OpenVPN: Building and Integrating Virtual Private Networks

There is a newer version of this book available - Beginning OpenVPN 2.0.9
OpenVPN:  Building and Integrating Virtual Private Networks
eBook: $35.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 50%!
Print + free eBook + free PacktLib access to the book: $95.98    Print cover: $59.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Learn how to install, configure, and create tunnels with OpenVPN on Linux, Windows, and MacOSX
  • Use OpenVPN with DHCP, routers, firewall, and HTTP proxy servers
  • Advanced management of security certificates

Book Details

Language : English
Paperback : 272 pages [ 235mm x 191mm ]
Release Date : May 2006
ISBN : 190481185X
ISBN 13 : 9781904811855
Author(s) : Markus Feilner
Topics and Technologies : All Books, Networking and Servers, Security and Testing, Linux Servers, Networking & Telephony, Open Source

Table of Contents

Chapter 1: VPN—Virtual Private Network
Chapter 2: VPN Security
Chapter 3: OpenVPN
Chapter 4: Installing OpenVPN
Chapter 5: Configuring an OpenVPN Server—The First Tunnel
Chapter 6: Setting Up OpenVPN with X509 Certificates
Chapter 7: The Command openvpn and its Configuration File
Chapter 8: Securing OpenVPN Tunnels and Servers
Chapter 9: Advanced Certificate Management
Chapter 10: Advanced OpenVPN Configuration
Chapter 11: Troubleshooting and Monitoring
Appendix A: Internet Resources
  • Chapter 1: VPN—Virtual Private Network
    • Branches Connected by Dedicated Lines
      • Broadband Internet Access and VPNs
    • How Does a VPN Work?
      • What are VPNs Used For?
      • Networking Concepts—Protocols and Layers
      • Tunneling and Overhead
    • VPN Concepts—Overview
      • A Proposed Standard for Tunneling
      • Protocols Implemented on OSI Layer 2
      • Protocols Implemented on OSI Layer 3
      • Protocols Implemented on OSI Layer 4
      • OpenVPN—An SSL/TLS-Based Solution
    • Summary
  • Chapter 2: VPN Security
    • VPN Security
    • Privacy—Encrypting the Traffic
      • Symmetric Encryption and Pre-Shared Keys
      • Reliability and Authentication
        • The Problem of Complexity in Classic VPNs
      • Asymmetric Encryption with SSL/TLS
    • SSL/TLS Security
      • Understanding SSL/TLS Certificates
      • Trusted Certificates
      • Self-Signed Certificates
      • SSL/TLS Certificates and VPNs
    • Summary
  • Chapter 3: OpenVPN
    • Advantages of OpenVPN
    • History of OpenVPN
      • OpenVPN Version 1
      • OpenVPN Version 2
    • Networking with OpenVPN
      • OpenVPN and Firewalls
      • Configuring OpenVPN
      • Problems with OpenVPN
    • OpenVPN Compared to IPsec VPN
    • Sources for Help and Documentation
    • The Project Community
      • Documentation in the Software Packages
    • Summary
  • Chapter 4: Installing OpenVPN
    • Prerequisites
    • Obtaining the Software
    • Installing OpenVPN on Windows
      • Downloading and Starting Installation
      • Selecting Components and Location
      • Finishing Installation
      • Testing the Installation—A First Look at the Panel Applet
    • Installing OpenVPN on Mac OS X (Tunnelblick)
      • Testing the Installation—The Tunnelblick Panel Applet
    • Installing OpenVPN on SuSE Linux
      • Using YaST to Install Software
    • Installing OpenVPN on Redhat Fedora Using yum
    • Installing OpenVPN on RPM-Based Systems
      • Using wget to Download OpenVPN RPMs
      • Testing Installation and Installing with rpm
      • Installing OpenVPN and the LZO Library with wget and RPM
      • Using rpm to Obtain Information on the Installed OpenVPN Version
    • Installing OpenVPN on Debian
      • Installing Debian Packages
      • Using Aptitude to Search and Install Packages
      • OpenVPN—The Files Installed on Debian
    • Installing OpenVPN on FreeBSD
      • Installing a Newer Version of OpenVPN on FreeBSD—The Port System
        • Installing the Port System with sysinstall
        • Downloading and Installing a BSD Port
    • Troubleshooting—Advanced Installation Methods
      • Installing OpenVPN from Source Code
      • Building Your Own RPM File from the OpenVPN Source Code
      • Building and Distributing Your Own DEB Packages
      • Enabling Linux Kernel Support for TUN/TAP Devices
        • Using Menuconfig to Enable TUN/TAP Support
    • Internet Links, Installation Guidelines, and Help
    • Summary
  • Chapter 5: Configuring an OpenVPN Server—The First Tunnel
    • OpenVPN on Microsoft Windows
      • Generating a Static OpenVPN Key
        • Creating a Sample Connection
        • Adapting the Sample Configuration File Provided by OpenVPN
        • Starting and Testing the Tunnel
      • A Brief Look at Windows OpenVPN Network Interfaces
    • Connecting Windows and Linux
      • File Exchange between Windows and Linux
        • Installing WinSCP
        • Transferring the Key File from Windows to Linux with WinSCP
        • The Second Pitfall—Carriage Return/End of Line
      • Configuring the Linux System
      • Testing the Tunnel
        • A Look at the Linux Network Interfaces
      • Running OpenVPN Automatically
        • OpenVPN as Server on Windows
        • OpenVPN as Server on Linux
        • Runlevels and init Scripts on Linux
        • Using runlevel and init to Change and Check Runlevels
        • The System Control for Runlevels
        • Managing init Scripts
      • Using Webmin to Manage init Scripts
      • Using SuSE's YaST Module System Services (Runlevel)
    • Troubleshooting Firewall Issues
      • Deactivating Windows XP Service Pack 2 Firewall
      • Stopping the SuSE Firewall
    • Summary
  • Chapter 6: Setting Up OpenVPN with X509 Certificates
    • Creating Certificates
    • Certificate Generation on Windows XP with easy-rsa
      • Setting Variables—Editing vars.bat
      • Creating the Diffie-Hellman Key
      • Building the Certificate Authority
      • Generating Server and Client Keys
    • Distributing the Files to the VPN Partners
    • Configuring OpenVPN to Use Certificates
    • Using easy-rsa on Linux
      • Preparing Variables in vars
      • Creating the Diffie-Hellman Key and the Certificate Authority
      • Creating the First Server Certificate/Key Pair
      • Creating Further Certificates and Keys
    • Troubleshooting
    • Summary
  • Chapter 7: The Command openvpn and its Configuration File
    • Syntax of openvpn
      • OpenVPN Command-Line Parameters
    • Using OpenVPN at the Command Line
      • Parameters Used in the Standard Configuration File for a Static Key Client
      • Compressing the Data
      • Controlling and Restarting the Tunnel
      • Debugging Output—Troubleshooting
    • Configuring OpenVPN with Certificates—Simple TLS Mode
    • Overview of OpenVPN Parameters
      • General Tunnel Options
      • Routing
      • Controlling the Tunnel
      • Scripting
      • Logging
      • Specifying a User and Group
      • The Management Interface
      • Proxies
      • Encryption Parameters
      • Testing the Crypto System with --test-crypto
      • SSL Information—Command Line
      • Server Mode
        • Server Mode Parameters
        • --client-config Options
      • Client Mode Parameters
        • Push Options
    • Important Windows-Specific Options
    • Summary
  • Chapter 8: Securing OpenVPN Tunnels and Servers
    • Securing and Stabilizing OpenVPN
    • Linux and Firewalls
      • Debian Linux and Webmin with Shorewall
        • Installing Webmin and Shorewall
        • Preparing Webmin and Shorewall for the First Start
        • Starting Webmin
        • Configuring the Shorewall with Webmin
        • Creating Zones
        • Editing Interfaces
        • Default Policies
        • Adding Firewall Rules
      • Troubleshooting Shorewall—Editing the Configuration Files
      • OpenVPN and SuSEfirewall
      • Troubleshooting OpenVPN Routing and Firewalls
        • Configuring a Router without a Firewall
        • iptables—The Standard Linux Firewall Tool
    • Configuring the Windows Firewall for OpenVPN
    • Summary
  • Chapter 9: Advanced Certificate Management
    • Certificate Management and Security
    • Installing xca
    • Using xca
      • Creating a Database
      • Importing a CA Certificate
      • Creating and Signing a New Server/Client Certificate
      • Revoking Certificates with xca
    • Using TinyCA2 to Manage Certificates
      • Importing Our CA
      • Using TinyCA2 for CA Administration
      • Creating New Certificates and Keys
      • Exporting Keys and Certificates with TinyCA2
      • Revoking Certificates with TinyCA2
  • Summary
  • Chapter 10: Advanced OpenVPN Configuration
    • Tunneling a Proxy Server and Protecting the Proxy
    • Scripting OpenVPN—An Overview
    • Using Authentication Methods
    • Using a Client Configuration Directory with Per-Client Configurations
    • Individual Firewall Rules for Connecting Clients
    • Distributed Compilation through VPN Tunnels with distcc
    • Ethernet Bridging with OpenVPN
    • Automatic Installation for Windows Clients
    • Summary
  • Chapter 11: Troubleshooting and Monitoring
    • Testing the Network Connectivity
    • Checking Interfaces, Routing, and Connectivity on the VPN Servers
    • Debugging with tcpdump and IPTraf
    • Using OpenVPN Protocol and Status Files for Debugging
    • Scanning Servers with Nmap
    • Monitoring Tools
      • ntop
      • Munin
    • Hints to Other Tools
    • Summary

Markus Feilner

Markus Feilner is a Linux professional from Regensburg, Germany, and has been working with open-source software since the mid 1990s. His first contact with UNIX was a SUN cluster and SPARC workstations at Regensburg University (during his studies of geography). Since the year 2000, he has published several documents used in Linux training all over Germany. In 2001, he founded his own Linux consulting and training company, Feilner IT.

He was working as a trainer, consultant, and systems engineer at Millenux, Munich, where he focused on groupware, collaboration, and virtualization with Linux-based systems and networks.

Since 2007, he is an editor at the German Linux-Magazine, where he is writing about Open-Source-Software for both printed and online magazines, including the Linux Technical Review and the Linux Magazine International He regularly holds speeches and lectures at conferences in Germany.

He is interested in anything about geography, traveling, photography, philosophy (especially that of open-source software), global politics, soccer and literature, but always has too little time for these hobbies.

Markus Feilner supports Linux4afrika - a project bringing Linux computers into African schools. For more information please visit!

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


- 20 submitted: last submission 09 Aug 2012

Errata type:Casing inconsistency | Page number:0

VPN Software
should be:
VPN software


Errata type:Typo | Page number:2

Line 18:- Troubleshooting and Monitoring is what you should refer "to" if... Add "to" in the sentence.


Errata type:Typo | Page number:3

Line 25:- cd "C:\\Program Files\ OpenVPN\easy-rsa\" Remove space before OpenVPN


Errata type: | Page number: 11

Tunneling and Overhead heading: Line 2:- as the walls of the a road or rail tunnel protect..Delete "the" after of.


Errata type: Typo| Page number:14

the 1st line from: Even though it provides no own security mechanisms..
should be:
Even though it provides no known security mechanisms...


Errata type:Typo | Page number:15

Protocols implemented on OSI layer 4 heading: last line:- Replace "permanently" with "continually".


Errata type:Typo | Page number:19

"Another danger are so-called man-in-the-middle attacks, also know as eavesdropping"
should be:
Another danger are so-called man-in-the-middle attacks, also known as eavesdropping"


Errata type:Typo | Page number:14

Last para:- "the whole IP packets are encapsulated in a new packet", replace "whole" with "all".


Errata type: Typo | Page number:25

Line 20:- Replace VPN Systems with VPN systems.


Errata type: Typo | Page number:25

Last line:- because a certificate signed by third party is trusted. Add "a" before third party.


Errata type:Inconsistent capitalization | Page number: 28

Line 1:- Replace Port with port.
Line 5:- Replace Interfaces with interfaces.
Line 20:- Replace Installation with installation.


Errata type:Typo | Page number:30

Line 12 inside the table:- automatic configuration of "a", replace "a" with "an".


Errata type:Word replacement | Page number:36

Line 5 inside the table:- Replace "DynDNS" with "dynamic DNS" or "Dial-Up Internet connections with dynamically assigned IPs".


Errata type:Typo | Page number:56

Testing Installation and Installing with rpm heading:Line 13:- Remove --test from rpm installation example.


Errata type:broken command | Page number:70

Line 4:- Replace debian01:~# ta with debian01:~# tar -xzf openvpn-2.0.2.tar.gz.


Errata type:Incorrect filename | Page number:117

Information box:- Replace build-key-server.bat with build-key.bat


Errata type:Wrong port number | Page number:166

Line 2:- by default it's UDP port is 1149. Replace 1149 with 1194.


Errata type:Incorrect words | Page number:195

Line1:- Delete "for a VPN client".


Errata type:Typo | Page number:203

Line3:- CAN
should be:


Errata type:Typo | Page number:211

Scripting OpenVPN-An Overview heading: Line 3:- Replace "Firewall" with "firewall"


Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

OpenVPN:  Building and Integrating Virtual Private Networks +    IBM Cognos Business Intelligence =
50% Off
the second eBook
Price for both: $51.15

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

Chapter 1 looks at what VPNs are, how they evolved during the last decade, why it is necessary to modern enterprises, how typical VPNs work. The chapter also covers some essential networking concepts.

Chapter 2 explains VPN security issues, including symmetric and asymmetric encryption, the SSL/TLS library, and SSL certificates.

Chapter 3 introduces OpenVPN. In this chapter, we learn about the history of OpenVPN, how OpenVPN works, and how OpenVPN compares to IPSec VPN applications.

Chapter 4 covers installing OpenVPN on both Windows, the Mac, Linux, and FreeBSD. It covers the installation on Linux from the source code and RPM packages. Installation on Suse and Debian is covered in detail.

In Chapter 5, an encryption key for OpenVPN is created and it is then used to setup up our first OpenVPN Tunnel between two windows systems in the same network. The key is then copied on a Linux system and this system is connected through a tunnel to the first windows machine.

Chapter 6 shows how to create x509 server and client certificates for use with OpenVPN. easy-rsa which comes with OpenVPN and is available for both Windows and Linux is used.

Chapter 7 reviews the syntax of the command line tool openvpn, which enables building tunnels quickly. The configuration options of openvpn are covered in detail with examples.

Chapter 8 shows how to make the example tunnels created earlier safer and persistent by choosing a reliable combination of configuration file parameters. It then covers how to configure firewalls on Linux and Windows to work with OpenVPN.

Chapter 9 focuses on using xca, the advanced Windows tool with which x509 certificates can be easily managed. Its Linux equivalent, Tinyca2, which can even manage multiple certificate authorities, is also covered.

Chapter 10 covers advanced OpenVPN configurations, including Tunneling through a proxy server, pushing routing commands to clients, pushing and setting the default route through a tunnel, Distributed compilation through VPN tunnels with distcc, and OpenVPN scripting.

Chapter 11 shows how to debug and monitor VPN tunnels. It covers standard networking tools that can be used for scanning and testing the connectivity of a VPN server.

In Detail

OpenVPN is a powerful, open source SSL VPN application. It can secure site-to-site connections, WiFi and enterprise-scale remote connections. While being a full-featured VPN solution, OpenVPN is easy to use and does not suffer from the complexity that characterizes other IPSec VPN implementations. It uses the secure and stable TLS/SSL mechanisms for authentication and encryption.

This book is an easy introduction to this popular VPN application. After introducing the basics of security and VPN, the book moves on to cover using OpenVPN, from installing it on various platforms, through configuring basic tunnels, to more advanced features, such as using the application with firewalls, routers, proxy servers, and OpenVPN scripting.

While providing only necessary theoretical background, the book takes a practical approach, presenting plenty of examples.

This book is a comprehensive guide to using OpenVPN for building both secure VPNs. The book is written in a very friendly style that makes this complex topic easy and a joy to read. It first covers basic VPN concepts, then moves to introduce basic OpenVPN configurations, before covering advanced uses of OpenVPN. This book is for both experienced and new OpenVPN users.

Visit the Free Online Edition for OpenVPN: Building and Integrating Virtual Private Networks and learn more about the book and discover what each chapter from this book has in store.


Who this book is for

Network administrators and any one who is interested in building secure VPNs using OpenVPN. It presumes basic knowledge of Linux, but no knowledge of VPNs is required. All basic VPN and relevant security concepts are covered.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software