OpenVPN



The last time I used openvpn, it was version 1.x and only supported a single connection per running process. So, if you had a server that you wanted to support multiple clients connecting, you had to… have multiple ports open to the outside world (unless you did something VERY fancy), and had to have as many openvpn processes open and listening for connections, as you had clients you expected to connect. It wasn’t a pretty setup unless you had a small number (1-5) that you expected to connect. Fortunately that has changed with the 2.0 series of openvpn and it’s really matured as a vpn solution.


For starters, this is a client/server protocol and it’s cross platform. These are nice features for VPN software. There are a variety of ways to setup openvpn. One is without encryption (mostly for troubleshooting), the next is a “shared secret” method which has you copy a “secret file” to each machine and that is used for authenticating to the vpn. There are advantages to this… easy setup. The disadvantages though are many…. what if someone loses the key? what if the key is broken, then ALL present/past/future communications could be compromised… you can’t setup for multiple clients with the secret file based authentication. So, the next is TLS (certificate authority) based encryption.

I’ve done this and get things setup, but the hardest part here is getting your authentication keys setup and signed… after that the setup get’s quite easy.

With openvpn you have to allow incoming udp connections on one port to get to the openvpn server machine. The current port is 1194. (It is possible to work it over Tcp as well..) Earlier in their development I think they used 5000, it is configurable in setup so it could be anything you want that doesn’t conflict with other services.

server has to be specified in the openvpn servers configuration file IF you want multiple machines to be able to connect to the same openvpn server. Routing can be pushed to each of the clients as well.

Overall, I’ve liked openvpns configurability… it’s quite flexible and gives many choices. My main intent for using it is from my laptop to encrypt my wireless connection. I expect even from outside my network I may route all traffic through the VPN for true secure web browsing/etc….

Given the choice between hamachi and openvpn… I’d probably pick openvpn because I feel like I have a bit more control over it. (There was one machine I couldn’t get hamachi to connect to…) That said, hamachi is an easier secure vpn solution for beginners.

Related Posts

Blog Traffic Exchange Related Posts
  • Hamachi p2p vpn A few days back I was at grc to run a "shields up" scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi... so I revisited and gave a read to the Security......
  • Network Security guide for the home or small business network - Part 7 - Wireless Networking OK - the last couple of entries got into some heavy lifting and some real learning on your part. Learning about what software needs to run, what services are running, updating them to keep current on security patches. We even talked about securing services listening for outside connections and limiting......
  • Zotob update There was an update at Incidents.org on the Zotob worm and specifically an advisory related to Cisco products. From their site.... **snipped from NISCC** "Affected Products ================= If the software versions or configuration information are provided, then only those combinations are vulnerable. This is a list of appliance software that......
Blog Traffic Exchange Related Websites
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
  • Ubiquity Server Review - Bad Servers Ubiquity Server which is located in Chicago, IL also found on the web at http://www.ubiquityservers.com/ is the worst datacenter that we have ever done business with "EVER." We would not even recommend them to our worst enemy or even our competition. To begin with their service is unpredictable, starting with......
  • Is Social Security a Ponzi Scheme? (Part 3: How to Fix Social Security) The following is a continuation of the Is Social Security a Ponzi Scheme? (Part 1) and Is Social Security a Ponzi Scheme? (Part 2: An Explanation of Social Security Works). Those articles explained the history of Charles Ponzi and the original Ponzi scheme and explained how Social Security works. In......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site