Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Astrill – TechRadar


    TechRadar
    Astrill
    TechRadar
    By default it uses the proxy-like OpenWeb rather than OpenVPN, only protecting your browsers – let's hope all users realise that. And there are way too many configuration options for the tiny interface, so clicking Settings displays 11 menu items, each

    and more »




    AsusWrt-Merlin Rolls Out New Firmware – Download Version 380.65 Beta 1 – Softpedia News (blog)


    Softpedia News (blog)
    AsusWrt-Merlin Rolls Out New Firmware – Download Version 380.65 Beta 1
    Softpedia News (blog)
    AsusWrt-Merlin has rolled out a new firmware package targeted at some of ASUS' wireless routers, namely version 380.65 beta 1, which manages to update OpenVPN (2.4.0), Tor (0.2.9.8), nano (2.7.4), and Busybox (1.25.1). In addition to that, the current …




    UnoTelly – TechRadar


    TechRadar
    UnoTelly
    TechRadar
    The service specs seem basic, with servers in six countries only (US, UK, Netherlands, Canada, Germany, Switzerland) and no torrents allowed, but it is at least configurable, with PPTP and OpenVPN protocol support. Prices seem fractionally above




    Instale facilmente o OpenVPN num Mac com o Tunnelblick – Pplware


    Pplware
    Instale facilmente o OpenVPN num Mac com o Tunnelblick
    Pplware
    Cada vez mais devemos considerar usar uma VPN para podermos garantir que não temos “espiões” no meio do nosso circuito web. Usar uma VPN é também mais simples e ao alcance de qualquer utilizador. Hoje vamos ensinar a usar o OpenVPN no …




    VPN.sh – TechRadar


    TechRadar
    VPN.sh
    TechRadar
    To get connected you must either install the free OpenVPN app, or set up your device or operating system manually. This means there's no scope for company-specific bonus features. No ad-blocking, no tracker detection, no smartly designed client, just

    and more »




    OpenELEC 7.0 Linux OS Out Now with OpenVPN & Bluetooth Audio, Based on Kodi 16.1 – Softpedia News

    OpenELEC 7.0 Linux OS Out Now with OpenVPN & Bluetooth Audio, Based on Kodi 16.1
    Softpedia News
    Today, December 29, 2016, the OpenELEC development team proudly announced the release of a new stable build of their HTPC (Home Theater PC) Linux-based operating system for embedded devices. OpenELEC 7.0.0 is now the latest stable version of …

    and more »




    Nowy OpenVPN 2.4.0 dostępny: liczne nowości i brak wsparcia dla Windowsa XP – dobreprogramy

    Nowy OpenVPN 2.4.0 dostępny: liczne nowości i brak wsparcia dla Windowsa XP
    dobreprogramy
    Dla wielu trudno dziś sobie wyobrazić pracę bez możliwości korzystania z wirtualnych sieci prywatnych. Jednym z najpopularniejszych klientów serwerów VPN jest darmowy i otwarty OpenVPN. Właśnie ukazała się jego najnowsza wersja oznaczona …




    StrongVPN Donates to OSTIF’s OpenVPN Fundraiser – PR Newswire (press release)

    StrongVPN Donates to OSTIF's OpenVPN Fundraiser
    PR Newswire (press release)
    LAKE TAHOE, Calif., Dec. 28, 2016 /PRNewswire/ — StrongVPN, one of the industry's leading Virtual Private Network companies, has recently donated to the OSTIF's OpenVPN fundraiser, a cause that directly aligns with StrongVPN's privacy and security …

    and more »




    OpenVPN 2.4.0 is out – Ghacks Technology News


    Ghacks Technology News
    OpenVPN 2.4.0 is out
    Ghacks Technology News
    OpenVPN 2.4.0 is the latest version of the cross-platform SSL VPN that enables you to create security point-to-point or site-to-site connections. The new version expands on the capabilities introduced in OpenVPN 2.3, namely full IPv6 support and




    OpenVPN will be audited for security flaws – PCWorld


    PCWorld
    OpenVPN will be audited for security flaws
    PCWorld
    The audit will be fully funded by Private Internet Access (PIA), a popular VPN service provider that uses OpenVPN for its business. The company has contracted cryptography engineering expert Matthew Green, a professor at Johns Hopkins University in …
    OpenVPN to Undergo Cryptographic AuditThreatpost
    Cryptography Expert Matthew Green to Audit OpenVPN SecurityBleepingComputer
    OpenVPN to get security audit – The RegisterThe Register
    Tom’s Hardware -Private Internet Access
    all 6 news articles »


    www.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site