Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “”openvpn”" – Google News

    Namecheap VPN Review 2019 – TechNadu

    Namecheap VPN Review 2019  TechNadu

    If you’re looking for a VPN only to unblock Netflix, this one might be the one. Read our full hands-on review of Namecheap VPN to learn more.




    What is a Virtual Private Network (VPN) and how does it function? – Techaeris

    What is a Virtual Private Network (VPN) and how does it function?  Techaeris

    The protocols of a Virtual Private Network define how the *service* handles the transmission of the data over the VPN servers.




    Huawei will help build Britain’s 5G network, despite security concerns – The Verge

    Huawei will help build Britain’s 5G network, despite security concerns  The Verge

    UK Prime Minister Theresa May has signed off on letting Chinese telecommunications giant Huawei help build “non-core” parts of the country’s 5G infrastructure, …




    5 Best VPNs For Netflix That Work in April 2019 – Blokt

    5 Best VPNs For Netflix That Work in April 2019  Blokt

    Here’s a brief rundown of some of the leading and most affordable VPN services for streaming Netflix. Note that the prices mentioned below may vary …




    New Survey Says Boomers Are More Savvy About Online Security Than Millennials – Reynolds Center

    New Survey Says Boomers Are More Savvy About Online Security Than Millennials  Reynolds Center

    Business reporters can challenge their readers to take one or more of the following steps to strengthen their online security.




    Here’s Why You Need A VPN — And Which One To Choose – Forbes

    Here’s Why You Need A VPN — And Which One To Choose  Forbes

    Whether you are a tin foil hat wearing cyber security aficionado or not, it’s a sad but true fact that our privacy is in danger. Even when surfing the web, data is …




    OpenVPN and JumpCloud Partner to Bring Secure Cloud-based Authentication and User Management to VPN – Security Boulevard

    OpenVPN and JumpCloud Partner to Bring Secure Cloud-based Authentication and User Management to VPN  Security Boulevard

    BOULDER, COLO., and PLEASANTON, CALIF. – April 16, 2019 – OpenVPN, the leading provider of next-gen secure and scalable communication services, and …




    IT Manager – hypepotamus.com

    IT Manager  hypepotamus.com

    Website Greenlight Financial. Greenlight helps parents raise financially-smart kids. What we’re building: Greenlight helps parents raise financially-smart kids …




    A deeper look into OpenVPN: Security vulnerabilities – SDTimes.com

    A deeper look into OpenVPN: Security vulnerabilities  SDTimes.com

    OpenVPN is the backbone of online security. It is supported in many popular virtual private network (VPN) providers such as NordVPN and ExpressVPN, and …




    GL.iNet GL-MT300N-V2 (Mango) mini travel router review – The Gadgeteer

    GL.iNet GL-MT300N-V2 (Mango) mini travel router review  The Gadgeteer

    REVIEW – Since my last review of the TP-Link TL-WR802n , I found a few things that I wasn’t happy with and went on the lookout for something to address the …


    www.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site