I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters: and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that in one office can route well over the vpn to in the other office. If both networks (or multiple) use there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this office network and are out at a wifi hotspot that also happens to be a – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at It also pushes routes to with as the gateway and with gw of to our second box which is given a address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same network. So, each client has it’s own network address ( and it’s vpn address This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(, but their lan address ( Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the subnet and they are all screened with the wider subnet via the server so that anything in the is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Software-update: OpenVPN 2.4.3 – Tweakers

    Software-update: OpenVPN 2.4.3
    OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private networks aan elkaar geknoopt kunnen worden door middel van een encrypted tunnel via internet. Voor de beveiliging wordt gebruikgemaakt van …

    オープンソースのVPNソフト「OpenVPN」、4件の脆弱性を修正 – INTERNET Watch

    INTERNET Watch
    INTERNET Watch
    OpenVPNは22日、オープンソースのVPNソフト「OpenVPN」の新バージョン「2.4.3」と「2.3.17」をリリースした。CVE番号ベースで4件の脆弱性を修正しており、早急なアップデートが推奨されている。 脆弱性「CVE-2017-7520」は、クライアントがNTLM v2認証でHTTPプロキシを …
    「OpenVPN」に複数の脆弱性 – 早期にアップデートをSecurity NEXT

    all 3 news articles »

    OpenVPN Software Has Security Flaws: Patch It Now – Tom’s Guide

    Tom’s Guide
    OpenVPN Software Has Security Flaws: Patch It Now
    Tom’s Guide
    If you've ever worked from home for a big corporation, or subscribe to a VPN service, you may be familiar with OpenVPN. It's an open-source virtual private network protocol, which lets users route all their internet traffic through encrypted

    OpenVPN: Vier kritische Lücken gefährden VPN-Nutzer –
    OpenVPN: Vier kritische Lücken gefährden VPN-Nutzer
    Vor gleich vier kritischen Lücken in OpenVPN warnt nun der Sicherheitsforscher Guido Vranken. Zumindest eine davon soll sich – zumindest theoretisch – auch dazu nutzen lassen, um Code auf einem VPN-Server einzuschmuggeln und zur Ausführung zu …
    Neue kritische Lecks in
    Sicherheitslücken in OpenVPN

    all 4 news articles »

    OpenVPN dicht door Nederlander gevonden kwetsbaarheden – Tweakers
    OpenVPN dicht door Nederlander gevonden kwetsbaarheden
    De ontwikkelaars van OpenVPN hebben verschillende kwetsbaarheden in hun vpn-software verholpen. Deze zijn ontdekt door beveiligingsonderzoeker Guido Vranken, nadat er al audits van de software hadden plaatsgevonden. OpenVPN logo (60 pix) …
    Onderzoeker ontdekt OpenVPN-lekken na eerdere
    Nederlander vindt grote kwetsbaarheden in vpn-softwareRTL Nieuws

    all 4 news articles »

    Plusieurs trous de s̩curit̩ pour OpenVPN РSilicon

    Plusieurs trous de sécurité pour OpenVPN
    OpenVPN, un logiciel libre permettant de créer des réseaux privés virtuels, est toujours confronté à des problèmes de sécurité. Même si Google est prêt à payer des développeurs pour en améliorer la sécurité et que des audits de sécurité ont déjà été

    Dwa audyty kodu OpenVPN nie pomogły, eksperci przeoczyli groźne luki – dobreprogramy

    Dwa audyty kodu OpenVPN nie pomogły, eksperci przeoczyli groźne luki
    Holenderski badacz Guido Vranken donosi o odkryciu czterech nowych luk w OpenVPN, które nie zostały zauważone w obu tegorocznych audytach. Są one groźne w skutkach, jedna z nich pozwala na zdalne uruchomienie kodu, inna otwiera drogę do …

    Know These Five Tactics Cyber Attackers Use To Hurt Internet Users – PR Web (press release)

    Know These Five Tactics Cyber Attackers Use To Hurt Internet Users
    PR Web (press release)
    Not all cyberattacks are created equal, and OpenVPN CEO Francis Dinha says it's important to distinguish among them to properly defend your digital assets. Here's a breakdown of the top five categories of attack your business must guard against.

    and more »

    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns – The Register

    The Register
    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns
    The Register
    OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on
    OpenVPN taken to task after audit ignores remote code execution flawsZDNet

    all 2 news articles »

    OpenVPN Patches Critical Remote Code Execution Vulnerability – Threatpost

    OpenVPN Patches Critical Remote Code Execution Vulnerability
    OpenVPN has this week patched four vulnerabilities, including a critical remote code execution bug, a little more than a month after the results of two security audits of the open source VPN software were published. The patches were released after    Send article as PDF   

    Similar Posts

    Switch to our mobile site