever since. He has been providing OpenVPN community support since 2004.

                          Code Downloads

                          Download the code and support files for this book.

                          Submit Errata

                          Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


                          - 2 submitted: last submission 12 Nov 2013

                          Errata type: Others | Page number: 35 | Errata date: 09 Sep 2011

                          Section 6 should be "./build-key --batch openvpnclient1" as shown in Example2-1.
                          The printed command ""./build-key-server --batch openvpnclient1" creates a server certificate and causes the OpenVPN server to reject the client request.


                          Errata type: Code | Page number: 16 | Errata date: 31st March 2011

                          Please check the following  command listed to view the tunnel traffic under the "Plaintext tunnel" recipe:

                          tcpdump -w -I ethO -s 0 host openvpnserver \

                          This is the wrong command.

                          The actual command should be:

                          tcpdump -l -w - -i eth0 -s 0 host openvpnserver | strings

                          Sample chapters

                          You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                          Frequently bought together

                          OpenVPN 2 Cookbook +    IBM Sametime 8.5.2 Administration Guide =
                          50% Off
                          the second eBook
                          Price for both: $50.70

                          Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                          What you will learn from this book

                          • Setting up point-to-point, routed as well as bridged VPNs
                          • Determining the best type of OpenVPN set up for your networking needs
                          • Configuring OpenVPN on Linux, Windows and Mac OS X
                          • Using scripting and plugins to optimize your VPN setup
                          • Troubleshooting your VPN setup
                          • Using advanced OpenVPN techniques, such as proxy support, compression, different encryption algorithms
                          • Setting up a public key infrastructure (PKI) for use with OpenVPN, including X509 certificates, certificate revocation lists and intermediary certificate authorities
                          • Integrating a hardware security token or smart card into your VPN setup


                          In Detail

                          OpenVPN is a free and open source virtual private network (VPN) program for creating point-to-point or server-to-multiclient encrypted tunnels between host computers. It is capable of establishing direct links between computers across networks and firewalls. It is powerful software, but getting the most from it can be a daunting task.

                          OpenVPN 2 Cookbook provides solutions to common OpenVPN problems. The book covers everything a system administrator needs to manage and run an OpenVPN network, from point to point networks to troubleshooting.

                          OpenVPN 2 Cookbook offers all the information you need to successfully manage your network. Covering all the common networks, including point to point networks, multi-client tun style networks and multi client tap style networks, this practical guide gives quick answers to common questions and problems.

                          Each technical aspect is broken down into short recipes that demonstrate solutions with working code, then explain why and how that works. The book is intended to be a desk reference for users with a whole range of experience levels.


                          This is a cookbook, with practical recipes providing tips and tricks to the most common problems and scenarios faced with OpenVPN.

                          Who this book is for

                          This book is ideal for system administrators and networking professionals who are interested in building secure VPNs using OpenVPN. It is preferable that the reader has a basic knowledge of OpenVPN, as well as general network administration skills.

                          Code Download and Errata
                          Packt Anytime, Anywhere
                          Register Books
                          Print Upgrades
                          eBook Downloads
                          Video Support
                          Contact Us
                          Awards Voting Nominations Previous Winners
                          Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                          Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software