OpenVPN



The last time I used openvpn, it was version 1.x and only supported a single connection per running process. So, if you had a server that you wanted to support multiple clients connecting, you had to… have multiple ports open to the outside world (unless you did something VERY fancy), and had to have as many openvpn processes open and listening for connections, as you had clients you expected to connect. It wasn’t a pretty setup unless you had a small number (1-5) that you expected to connect. Fortunately that has changed with the 2.0 series of openvpn and it’s really matured as a vpn solution.


For starters, this is a client/server protocol and it’s cross platform. These are nice features for VPN software. There are a variety of ways to setup openvpn. One is without encryption (mostly for troubleshooting), the next is a “shared secret” method which has you copy a “secret file” to each machine and that is used for authenticating to the vpn. There are advantages to this… easy setup. The disadvantages though are many…. what if someone loses the key? what if the key is broken, then ALL present/past/future communications could be compromised… you can’t setup for multiple clients with the secret file based authentication. So, the next is TLS (certificate authority) based encryption.

I’ve done this and get things setup, but the hardest part here is getting your authentication keys setup and signed… after that the setup get’s quite easy.

With openvpn you have to allow incoming udp connections on one port to get to the openvpn server machine. The current port is 1194. (It is possible to work it over Tcp as well..) Earlier in their development I think they used 5000, it is configurable in setup so it could be anything you want that doesn’t conflict with other services.

server has to be specified in the openvpn servers configuration file IF you want multiple machines to be able to connect to the same openvpn server. Routing can be pushed to each of the clients as well.

Overall, I’ve liked openvpns configurability… it’s quite flexible and gives many choices. My main intent for using it is from my laptop to encrypt my wireless connection. I expect even from outside my network I may route all traffic through the VPN for true secure web browsing/etc….

Given the choice between hamachi and openvpn… I’d probably pick openvpn because I feel like I have a bit more control over it. (There was one machine I couldn’t get hamachi to connect to…) That said, hamachi is an easier secure vpn solution for beginners.

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 1 - A Hardware firewall Computers can communicate over networks. (Surprise!) That's how you're reading this post. The machine that this site is hosted on is listening for requests for connection. When it receives a request it answers back with a web page. In fact, computers can listen for a great many different kinds of......
  • Zotob update There was an update at Incidents.org on the Zotob worm and specifically an advisory related to Cisco products. From their site.... **snipped from NISCC** "Affected Products ================= If the software versions or configuration information are provided, then only those combinations are vulnerable. This is a list of appliance software that......
  • Using ssh to protect web browsing over wireless or other hostile networks This really could be used to encyrpt web traffic over any "hostile" network. Here's what I'm talking about. Laptop using wireless. Within our internal network we would LIKE all our web traffic to be encrypted at least from the laptop to a wired host. (From there to the outside world......
Blog Traffic Exchange Related Websites
  • Solidifying WP Security Designed with PHP, and powered by mySQL directories, WordPress is used by an amazing 8.5% of all websites. Web delivered spyware and web page hacking are becoming progressively more common. With such a lot of web content using WordPress as a CMS, any security weaknesses in the CMS structure or......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
  • Is Social Security a Ponzi Scheme? (Part 3: How to Fix Social Security) The following is a continuation of the Is Social Security a Ponzi Scheme? (Part 1) and Is Social Security a Ponzi Scheme? (Part 2: An Explanation of Social Security Works). Those articles explained the history of Charles Ponzi and the original Ponzi scheme and explained how Social Security works. In......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site