Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    nVPN review – TechRadar


    TechRadar
    nVPN review
    TechRadar
    Next, we received an email containing our VPN username, password, and a link to nVPN's OpenVPN configuration files. The company doesn't have the step-by-step OpenVPN installation tutorials you'll see elsewhere, but if you've used the program before …

    and more »




    Freedom-IP review | TechRadar – TechRadar


    TechRadar
    Freedom-IP review | TechRadar
    TechRadar
    There's minimal website help and credit card-only payments, but get past that and Freedom-IP offers decent speeds and some useful low-level settings.

    and more »




    How to get a secure connection on iOS and macOS by using OpenVPN – TechRepublic


    TechRepublic
    How to get a secure connection on iOS and macOS by using OpenVPN
    TechRepublic
    OpenVPN uses a process that's different than other VPN settings, and it can be configured directly inside of the iOS Settings app. Because OpenVPN uses a few files to handle the connection, those files must first be imported into the app. This method




    Private Internet Access VPN (for iPhone) Review & Rating | PCMag … – PC Magazine


    PC Magazine
    Private Internet Access VPN (for iPhone) Review & Rating | PCMag …
    PC Magazine
    The Private Internet Access iPhone app gives you access to a top VPN service, but it's best suited for more expert users.

    and more »




    WiTopia review – TechRadar


    TechRadar
    WiTopia review
    TechRadar
    A personalVPN Basic plan drops OpenVPN and 4D Stealth support, and is priced at $5.99 for a single month (£4.77, AU$7.95), dropping to an equivalent $4.17 (£3.32, AU$5.52) if you buy a full year, and there are further discounts for 2 and 3-year …

    and more »




    Kepard review | TechRadar – TechRadar


    TechRadar
    Kepard review | TechRadar
    TechRadar
    It's not as polished as the rest, but this is still a VPN you need to try.

    and more »




    OpenVPN 2.4.0 is out – Ghacks Technology News


    Ghacks Technology News
    OpenVPN 2.4.0 is out
    Ghacks Technology News
    OpenVPN 2.4.0 is the latest version of the cross-platform SSL VPN that enables you to create security point-to-point or site-to-site connections. The new version expands on the capabilities introduced in OpenVPN 2.3, namely full IPv6 support and




    OpenVPN 2.4 Cryptographic Audit Will be Conducted By Matthew D. Green – The Merkle


    The Merkle
    OpenVPN 2.4 Cryptographic Audit Will be Conducted By Matthew D. Green
    The Merkle
    VPN Solutions are becoming far more commonly used than ever before, not only because consumers want to hide their real location from hackers and governments, but also because a VPN allows people to bypass censorship and restrictions. OpenVPN, one …




    OpenVPN to Undergo Cryptographic Audit – Threatpost


    PCWorld
    OpenVPN to Undergo Cryptographic Audit
    Threatpost
    “The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco …
    OpenVPN will be audited for security flawsPCWorld
    Santa says you've been nice kids: OpenVPN to get security auditThe Register
    Cryptography Expert Matthew Green to Audit OpenVPN SecurityBleepingComputer
    Tom’s Hardware -Private Internet Access
    all 6 news articles »




    How to quickly deploy an OpenVPN server – TechRepublic


    TechRepublic
    How to quickly deploy an OpenVPN server
    TechRepublic
    One such solution is OpenVPN. With this server software, you can either install it onto an existing platform, or you can opt to go the virtual route with a virtual appliance. I find that the easiest path to success is to use the TurnKey Linux OpenVPN


    PDF24    Send article as PDF   

    Similar Posts


    Switch to our mobile site