Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Grow Your Own VPN: Setting Up and Configuring OpenVPN on a DD-WRT Router – Enterprise IT Planet

    Grow Your Own VPN: Setting Up and Configuring OpenVPN on a DD-WRT Router
    Enterprise IT Planet
    This is the second installment of a two-part series on setting up the OpenVPN server on DD-WRT router firmware. This is a great way to set up secure




    Why a Blackberry Ban Won’t Affect Privacy – Technorati (blog)

    Why a Blackberry Ban Won't Affect Privacy
    Technorati (blog)
    The OpenVPN movement spawned an entire industry. There are now more than 150 VPN services worldwide that market an OpenVPN service that encrypts data sent

    and more »




    Virgin America CIO Lauds Open Source Savings – CIOUpdate (blog)

    Virgin America CIO Lauds Open Source Savings
    CIOUpdate (blog)
    In terms of networking components, Simhambhatla said he replaced VA's commercial VPN solution with the open source OpenVPN project.




    Virgin America’s IT infrastructure is primarily opensource – FierceCIO

    Virgin America's IT infrastructure is primarily opensource
    FierceCIO
    The airline replaced its commercial VPN technology with an open-source alternative, OpenVPN, Simhambhatla said. Among the open-source platforms it uses are
    Cost isn't the only rationale for open source adoptionSearch Enterprise Linux

    all 3 news articles »




    Secure Your Network (and Clients) Against Hole 196 – Wi-Fi Planet

    Secure Your Network (and Clients) Against Hole 196
    Wi-Fi Planet
    If you don't already have a VPN solution, consider OpenVPN. Update AP firmware: Vendors may fix this issue by a simple software update, so make sure you




    Greenpeace mahnt Facebook zu Umweltschutz – Heise Newsticker

    Greenpeace mahnt Facebook zu Umweltschutz
    Heise Newsticker
    OpenVPN Flexible VPN-Lösung auf OpenSSL-Basis, die unter anderem SSL/TLS, Ethernet Bridging und TCP/UDP Tunnel-Transport unterstützt; eine .

    and more »




    OpenVPN in neuer Version und mit Gratis-Lizenzen – Linux-Magazin Online

    OpenVPN in neuer Version und mit Gratis-Lizenzen
    Linux-Magazin Online
    Die Macher von OpenVPN haben eine neue Version ihrer proprietären Soft-Appliance OpenVPN Access Server bekannt gegeben, der ohne Registrierung für zwei




    CyanogenMod 6.0, bas̩ sur Android, disponible au t̩l̩chargement РClubic


    Clubic
    CyanogenMod 6.0, basé sur Android, disponible au téléchargement
    Clubic
    L'application OpenVPN permettra de créer un réseau privé virtuel tandis que les données mises en cache seront compressées avec Compcache.




    OpenVPN prob̩lma РHungarian Unix Portal

    OpenVPN probélma
    Hungarian Unix Portal
    Csináltam egy vpn szervert, a problémám az lenne, hogy a kliensröl tudom pingelni a szervert de visszafelé ez már nem megy :S. A választott hozzászólás




    Броят на смартфоните с Froyo расте – digital


    digital
    Броят на смартфоните с Froyo расте
    digital
    Пускането на Froyo означава за новите устройства много вградени приложения, свързване към Ad-noc мрежа, поддръжка на OpenVPN, Bluetooth HID,


    Popularity: 1% [?]

    Similar Posts