Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Find out whether NordVPN or ExpressVPN is better suited to your needs – Windows Central


    Windows Central
    Find out whether NordVPN or ExpressVPN is better suited to your needs
    Windows Central
    The most important connection protocol to look out for when choosing a VPN service is OpenVPN. It's the most secure, most versatile protocol with plenty of steps in place to protect your information. Both NordVPN and ExpressVPN use OpenVPN.




    Browse the internet without leaving footprints – Arizona Daily Wildcat


    Arizona Daily Wildcat
    Browse the internet without leaving footprints
    Arizona Daily Wildcat
    Most VPN services utilize an open-source utility called OpenVPN. This provides for a simple way to universally use one VPN service across all of your devices. But all of this information is useless if you can't set one up on your personal computer or

    and more »




    TechRadar Deals: Get 50% off our favourite VPN for Aussies – TechRadar


    TechRadar
    TechRadar Deals: Get 50% off our favourite VPN for Aussies
    TechRadar
    IPVanish supports multiple security protocols, like OpenVPN and PPTP, and allows users to switch servers as many times as they like. With client software for Windows, Mac, Linux, Chrome OS, Android and iOS, alongside anonymous and unlimited …




    VPN Pays for Third Party Audit: Is this the Future? – BestVPN.com – BestVPN.com (blog)


    BestVPN.com (blog)
    VPN Pays for Third Party Audit: Is this the Future? – BestVPN.com
    BestVPN.com (blog)
    TunnelBear VPN has paid for an independent third party audit. The audit has helped it to improve the service's security, should other VPNs follow suit?
    Here's Why Russia and China Want to Kill Off VPNs and How It …Paste Magazine

    all 12 news articles »




    The best mobile VPNs can ensure your privacy anywhere – ZDNet


    ZDNet
    The best mobile VPNs can ensure your privacy anywhere
    ZDNet
    In addition, Apple makes it harder for VPN providers to support OpenVPN, so relatively few offer OpenVPN services. Just because a VPN provider charges you doesn't mean that they're good. Even VPN companies with sound, honest business plans may not …




    Amid net neutrality issues, Tenta Browser offers to protect your data and not sell it – TechnoChops (press release) (blog)


    TechnoChops (press release) (blog)
    Amid net neutrality issues, Tenta Browser offers to protect your data and not sell it
    TechnoChops (press release) (blog)
    What they are offering in the Tenta Browser is that all the privacy tools a person needs have already been built-in by default, including OpenVPN. On top of that, the browser and its features are free. Adams and his team are also continually developing




    OpenVPN Software Has Security Flaws: Patch It Now – Tom’s Guide


    Tom’s Guide
    OpenVPN Software Has Security Flaws: Patch It Now
    Tom’s Guide
    If you've ever worked from home for a big corporation, or subscribe to a VPN service, you may be familiar with OpenVPN. It's an open-source virtual private network protocol, which lets users route all their internet traffic through encrypted




    Researcher calls the fuzz on OpenVPN, turns up new vulns • The … – The Register


    The Register
    Researcher calls the fuzz on OpenVPN, turns up new vulns • The …
    The Register
    OpenVPN has patched another round of security vulnerabilities, turned up by a researcher independently of the organisation's 2016/17 code audit.
    OpenVPN taken to task after audit ignores remote code execution …ZDNet

    all 2 news articles »




    OpenVPN Patches Critical Remote Code Execution Vulnerability – Threatpost

    OpenVPN Patches Critical Remote Code Execution Vulnerability
    Threatpost
    OpenVPN has this week patched four vulnerabilities, including a critical remote code execution bug, a little more than a month after the results of two security audits of the open source VPN software were published. The patches were released after




    OpenVPN Audits Yield Mixed Bag | Threatpost | The first stop for … – Threatpost


    The Register
    OpenVPN Audits Yield Mixed Bag | Threatpost | The first stop for …
    Threatpost
    Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software …
    Good news, OpenVPN fans: Your software's only a little bit buggy …The Register

    all 2 news articles »


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site