Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    プラネックスコミュニケーションズ、OpenVPN専用ルータ「かんたんOpenVPN」 – マイナビニュース


    マイナビニュース
    プラネックスコミュニケーションズ、OpenVPN専用ルータ「かんたんOpenVPN」
    マイナビニュース
    新製品は、OpenVPNで開発されているため、多くのOSに移植されており、使用するデバイスに左右されずに相性問題も出ないことから、モバイル機器に適するほか、VPNサーバ設定や面倒なDDNS契約および設定をあらかじめ済ませているため、本体自体のVPN設定を不要 …
    プラネックス初となるOpenVPN専用ルーター「かんたんOpenVPN」、5月 …INTERNET Watch
    モバイル端末に最適なOpenVPN採用、面倒な設定が不要なVPNルーターケータイ Watch
    プラネックス、様々な機器から安全に使えるVPNルータ・OpenVPN専用「かんたんOpenVPN」を発売日刊アメーバニュース
    エキサイトニュース -ニフティニュース
    all 7 news articles »




    8 key questions to ask before you pick a VPN provider – Windows Central


    Windows Central
    8 key questions to ask before you pick a VPN provider
    Windows Central
    OpenVPN is the current standard when it comes to VPN protocols, beating out the aging, vulnerable PPTP and the slower L2TP/IPsec. A VPN provider that lets you choose the protocol you want to use is best, but just make sure that OpenVPN is on the list.
    The Best VPNs 2017PC Advisor

    all 11 news articles »




    Buffered VPN review – PC Advisor


    PC Advisor
    Buffered VPN review
    PC Advisor
    OpenVPN is best for encryption and can slow things down a bit as a result, but not normally to a pace as slow as Buffered's. Also, when you click a button, it doesn't "depress", so you're left wondering if the click has registered while the interface

    and more »




    An introduction to six types of VPN software – Computerworld

    An introduction to six types of VPN software
    Computerworld
    Open source client software is available for OpenVPN and IKEv2 based VPNs (not sure about other VPN flavors). With this option, you can use software that has, hopefully, been audited or vetted. OpenVPN provider Mullvad is flexible, they let their




    Leading VPN Technology Company Issues Stern Warning After FCC’s New Ruling – MENAFN.COM

    Leading VPN Technology Company Issues Stern Warning After FCC's New Ruling
    MENAFN.COM
    (MENAFN Editorial) –> PLEASANTON, Calif., March 31, 2017 /PRNewswire/ –Francis Dinha, CEO of internet privacy giant OpenVPN (http://www.openvpn.net) says the latest FCC ruling on internet privacy leaves people to their own devices to protect …

    and more »




    OpenVPN/Private Tunnel CEO Firmly Against New FCC Ruling – GeekReply (press release) (blog)

    OpenVPN/Private Tunnel CEO Firmly Against New FCC Ruling
    GeekReply (press release) (blog)
    A little over a week ago, the United States Senate voted 50-48 to allow internet service providers to sell customer data and Web browsing habits. Rolling back past FCC rulings protecting potentially sensitive customer data. So if you're into some clown

    and more »




    Linksys LRT224 review: a great-value VPN router – BIT


    BIT
    Linksys LRT224 review: a great-value VPN router
    BIT
    The LRT224 supports a maximum of five OpenVPN tunnels, and as it runs the server component itself, we only needed to download the free Windows client. Another bonus is that the software client uses predefined configuration files, so you won't need to …




    OpenVPN 2.4.0 is out – Ghacks Technology News


    Ghacks Technology News
    OpenVPN 2.4.0 is out
    Ghacks Technology News
    OpenVPN 2.4.0 is the latest version of the cross-platform SSL VPN that enables you to create security point-to-point or site-to-site connections. The new version expands on the capabilities introduced in OpenVPN 2.3, namely full IPv6 support and




    OpenVPN to Undergo Cryptographic Audit – Threatpost


    CyberScoop
    OpenVPN to Undergo Cryptographic Audit
    Threatpost
    The next version of the open-source OpenVPN software will be audited by an well-known cryptographer. It was announced Wednesday that Matthew D. Green, PhD, a cryptographer, computer science professor, and researcher at Johns Hopkins University …
    OpenVPN will get a security auditCyberScoop
    OpenVPN will be audited for security flawsPCWorld
    Cryptography Expert Matthew Green to Audit OpenVPN SecurityBleepingComputer
    The Register -Tom’s Hardware -Private Internet Access
    all 6 news articles »




    How to quickly deploy an OpenVPN server – TechRepublic


    TechRepublic
    How to quickly deploy an OpenVPN server
    TechRepublic
    One such solution is OpenVPN. With this server software, you can either install it onto an existing platform, or you can opt to go the virtual route with a virtual appliance. I find that the easiest path to success is to use the TurnKey Linux OpenVPN


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site