| |
Table of ContentsPreface
Chapter 1: VPN—Virtual Private Network
Chapter 2: VPN Security
Chapter 3: OpenVPN
Chapter 4: Installing OpenVPN
Chapter 5: Configuring an OpenVPN Server—The First Tunnel
Chapter 6: Setting Up OpenVPN with X509 Certificates
Chapter 7: The Command openvpn and its Configuration File
Chapter 8: Securing OpenVPN Tunnels and Servers
Chapter 9: Advanced Certificate Management
Chapter 10: Advanced OpenVPN Configuration
Chapter 11: Troubleshooting and Monitoring
Appendix A: Internet Resources
Index
- Chapter 1: VPN—Virtual Private Network
- Branches Connected by Dedicated Lines
- Broadband Internet Access and VPNs
- How Does a VPN Work?
- What are VPNs Used For?
- Networking Concepts—Protocols and Layers
- Tunneling and Overhead
- VPN Concepts—Overview
- A Proposed Standard for Tunneling
- Protocols Implemented on OSI Layer 2
- Protocols Implemented on OSI Layer 3
- Protocols Implemented on OSI Layer 4
- OpenVPN—An SSL/TLS-Based Solution
- Chapter 2: VPN Security
- VPN Security
- Privacy—Encrypting the Traffic
- Symmetric Encryption and Pre-Shared Keys
- Reliability and Authentication
- The Problem of Complexity in Classic VPNs
- Asymmetric Encryption with SSL/TLS
- SSL/TLS Security
- Understanding SSL/TLS Certificates
- Trusted Certificates
- Self-Signed Certificates
- SSL/TLS Certificates and VPNs
- Chapter 3: OpenVPN
- Advantages of OpenVPN
- History of OpenVPN
- OpenVPN Version 1
- OpenVPN Version 2
- Networking with OpenVPN
- OpenVPN and Firewalls
- Configuring OpenVPN
- Problems with OpenVPN
- OpenVPN Compared to IPsec VPN
- Sources for Help and Documentation
- The Project Community
- Documentation in the Software Packages
- Chapter 4: Installing OpenVPN
- Prerequisites
- Obtaining the Software
- Installing OpenVPN on Windows
- Downloading and Starting Installation
- Selecting Components and Location
- Finishing Installation
- Testing the Installation—A First Look at the Panel Applet
- Installing OpenVPN on Mac OS X (Tunnelblick)
- Testing the Installation—The Tunnelblick Panel Applet
- Installing OpenVPN on SuSE Linux
- Using YaST to Install Software
- Installing OpenVPN on Redhat Fedora Using yum
- Installing OpenVPN on RPM-Based Systems
- Using wget to Download OpenVPN RPMs
- Testing Installation and Installing with rpm
- Installing OpenVPN and the LZO Library with wget and RPM
- Using rpm to Obtain Information on the Installed OpenVPN Version
- Installing OpenVPN on Debian
- Installing Debian Packages
- Using Aptitude to Search and Install Packages
- OpenVPN—The Files Installed on Debian
- Installing OpenVPN on FreeBSD
- Installing a Newer Version of OpenVPN on FreeBSD—The Port System
- Installing the Port System with sysinstall
- Downloading and Installing a BSD Port
- Troubleshooting—Advanced Installation Methods
- Installing OpenVPN from Source Code
- Building Your Own RPM File from the OpenVPN Source Code
- Building and Distributing Your Own DEB Packages
- Enabling Linux Kernel Support for TUN/TAP Devices
- Using Menuconfig to Enable TUN/TAP Support
- Internet Links, Installation Guidelines, and Help
- Summary
- Chapter 5: Configuring an OpenVPN Server—The First Tunnel
- OpenVPN on Microsoft Windows
- Generating a Static OpenVPN Key
- Creating a Sample Connection
- Adapting the Sample Configuration File Provided by OpenVPN
- Starting and Testing the Tunnel
- A Brief Look at Windows OpenVPN Network Interfaces
- Connecting Windows and Linux
- File Exchange between Windows and Linux
- Installing WinSCP
- Transferring the Key File from Windows to Linux with WinSCP
- The Second Pitfall—Carriage Return/End of Line
- Configuring the Linux System
- Testing the Tunnel
- A Look at the Linux Network Interfaces
- Running OpenVPN Automatically
- OpenVPN as Server on Windows
- OpenVPN as Server on Linux
- Runlevels and init Scripts on Linux
- Using runlevel and init to Change and Check Runlevels
- The System Control for Runlevels
- Managing init Scripts
- Using Webmin to Manage init Scripts
- Using SuSE's YaST Module System Services (Runlevel)
- Troubleshooting Firewall Issues
- Deactivating Windows XP Service Pack 2 Firewall
- Stopping the SuSE Firewall
- Chapter 6: Setting Up OpenVPN with X509 Certificates
- Creating Certificates
- Certificate Generation on Windows XP with easy-rsa
- Setting Variables—Editing vars.bat
- Creating the Diffie-Hellman Key
- Building the Certificate Authority
- Generating Server and Client Keys
- Distributing the Files to the VPN Partners
- Configuring OpenVPN to Use Certificates
- Using easy-rsa on Linux
- Preparing Variables in vars
- Creating the Diffie-Hellman Key and the Certificate Authority
- Creating the First Server Certificate/Key Pair
- Creating Further Certificates and Keys
- Chapter 7: The Command openvpn and its Configuration File
- Syntax of openvpn
- OpenVPN Command-Line Parameters
- Using OpenVPN at the Command Line
- Parameters Used in the Standard Configuration File for a Static Key Client
- Compressing the Data
- Controlling and Restarting the Tunnel
- Debugging Output—Troubleshooting
- Configuring OpenVPN with Certificates—Simple TLS Mode
- Overview of OpenVPN Parameters
- General Tunnel Options
- Routing
- Controlling the Tunnel
- Scripting
- Logging
- Specifying a User and Group
- The Management Interface
- Proxies
- Encryption Parameters
- Testing the Crypto System with --test-crypto
- SSL Information—Command Line
- Server Mode
- Server Mode Parameters
- --client-config Options
- Important Windows-Specific Options
- Summary
- Chapter 8: Securing OpenVPN Tunnels and Servers
- Securing and Stabilizing OpenVPN
- Linux and Firewalls
- Debian Linux and Webmin with Shorewall
- Installing Webmin and Shorewall
- Preparing Webmin and Shorewall for the First Start
- Starting Webmin
- Configuring the Shorewall with Webmin
- Creating Zones
- Editing Interfaces
- Default Policies
- Adding Firewall Rules
- Troubleshooting Shorewall—Editing the Configuration Files
- OpenVPN and SuSEfirewall
- Troubleshooting OpenVPN Routing and Firewalls
- Configuring a Router without a Firewall
- iptables—The Standard Linux Firewall Tool
- Configuring the Windows Firewall for OpenVPN
- Summary
- Chapter 9: Advanced Certificate Management
- Certificate Management and Security
- Installing xca
- Using xca
- Creating a Database
- Importing a CA Certificate
- Creating and Signing a New Server/Client Certificate
- Revoking Certificates with xca
- Using TinyCA2 to Manage Certificates
- Importing Our CA
- Using TinyCA2 for CA Administration
- Creating New Certificates and Keys
- Exporting Keys and Certificates with TinyCA2
- Revoking Certificates with TinyCA2
- Chapter 10: Advanced OpenVPN Configuration
- Tunneling a Proxy Server and Protecting the Proxy
- Scripting OpenVPN—An Overview
- Using Authentication Methods
- Using a Client Configuration Directory with Per-Client Configurations
- Individual Firewall Rules for Connecting Clients
- Distributed Compilation through VPN Tunnels with distcc
- Ethernet Bridging with OpenVPN
- Automatic Installation for Windows Clients
- Summary
- Chapter 11: Troubleshooting and Monitoring
- Testing the Network Connectivity
- Checking Interfaces, Routing, and Connectivity on the VPN Servers
- Debugging with tcpdump and IPTraf
- Using OpenVPN Protocol and Status Files for Debugging
- Scanning Servers with Nmap
- Monitoring Tools
- Hints to Other Tools
- Summary
| |
|
