Free Sample
+ Collection

OpenVPN 2 Cookbook

Jan Just Keijser

Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network.
RRP $29.99
RRP $49.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781849510103
Paperback356 pages

About This Book

  • Set of recipes covering the whole range of tasks for working with OpenVPN
  • The quickest way to solve your OpenVPN problems!
  • Set up, configure, troubleshoot and tune OpenVPN
  • Uncover advanced features of OpenVPN and even some undocumented options

Who This Book Is For

This book is ideal for system administrators and networking professionals who are interested in building secure VPNs using OpenVPN. It is preferable that the reader has a basic knowledge of OpenVPN, as well as general network administration skills.

Table of Contents

Chapter 1: Point-to-Point Networks
Shortest setup possible
OpenVPN secret keys
Multiple secret keys
Plaintext tunnel
Configuration files versus the command-line
Complete site-to-site setup
3-way routing
Chapter 2: Client-server IP-only Networks
Setting up the public and private keys
Simple configuration
Server-side routing
Using 'client-config-dir' files
Routing: subnets on both sides
Redirecting the default gateway
Using an 'ifconfig-pool' block
Using the status file
Management interface
Chapter 3: Client-server Ethernet-style Networks
Simple configuration—non-bridged
Enabling client-to-client traffic
Checking broadcast and non-IP traffic
External DHCP server
Using the status file
Management interface
Chapter 4: PKI, Certificates, and OpenSSL
Certificate generation
xCA: a GUI for managing a PKI (Part 1)
xCA : a GUI for managing a PKI (Part 2)
OpenSSL tricks: x509, pkcs12, verify output
Revoking certificates
The use of CRLs
Checking expired/revoked certificates
Intermediary CAs
Multiple CAs: stacking, using --capath
Chapter 5: Two-factor Authentication with PKCS#11
Initializing a hardware token
Getting a hardware token ID
Using a hardware token
Using the management interface to list PKCS#11 certificates
Selecting a PKCS#11 certificate using the management interface
Generating a key on the hardware token
Private method for getting a PKCS#11 certificate
Pin caching example
Chapter 6: Scripting and Plugins
Using a client-side up/down script
Windows login greeter
Using client-connect/client-disconnect scripts
Using a 'learn-address' script
Using a 'tls-verify' script
Using an 'auth-user-pass-verify' script
Script order
Script security and logging
Using the 'down-root' plugin
Using the PAM authentication plugin
Chapter 7: Troubleshooting OpenVPN: Configurations
Cipher mismatches
TUN versus TAP mismatches
Compression mismatches
Key mismatches
Troubleshooting MTU and tun-mtu issues
Troubleshooting network connectivity
Troubleshooting 'client-config-dir' issues
How to read the OpenVPN log files
Chapter 8: Troubleshooting OpenVPN: Routing
The missing return route
Missing return routes when 'iroute' is used
All clients function except the OpenVPN endpoints
Source routing
Routing and permissions on Windows
Troubleshooting client-to-client traffic routing
Understanding the 'MULTI: bad source' warnings
Failure when redirecting the default gateway
Chapter 9: Performance Tuning
Optimizing performance using 'ping'
Optimizing performance using 'iperf'
OpenSSL cipher speed
Compression tests
Traffic shaping
Tuning UDP-based connections
Tuning TCP-based connections
Analyzing performance using tcpdump
Chapter 10: OS Integration
Linux: using NetworkManager
Linux: using 'pull-resolv-conf'
MacOS: using Tunnelblick
Windows Vista/7: elevated privileges
Windows: using the CryptoAPI store
Windows: updating the DNS cache
Windows: running OpenVPN as a service
Windows: public versus private network adapters
Windows: routing methods
Chapter 11: Advanced Configuration
Including configuration files in config files
Multiple remotes and remote-random
Details of ifconfig-pool-persist
Connecting using a SOCKS proxy
Connecting via an HTTP proxy
Connecting via an HTTP proxy with authentication
Using dyndns
IP-less setups (ifconfig-noexec)
Chapter 12: New Features of OpenVPN 2.1 and 2.2
Inline certificates
Connection blocks
Port sharing with an HTTPS server
Routing features: redirect-private, allow-pull-fqdn
Handing out the public IPs
OCSP support
New for 2.2: the 'x509_user_name' parameter

What You Will Learn

  • Setting up point-to-point, routed as well as bridged VPNs
  • Determining the best type of OpenVPN set up for your networking needs
  • Configuring OpenVPN on Linux, Windows and Mac OS X
  • Using scripting and plugins to optimize your VPN setup
  • Troubleshooting your VPN setup
  • Using advanced OpenVPN techniques, such as proxy support, compression, different encryption algorithms
  • Setting up a public key infrastructure (PKI) for use with OpenVPN, including X509 certificates, certificate revocation lists and intermediary certificate authorities
  • Integrating a hardware security token or smart card into your VPN setup


In Detail

OpenVPN is a free and open source virtual private network (VPN) program for creating point-to-point or server-to-multiclient encrypted tunnels between host computers. It is capable of establishing direct links between computers across networks and firewalls. It is powerful software, but getting the most from it can be a daunting task.

OpenVPN 2 Cookbook provides solutions to common OpenVPN problems. The book covers everything a system administrator needs to manage and run an OpenVPN network, from point to point networks to troubleshooting.

OpenVPN 2 Cookbook offers all the information you need to successfully manage your network. Covering all the common networks, including point to point networks, multi-client tun style networks and multi client tap style networks, this practical guide gives quick answers to common questions and problems.

Each technical aspect is broken down into short recipes that demonstrate solutions with working code, then explain why and how that works. The book is intended to be a desk reference for users with a whole range of experience levels.


Read More