Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “”openvpn”" – Google News

    InvinciBull VPN review – TechRadar

    InvinciBull VPN review  TechRadar

    InvinciBull is a newbie-friendly VPN with a 1GB per month free plan.




    Hands-on with macOS Catalina Beta: Should You Update Now? – Laptop Mag

    Hands-on with macOS Catalina Beta: Should You Update Now?  Laptop Mag

    Check out our review of the macOS Catalina beta to find out if you should hit install.




    Items You Need for Complete Online Privacy – Inverse

    Items You Need for Complete Online Privacy  Inverse

    Cybersecurity is the new frontier. In an increasingly digital age that seems more and more futuristic each day (hello, automated cars), protecting your personal …




    How Do VPNs Work? – CloudWedge

    How Do VPNs Work?  CloudWedge

    Most everyday internet users aren’t particularly concerned with online safety. Simply fire up your laptop or mobile device and you can connect to the.




    OpenVPN and 2FA – Security Boulevard

    OpenVPN and 2FA  Security Boulevard

    OpenVPN is an open-source VPN offering, and one of the most popular options in its market space. As far as modern IT solutions go, OpenVPN is one of the …




    IPVanish review: VPN delivers a wealth of options and browsing controls – ZDNet

    IPVanish review: VPN delivers a wealth of options and browsing controls  ZDNet

    Whether you’re looking for an easy-to-use VPN or one where you can choose from a wide range of encryption protocols, want to specify active features, or get …




    VeePN review – TechRadar

    VeePN review  TechRadar

    VeePN has potential but we can’t recommend the *service* in its current form due to some major issues.




    ExpressVPN 2019 review: Great service, but why so secretive? – PCWorld

    ExpressVPN 2019 review: Great service, but why so secretive?  PCWorld

    Paying more than $60 for a VPN *service* is too much. Unless that company is offering a ton of extra features and device compatibility to justify the cost.




    Hide.me Adds New Serbia Server to VPN Network – Top10VPN

    Hide.me Adds New Serbia Server to VPN Network  Top10VPN

    Hide.me has expanded its VPN server network to include coverage in Serbia, bringing the total number to 56 server locations in 35 countries worldwide.




    Six Niche Linux Certifications | Articles – Go Certify

    Six Niche Linux Certifications | Articles  Go Certify

    Sometimes you have to step off the beaten path to find the right certification. Let’s take a look at the world of Linux certifications, and see which certs some …


    www.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site