OpenVPN Cookbook - Second Edition

Discover over 90 practical and exciting recipes that leverage the power of OpenVPN 2.4 to help you obtain a reliable and secure VPN

OpenVPN Cookbook - Second Edition

Jan Just Keijser

Discover over 90 practical and exciting recipes that leverage the power of OpenVPN 2.4 to help you obtain a reliable and secure VPN
Mapt Subscription
FREE
$29.99/m after trial
eBook
$28.00
RRP $39.99
Save 29%
Print + eBook
$49.99
RRP $49.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$28.00
$49.99
$29.99p/m after trial
RRP $39.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 30 Day Trial
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Preview in Mapt

Book Details

ISBN 139781786463128
Paperback400 pages

Book Description

OpenVPN provides an extensible VPN framework that has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, and supporting alternative authentication methods via OpenVPN’s plugin module interface.

This book provides you with many different recipes to help you set up, monitor, and troubleshoot an OpenVPN network. You will learn to configure a scalable, load-balanced VPN server farm that can handle thousands of dynamic connections from incoming VPN clients. You will also get to grips with the encryption, authentication, security, extensibility, and certifications features of OpenSSL.

You will also get an understanding of IPv6 support and will get a demonstration of how to establish a connection via IPv64. This book will explore all the advanced features of OpenVPN and even some undocumented options, covering all the common network setups such as point-to-point networks and multi-client TUN-style and TAP-style networks. Finally, you will learn to manage, secure, and troubleshoot your virtual private networks using OpenVPN 2.4.

Table of Contents

Chapter 1: Point-to-Point Networks
Introduction
The shortest setup possible
OpenVPN secret keys
Multiple secret keys
Plaintext tunnel
Routing
Configuration files versus the command line
Complete site-to-site setup
Three-way routing
Using IPv6
Chapter 2: Client-server IP-only Networks
Introduction
Setting up the public and private keys
A simple configuration
Server-side routing
Adding IPv6 support
Using client-config-dir files
Routing - subnets on both sides
Redirecting the default gateway
Redirecting the IPv6 default gateway
Using an ifconfig-pool block
Using the status file
The management interface
Proxy ARP
Chapter 3: Client-server Ethernet-style Networks
Introduction
Simple configuration - non-bridged
Enabling client-to-client traffic
Bridging - Linux
Bridging- Windows
Checking broadcast and non-IP traffic
An external DHCP server
Using the status file
The management interface
Integrating IPv6 into TAP-style networks
Chapter 4: PKI, Certificates, and OpenSSL
Introduction
Certificate generation
OpenSSL tricks - x509, pkcs12, verify output
Revoking certificates
The use of CRLs
Checking expired/revoked certificates
Intermediary CAs
Multiple CAs - stacking, using the capath directive
Determining the crypto library to be used
Crypto features of OpenSSL and PolarSSL
Pushing ciphers
Elliptic curve support
Chapter 5: Scripting and Plugins
Introduction
Using a client-side up/down script
Using a client-connect script
Using a learn-address script
Using a tls-verify script
Using an auth-user-pass-verify script
Script order
Script security and logging
Scripting and IPv6
Using the down-root plugin
Using the PAM authentication plugin
Chapter 6: Troubleshooting OpenVPN - Configurations
Introduction
Cipher mismatches
TUN versus TAP mismatches
Compression mismatches
Key mismatches
Troubleshooting MTU and tun-mtu issues
Troubleshooting network connectivity
Troubleshooting client-config-dir issues
Troubleshooting multiple remote issues
Troubleshooting bridging issues
How to read the OpenVPN log files
Chapter 7: Troubleshooting OpenVPN - Routing
Introduction
The missing return route
Missing return routes when iroute is used
All clients function except the OpenVPN endpoints
Source routing
Routing and permissions on Windows
Unable to change Windows network location
Troubleshooting client-to-client traffic routing
Understanding the MULTI: bad source warnings
Failure when redirecting the default gateway
Chapter 8: Performance Tuning
Introduction
Optimizing performance using ping
Optimizing performance using iperf
Comparing IPv4 and IPv6 speed
OpenSSL cipher speed
OpenVPN in Gigabit networks
Compression tests
Traffic shaping
Tuning UDP-based connections
Tuning TCP-based connections
Analyzing performance using tcpdump
Chapter 9: OS Integration
Introduction
Linux - using NetworkManager
Linux - using pull-resolv-conf
Windows - elevated privileges
Windows - using the CryptoAPI store
Windows - updating the DNS cache
Windows - running OpenVPN as a service
Windows - public versus private network adapters
Windows - routing methods
Windows 8+ - ensuring DNS lookups are secure
Android - using the OpenVPN for Android clients
Push-peer-info - pushing options to Android clients
Chapter 10: Advanced Configuration
Introduction
Including configuration files in config files
Multiple remotes and remote-random
Inline certificates
Connection blocks
Details of ifconfig-pool-persist
Connecting using a SOCKS proxy
Connecting via an HTTP proxy
Connecting via an HTTP proxy with authentication
IP-less setups - ifconfig-noexec
Port sharing with an HTTPS server
Routing features - redirect-private, allow-pull-fqdn
Filtering out pushed options
Handing out the public IPs

What You Will Learn

  • Determine the best type of OpenVPN setup for your networking needs
  • Get to grips with the encryption, authentication, and certifications features of OpenSSL.
  • Integrate an OpenVPN server into the local IT infrastructure with the scripting features of OpenVPN
  • Ease the integration of Windows clients into the VPN using Windows-specific client-side configuration
  • Understand the authentication plugins for PAM and LDAP
  • Get to know the difference between TUN-style and TAP-style networks and when to use what
  • Troubleshoot your VPN setup
  • Establish a connection via IPv6 along with demonstrations

Authors

Table of Contents

Chapter 1: Point-to-Point Networks
Introduction
The shortest setup possible
OpenVPN secret keys
Multiple secret keys
Plaintext tunnel
Routing
Configuration files versus the command line
Complete site-to-site setup
Three-way routing
Using IPv6
Chapter 2: Client-server IP-only Networks
Introduction
Setting up the public and private keys
A simple configuration
Server-side routing
Adding IPv6 support
Using client-config-dir files
Routing - subnets on both sides
Redirecting the default gateway
Redirecting the IPv6 default gateway
Using an ifconfig-pool block
Using the status file
The management interface
Proxy ARP
Chapter 3: Client-server Ethernet-style Networks
Introduction
Simple configuration - non-bridged
Enabling client-to-client traffic
Bridging - Linux
Bridging- Windows
Checking broadcast and non-IP traffic
An external DHCP server
Using the status file
The management interface
Integrating IPv6 into TAP-style networks
Chapter 4: PKI, Certificates, and OpenSSL
Introduction
Certificate generation
OpenSSL tricks - x509, pkcs12, verify output
Revoking certificates
The use of CRLs
Checking expired/revoked certificates
Intermediary CAs
Multiple CAs - stacking, using the capath directive
Determining the crypto library to be used
Crypto features of OpenSSL and PolarSSL
Pushing ciphers
Elliptic curve support
Chapter 5: Scripting and Plugins
Introduction
Using a client-side up/down script
Using a client-connect script
Using a learn-address script
Using a tls-verify script
Using an auth-user-pass-verify script
Script order
Script security and logging
Scripting and IPv6
Using the down-root plugin
Using the PAM authentication plugin
Chapter 6: Troubleshooting OpenVPN - Configurations
Introduction
Cipher mismatches
TUN versus TAP mismatches
Compression mismatches
Key mismatches
Troubleshooting MTU and tun-mtu issues
Troubleshooting network connectivity
Troubleshooting client-config-dir issues
Troubleshooting multiple remote issues
Troubleshooting bridging issues
How to read the OpenVPN log files
Chapter 7: Troubleshooting OpenVPN - Routing
Introduction
The missing return route
Missing return routes when iroute is used
All clients function except the OpenVPN endpoints
Source routing
Routing and permissions on Windows
Unable to change Windows network location
Troubleshooting client-to-client traffic routing
Understanding the MULTI: bad source warnings
Failure when redirecting the default gateway
Chapter 8: Performance Tuning
Introduction
Optimizing performance using ping
Optimizing performance using iperf
Comparing IPv4 and IPv6 speed
OpenSSL cipher speed
OpenVPN in Gigabit networks
Compression tests
Traffic shaping
Tuning UDP-based connections
Tuning TCP-based connections
Analyzing performance using tcpdump
Chapter 9: OS Integration
Introduction
Linux - using NetworkManager
Linux - using pull-resolv-conf
Windows - elevated privileges
Windows - using the CryptoAPI store
Windows - updating the DNS cache
Windows - running OpenVPN as a service
Windows - public versus private network adapters
Windows - routing methods
Windows 8+ - ensuring DNS lookups are secure
Android - using the OpenVPN for Android clients
Push-peer-info - pushing options to Android clients
Chapter 10: Advanced Configuration
Introduction
Including configuration files in config files
Multiple remotes and remote-random
Inline certificates
Connection blocks
Details of ifconfig-pool-persist
Connecting using a SOCKS proxy
Connecting via an HTTP proxy
Connecting via an HTTP proxy with authentication
IP-less setups - ifconfig-noexec
Port sharing with an HTTPS server
Routing features - redirect-private, allow-pull-fqdn
Filtering out pushed options
Handing out the public IPs

Book Details

ISBN 139781786463128
Paperback400 pages
Read More

Read More Reviews

Recommended for You

Network Analysis using Wireshark Cookbook Book Cover
Network Analysis using Wireshark Cookbook
$ 29.99
$ 6.00
Mastering OpenVPN Book Cover
Mastering OpenVPN
$ 39.99
$ 28.00
Mastering KVM Virtualization Book Cover
Mastering KVM Virtualization
$ 39.99
$ 28.00
Learning Docker Book Cover
Learning Docker
$ 39.99
$ 8.00
Mastering Python Book Cover
Mastering Python
$ 31.99
$ 22.40
Practical Windows Forensics Book Cover
Practical Windows Forensics
$ 39.99
$ 28.00