Openvpn
I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.
For starters:
openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.
Update 6-17-10 ….
Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.
So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.
As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.
“openvpn” – Google News
Grow Your Own VPN: Setting Up and Configuring OpenVPN on a DD-WRT Router – Enterprise IT Planet
|
Grow Your Own VPN: Setting Up and Configuring OpenVPN on a DD-WRT Router
Enterprise IT Planet This is the second installment of a two-part series on setting up the OpenVPN server on DD-WRT router firmware. This is a great way to set up secure … |
Why a Blackberry Ban Won’t Affect Privacy – Technorati (blog)
|
Why a Blackberry Ban Won't Affect Privacy
Technorati (blog) The OpenVPN movement spawned an entire industry. There are now more than 150 VPN services worldwide that market an OpenVPN service that encrypts data sent … |
Virgin America CIO Lauds Open Source Savings – CIOUpdate (blog)
|
Virgin America CIO Lauds Open Source Savings
CIOUpdate (blog) In terms of networking components, Simhambhatla said he replaced VA's commercial VPN solution with the open source OpenVPN project. … |
Virgin America’s IT infrastructure is primarily opensource – FierceCIO
|
Virgin America's IT infrastructure is primarily opensource
FierceCIO The airline replaced its commercial VPN technology with an open-source alternative, OpenVPN, Simhambhatla said. Among the open-source platforms it uses are … Cost isn't the only rationale for open source adoption |
Secure Your Network (and Clients) Against Hole 196 – Wi-Fi Planet
|
Secure Your Network (and Clients) Against Hole 196
Wi-Fi Planet If you don't already have a VPN solution, consider OpenVPN. Update AP firmware: Vendors may fix this issue by a simple software update, so make sure you … |
Greenpeace mahnt Facebook zu Umweltschutz – Heise Newsticker
|
Greenpeace mahnt Facebook zu Umweltschutz
Heise Newsticker OpenVPN Flexible VPN-Lösung auf OpenSSL-Basis, die unter anderem SSL/TLS, Ethernet Bridging und TCP/UDP Tunnel-Transport unterstützt; eine . … |
OpenVPN in neuer Version und mit Gratis-Lizenzen – Linux-Magazin Online
|
OpenVPN in neuer Version und mit Gratis-Lizenzen
Linux-Magazin Online Die Macher von OpenVPN haben eine neue Version ihrer proprietären Soft-Appliance OpenVPN Access Server bekannt gegeben, der ohne Registrierung für zwei … |
CyanogenMod 6.0, basé sur Android, disponible au téléchargement – Clubic
![]() Clubic |
CyanogenMod 6.0, basé sur Android, disponible au téléchargement
Clubic L'application OpenVPN permettra de créer un réseau privé virtuel tandis que les données mises en cache seront compressées avec Compcache. … |
OpenVPN probélma – Hungarian Unix Portal
|
OpenVPN probélma
Hungarian Unix Portal Csináltam egy vpn szervert, a problémám az lenne, hogy a kliensröl tudom pingelni a szervert de visszafelé ez már nem megy :S. A választott hozzászólás … |
ÐÑоÑÑ Ð½Ð° ÑмаÑÑÑониÑе Ñ Froyo ÑаÑÑе – digital
![]() digital |
ÐÑоÑÑ Ð½Ð° ÑмаÑÑÑониÑе Ñ Froyo ÑаÑÑе
digital ÐÑÑканеÑо на Froyo ознаÑава за новиÑе ÑÑÑÑойÑÑва много вгÑадени пÑиложениÑ, ÑвÑÑзване кÑм Ad-noc мÑежа, поддÑÑжка на OpenVPN, Bluetooth HID, … |
Popularity: 1% [?]


































