Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Best VPN for Android – Computer Business Review


    Computer Business Review
    Best VPN for Android
    Computer Business Review
    This option is also well regarded because if you lose your connection, OpenVPN will ensure that you stay within the VPN when the connection with the network is re-established. The benefit of this is that there are no periods of time spend forced into …
    LiquidVPN Review – Modulate Your Web Privacy With Modulating IPTechVorm (blog)

    all 3 news articles »




    Control Alexa Echo from anywhere in the World | Hackaday – Hackaday


    Hackaday
    Control Alexa Echo from anywhere in the World | Hackaday
    Hackaday
    If you are not within ear-shot of your Alexa Echo, Dot or Tap device and need to command it from anywhere in the world, you'd most likely use the handy mobile …

    and more »




    Protect your personal data with this top-ranked VPN, now 63% off – TechnoBuffalo


    TechnoBuffalo
    Protect your personal data with this top-ranked VPN, now 63% off
    TechnoBuffalo
    Whether you're on your home network or even a dodgy open public Wi-Fi, PIA's OpenVPN technology offers a fully secured connection tunnel that keeps all prying eyes away from your personal information. In addition to a fully cloaked IP, you'll gets




    ExpressVPN vs IPVanish: Two Great Services, Just One Winner – Cloudwards


    Cloudwards
    ExpressVPN vs IPVanish: Two Great Services, Just One Winner
    Cloudwards
    PPTP isn't completely useless, however, because it has significantly less overhead than OpenVPN. Lower overhead means it runs faster, making it ideal for gamers who want to connect to foreign servers and users trying to unblock geo-restricted streaming …

    and more »




    ​Understanding VPNs and how to choose one – CNET


    CNET
    ​Understanding VPNs and how to choose one
    CNET
    Instead, look for providers who offer OpenVPN and L2TP/IPsec. In general, OpenVPN is the best choice, but many smartphones don't support it. So if you're connecting via PC or Mac, you'll want to use OpenVPN. If you're connecting via a phone or tablet

    and more »




    4 things you should know about running a VPN on Android – AndroidGuys

    4 things you should know about running a VPN on Android
    AndroidGuys
    A Virtual Private Network (VPN) allows you to alter your IP address so you can appear as if you're operating in another part of the world. They allow you to circumvent government blocks on websites and protect your privacy. It should come as no




    How to get a secure connection on iOS and macOS by using OpenVPN – TechRepublic


    TechRepublic
    How to get a secure connection on iOS and macOS by using OpenVPN
    TechRepublic
    When you're traveling or just accessing the internet on a shared connection, it's important to ensure you have a secure connection. OpenVPN, a popular solution for Virtual Private Networking (VPN), lets you connect to secure services. It provides a




    OpenVPN 2.4.0 is out – Ghacks Technology News


    Ghacks Technology News
    OpenVPN 2.4.0 is out
    Ghacks Technology News
    OpenVPN 2.4.0 is the latest version of the cross-platform SSL VPN that enables you to create security point-to-point or site-to-site connections. The new version expands on the capabilities introduced in OpenVPN 2.3, namely full IPv6 support and




    OpenVPN to Undergo Cryptographic Audit – Threatpost


    PCWorld
    OpenVPN to Undergo Cryptographic Audit
    Threatpost
    “The OpenVPN 2.4 audit is important for the entire community because OpenVPN is available on almost every platform and is used in many applications from consumer products such as Private Internet Access VPN to business software such as Cisco …
    OpenVPN will be audited for security flawsPCWorld
    Cryptography Expert Matthew Green to Audit OpenVPN SecurityBleepingComputer
    Santa says you've been nice kids: OpenVPN to get security auditThe Register
    Tom’s Hardware -Private Internet Access
    all 6 news articles »




    How to quickly deploy an OpenVPN server – TechRepublic


    TechRepublic
    How to quickly deploy an OpenVPN server
    TechRepublic
    One such solution is OpenVPN. With this server software, you can either install it onto an existing platform, or you can opt to go the virtual route with a virtual appliance. I find that the easiest path to success is to use the TurnKey Linux OpenVPN


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site