The last time I used openvpn, it was version 1.x and only supported a single connection per running process. So, if you had a server that you wanted to support multiple clients connecting, you had to… have multiple ports open to the outside world (unless you did something VERY fancy), and had to have as many openvpn processes open and listening for connections, as you had clients you expected to connect. It wasn’t a pretty setup unless you had a small number (1-5) that you expected to connect. Fortunately that has changed with the 2.0 series of openvpn and it’s really matured as a vpn solution.
For starters, this is a client/server protocol and it’s cross platform. These are nice features for VPN software. There are a variety of ways to setup openvpn. One is without encryption (mostly for troubleshooting), the next is a “shared secret” method which has you copy a “secret file” to each machine and that is used for authenticating to the vpn. There are advantages to this… easy setup. The disadvantages though are many…. what if someone loses the key? what if the key is broken, then ALL present/past/future communications could be compromised… you can’t setup for multiple clients with the secret file based authentication. So, the next is TLS (certificate authority) based encryption.
I’ve done this and get things setup, but the hardest part here is getting your authentication keys setup and signed… after that the setup get’s quite easy.
With openvpn you have to allow incoming udp connections on one port to get to the openvpn server machine. The current port is 1194. (It is possible to work it over Tcp as well..) Earlier in their development I think they used 5000, it is configurable in setup so it could be anything you want that doesn’t conflict with other services.
server has to be specified in the openvpn servers configuration file IF you want multiple machines to be able to connect to the same openvpn server. Routing can be pushed to each of the clients as well.
Overall, I’ve liked openvpns configurability… it’s quite flexible and gives many choices. My main intent for using it is from my laptop to encrypt my wireless connection. I expect even from outside my network I may route all traffic through the VPN for true secure web browsing/etc….
Given the choice between hamachi and openvpn… I’d probably pick openvpn because I feel like I have a bit more control over it. (There was one machine I couldn’t get hamachi to connect to…) That said, hamachi is an easier secure vpn solution for beginners.
Related PostsRelated Posts
- Diebold Voting machine vulnerabilities Freedom to tinker brings us this BIG problem. I guess what concerns me most about this, is the way I see it, voter fraud has pretty much gone on since there have been elections. Let's face it, there is always someone, acting officially or not that will jockey for the......
- Network Security guide for the home or small business network - Part 1 - A Hardware firewall Computers can communicate over networks. (Surprise!) That's how you're reading this post. The machine that this site is hosted on is listening for requests for connection. When it receives a request it answers back with a web page. In fact, computers can listen for a great many different kinds of......
- Hamachi p2p vpn A few days back I was at grc to run a "shields up" scan on a clients machine and found reference to their Security Now podcast (Leo Laporte and Steve Gibson.) The cast was about a VPN tool called Hamachi... so I revisited and gave a read to the Security......
- World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
- Ubiquity Server Review - Bad Servers Ubiquity Server which is located in Chicago, IL also found on the web at http://www.ubiquityservers.com/ is the worst datacenter that we have ever done business with "EVER." We would not even recommend them to our worst enemy or even our competition. To begin with their service is unpredictable, starting with......
- Corporate Blog Security Issues If you are planning on starting your own corporate blog or executive blog, or if you already have a corporate blog that you are writing in, then one of your greatest concerns should be corporate blog security issues. There are a variety of different corporate blogging security issues that you......
- Hamachi p2p vpn
- OpenVPN series
- SSH, Proxies (Proxy’s?), Tor and Web Browsing
- Virtual Server on Apache to listen on an alternate port