Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Software-update: OpenVPN 2.4.2 – Tweakers


    Tweakers
    Software-update: OpenVPN 2.4.2
    Tweakers
    OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private networks aan elkaar geknoopt kunnen worden door middel van een encrypted tunnel via internet. Voor de beveiliging wordt gebruikgemaakt van …




    Last week: ‘OpenVPN client is secure!’ This week: ‘Unpatched bug in OpenVPN server’ – The Register


    The Register
    Last week: 'OpenVPN client is secure!' This week: 'Unpatched bug in OpenVPN server'
    The Register
    French security outfit Sysdream has gone public with a vulnerability in the admin interface for OpenVPN's server. The finding is a bit awkward because it comes after OpenVPN's client got a clean bill of health in two independent security audits earlier




    Two Independent OpenVPN Audits Yield Mostly Positive Results – The Merkle


    The Merkle
    Two Independent OpenVPN Audits Yield Mostly Positive Results
    The Merkle
    A lot of people around the world rely on a VPN connection to access information and obfuscate online behavior. A lot of VPN providers use the OpenVPN protocol, which has become somewhat of an industry standard these days. A recent security audit of the …




    Audit gives OpenVPN a clean bill of health – VPNCompare (blog)

    Audit gives OpenVPN a clean bill of health
    VPNCompare (blog)
    OSTIF and QuarksLab have undertaken an audit of the OpenVPN 2.4.0 protocol, evaluating various different version and identifying a number of issues which have been fixed in the latest release of the software. The audit took place between 15 February …




    OpenVPN Audits Yield Mixed Bag – Threatpost


    The Register
    OpenVPN Audits Yield Mixed Bag
    Threatpost
    Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software was cryptographically sound, while another found two legitimate vulnerabilities. The news comes …
    Good news, OpenVPN fans: Your software's only a little bit buggyThe Register

    all 2 news articles »




    Kodi tips: Our pick of the best VPN options available out there – Birmingham Mail

    Kodi tips: Our pick of the best VPN options available out there
    Birmingham Mail
    Each server supports all popular protocols, including: PPTP, L2TP, IPsec (IKEv1 and IKEv2), OpenVPN, SoftEther and SSTP. With the very best server locations and low ping times, the internet is yours for the taking — wherever you might be.

    and more »




    OpenVPN Makes Important Software Improvements To Increase Security – HostReview.com (press release)

    OpenVPN Makes Important Software Improvements To Increase Security
    HostReview.com (press release)
    OpenVPN, a leader in open source security software, submitted to an independent comprehensive security audit conducted by virtual private network providers to improve its software and provide even safer, more secure services. Pleasanton, Calif. (PRWEB) …




    Free vs. Paid VPNs: Which Should You Choose? – Tom’s Guide


    Tom’s Guide
    Free vs. Paid VPNs: Which Should You Choose?
    Tom’s Guide
    Paid users usually have more options, such as OpenVPN (an open-source protocol that uses SSL encryption) or the Layer 2 Tunnel Protocol (L2TP) and IPsec combination. (L2TP itself is not encrypted, so IPsec adds the encryption layer.) "If you're paying




    FCC Rule Reversal Strips Consumers of Internet Privacy, CEO Says in Forbes – Benzinga

    FCC Rule Reversal Strips Consumers of Internet Privacy, CEO Says in Forbes
    Benzinga
    The recent decision by Congress and President Donald Trump to roll back FCC privacy rules represents a win for Internet Service Providers and a loss for the average internet user. That's according to Francis Dinha, CEO of OpenVPN, whose Private Tunnel …

    and more »




    OpenVPN to Undergo Cryptographic Audit – Threatpost


    PCWorld
    OpenVPN to Undergo Cryptographic Audit
    Threatpost
    The next version of the open-source OpenVPN software will be audited by an well-known cryptographer. It was announced Wednesday that Matthew D. Green, PhD, a cryptographer, computer science professor, and researcher at Johns Hopkins University …
    OpenVPN will be audited for security flawsPCWorld
    Cryptography Expert Matthew Green to Audit OpenVPN SecurityBleepingComputer
    Santa says you've been nice kids: OpenVPN to get security auditThe Register
    Tom’s Hardware -Private Internet Access
    all 6 news articles »


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site