Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    This RSS feed URL is deprecated

    This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news



    Zo installeer je OpenVPN op je router – Personal Computer Magazine


    Personal Computer Magazine
    Zo installeer je OpenVPN op je router
    Personal Computer Magazine
    De AsusWRT-routers hebben onderliggend wel ondersteuning om als OpenVPN-client te dienen. Ga naar Advanced Settings / VPN. Klik op VPN Client en klik onderaan op Add profile en kies voor het tabblad OpenVPN. Je krijgt dan de optie om een …




    OpenVPN installeren op Windows 10, macOS en Linux – Personal Computer Magazine


    Personal Computer Magazine
    OpenVPN installeren op Windows 10, macOS en Linux
    Personal Computer Magazine
    OpenVPN installeren op je Windows-pc doe je met de officiële OpenVPN-client, Windows zelf heeft geen ondersteuning voor deze vpn. Hetzelfde geldt voor macOS en veel Linux-distributies: daar zijn er andere pakketten beschikbaar om je op weg te helpen.




    OpenVPN, Inc., Warns of Dangerous Fake Phone Security Alerts – PR Newswire (press release)

    OpenVPN, Inc., Warns of Dangerous Fake Phone Security Alerts
    PR Newswire (press release)
    "Now, especially, is the time to watch out for your online activity and protect yourself with a product like OpenVPN and Private Tunnel as more people look to shop online during this busy season," said Dinha. "Just make sure you're using the proper

    and more »




    Zo installeer je OpenVPN op je smartphone – Personal Computer Magazine


    Personal Computer Magazine
    Zo installeer je OpenVPN op je smartphone
    Personal Computer Magazine
    OpenVPN is opensource, dat geeft het een voordeel ten opzichte van de concurrentie omdat het openlijk bestudeerd kan worden. Door alle ogen die meekijken wordt de software als geheel veiliger. Bovendien is OpenVPN erg fijn naar eigen hand te zetten …




    NordVPN review: High-speed unlimited bandwidth, No-logs policy & more! – TWCN Tech News (blog)


    TWCN Tech News (blog)
    NordVPN review: High-speed unlimited bandwidth, No-logs policy & more!
    TWCN Tech News (blog)
    Speaking of security, NordVPN employs the OpenVPN and IKEv2/IPsec encryption protocols. OpenVPN is the default option in NordVPN's Windows and Android apps, using the military-grade 2048-bit SSL encryption. Meanwhile, the 3072-bit IKEv2/IPsec is …




    Egypt Blocks OpenVPN – BestVPN.com (blog)


    BestVPN.com (blog)
    Egypt Blocks OpenVPN
    BestVPN.com (blog)
    It was reported on reddit that Egypt has now blocked OpenVPN as well. It seems that ISPs are using DPI techniques to detect OpenVPN packets. Once detected, the ISP drops these packets before the Transport Layer Security (TLS) handshake occurs.




    OpenVPN 2.4.3 – PCMag


    PCMag
    OpenVPN 2.4.3
    PCMag
    Powerful and flexible. Installs on a wide variety of Apple, Linux, and Windows operating systems. Supports cloud instances and virtual appliances. Supports mobile (Android, iOS) and even BSD. Cons. Installation of the Community Client requires

    and more »




    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns – The Register


    The Register
    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns
    The Register
    OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on
    OpenVPN taken to task after audit ignores remote code execution flawsZDNet

    all 2 news articles »




    OpenVPN Patches Critical Remote Code Execution Vulnerability – Threatpost

    OpenVPN Patches Critical Remote Code Execution Vulnerability
    Threatpost
    OpenVPN has this week patched four vulnerabilities, including a critical remote code execution bug, a little more than a month after the results of two security audits of the open source VPN software were published. The patches were released after


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site