Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Le VPN, a Leading Personal VPN Provider, Releases a New Android VPN App in the US and Internationally – Digital Journal


    Digital Journal
    Le VPN, a Leading Personal VPN Provider, Releases a New Android VPN App in the US and Internationally
    Digital Journal
    The new Android app by Le VPN offers a secure one-tap VPN connection with an OpenVPN protocol, IP address change to IPs in 114 countries, and a very easy and intuitive app navigation. For a limited time only during the app launch, Le VPN offers a 7-day …




    Going online via a VPN is the smart thing to do [Deals] – Cult of Mac


    Cult of Mac
    Going online via a VPN is the smart thing to do [Deals]
    Cult of Mac
    The internet is a scary place. And that's not just because of the weird comments and content you might run into. It's also a place that;s filled with identity thieves, hackers, and other dangers. Add to that the annoyance of regional content




    Actualiza OpenVPN cuanto antes para corregir dos fallas críticas [+Video] – Alta Densidad (blog)


    Alta Densidad (blog)
    Actualiza OpenVPN cuanto antes para corregir dos fallas críticas [+Video]
    Alta Densidad (blog)
    OpenVPN es una de las plataformas más populares utilizada para montar conexiones VPN propias. Gracias a ella, podemos conectarnos de forma segura y privada a nuestra propia red doméstica o de trabajo, pudiendo acceder así a todos los recursos …

    and more »




    FreeRADIUS Update Patches Bugs Static Analysis Tools Missed – Threatpost


    Threatpost
    FreeRADIUS Update Patches Bugs Static Analysis Tools Missed
    Threatpost
    Vranken used a custom version of libFuzzer to find a handful of serious bugs in OpenVPN that were ultimately patched in late June. A memory leak related to misuse of the OpenSSL API in OpenVPN was also found in and disclosed to FreeRADIUS, prompting …

    and more »




    Fedora 26 Linux Distribution Released — 7 Biggest Features & Torrent Download Links – Fossbytes


    Fossbytes
    Fedora 26 Linux Distribution Released — 7 Biggest Features & Torrent Download Links
    Fossbytes
    Short Bytes: Fedora 26 is the latest version of Fedora operating system. This version ships with the default GNOME 3.24 desktop environment andLinux kernel 4.11.8. Fedora 26 also marks the release of a new spin in the form of LXQt desktop edition.

    and more »




    ProtonVPN review – TechRadar


    TechRadar
    ProtonVPN review
    TechRadar
    OS X, Android and iOS users will have to set up an OpenVPN app, but there are instructions to help out. Perhaps unsurprisingly, all this functionality comes at a cost. The Plus plan delivers all the features we've described here, covers five devices




    Future Hosting Warns OpenVPN Users Of Critical Vulnerability – HostReview.com (press release)

    Future Hosting Warns OpenVPN Users Of Critical Vulnerability
    HostReview.com (press release)
    Southfield, MI (PRWEB)July 05, 2017 – Future Hosting, a VPS hosting and dedicated server hosting provider, has warned users of the popular OpenVPN virtual private network application to update immediately. A number of vulnerabilities in OpenVPN, …

    and more »




    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns – The Register


    The Register
    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns
    The Register
    OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on
    OpenVPN taken to task after audit ignores remote code execution flawsZDNet

    all 2 news articles »




    Last week: ‘OpenVPN client is secure!’ This week: ‘Unpatched bug in OpenVPN server’ – The Register


    The Register
    Last week: 'OpenVPN client is secure!' This week: 'Unpatched bug in OpenVPN server'
    The Register
    French security outfit Sysdream has gone public with a vulnerability in the admin interface for OpenVPN's server. The finding is a bit awkward because it comes after OpenVPN's client got a clean bill of health in two independent security audits earlier




    OpenVPN Audits Yield Mixed Bag – Threatpost


    The Register
    OpenVPN Audits Yield Mixed Bag
    Threatpost
    Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software was cryptographically sound, while another found two legitimate vulnerabilities. The news comes …
    Good news, OpenVPN fans: Your software's only a little bit buggyThe Register

    all 2 news articles »


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site