Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    InCloak.com Brings Anonymous and Safe Web Surfing to Desktop Users Around the … – SBWire (press release)

    InCloak.com Brings Anonymous and Safe Web Surfing to Desktop Users Around the
    SBWire (press release)
    While the anonymizer works for a particular chosen program, the service provider offers a virtual Private Network (VPN) known as OpenVPN. The VPN client service provides maximum anonymity and security for all applications that utilize the Internet from




    Wireless communication from Phoenix Contact – SA Instrumentation and Control


    SA Instrumentation and Control
    Wireless communication from Phoenix Contact
    SA Instrumentation and Control
    The integrated firewall and VPN connections with IPsec or OpenVPN encryption ensure reliable protection against manipulation and data theft. Six configurable switching inputs allow critical plant or system states to be signalled via SMS or e-mail.




    Amazon Beefs Up AWS Premium Cloud Support – CRN

    Amazon Beefs Up AWS Premium Cloud Support
    CRN
    "You can ask us about system software including the Apache and IIS Web servers, MySQL and SQL Server databases, the Amazon SDKs, Sendmail, Postfix, OpenVPN, and RRAS. You can also ask for help with RAID, LVM, or FTP. A team of AWS support engineers is

    and more »




    Der neue, professionelle VPN-Client von Securepoint ist kostenlos – relevant (Pressemitteilung)

    Der neue, professionelle VPN-Client von Securepoint ist kostenlos
    relevant (Pressemitteilung)
    Securepoint hat deshalb einen professionellen, kostenlosen openVPN-Client auf Basis von SSL-VPN für Windows entwickelt. Inzwischen über 30.000 Downloads zeigen ebenfalls die Beliebtheit des Securepoint VPN-Clients. Der VPN-Client liegt nun in der




    VPNHQ service offers Android and iOS users secure public Wi-Fi access – V3.co.uk

    VPNHQ service offers Android and iOS users secure public Wi-Fi access
    V3.co.uk
    UK2's VPN gateway supports Point-to-Point Tunneling Protocol (PPTP), IPsec and OpenVPN protocols, which enables a wide range of devices to access VPNHQ, including Android, iOS and Windows and Mac laptops. Foster said that UK2 is aiming to offer other

    and more »




    Egypt military council: nominations for presidential race to open April 15 – Arabinform

    Egypt military council: nominations for presidential race to open April 15
    Arabinform
    DoubleVPN, OPENVPN and PPTP VPN – Access to 18 servers in 10 countries! Subscribe to All Servers of Our Service for 9 Euro; 3 months = 20 Euro; 6 months = 35 Euro; 1 year = 55 Euro. 2 – Unique “VPN Client” is easy to install on all kinds of Operating




    Acer Iconia Tab W500 hands-on shows the laptop tablet that wasn’t – SlashGear

    Acer Iconia Tab W500 hands-on shows the laptop tablet that wasn't
    SlashGear
    Or even OpenVPN without having to do all the rooting and custom kernels. I returned all 5 of my Android tablets and got this tablet refurbish and couldn't be happier. Without these advance softwares, people will be going over to Windows tablet.

    and more »




    T-Mobile snafu inspires email interception claims – IT PRO


    IT PRO
    T-Mobile snafu inspires email interception claims
    IT PRO
    "With the new SIM, no matter which port I configure OpenVPN on, the RST [reset] packets appear. IMAP over SSL on port 993 works fine, but if I switch that off and configure OpenVPN to listen on port 993, it is blocked," Cardwell said in a blog post.

    and more »




    Google Chromebook krijgt OpenVPN ondersteuning – Security.nl

    Google Chromebook krijgt OpenVPN ondersteuning
    Security.nl
    Google heeft een nieuwe bètaversie van het Chrome OS voor Chromebooks uitgebracht, die standaard OpenVPN ondersteunt en verschillende stabiliteits- en beveiligingsupdates bevat. Chromebook is een computer die het Google Chrome OS als besturingssysteem




    Researcher: T-Mobile UK is secretly disrupting secure communications, leaving … – Boing Boing

    Researcher: T-Mobile UK is secretly disrupting secure communications, leaving
    Boing Boing
    I route all of my Internet traffic over an OpenVPN to my Linode.com VPS. This has always worked fine with my original SIM. With the new SIM, no matter which port I configure OpenVPN on, the RST packets appear. IMAP over SSL on port 993 works fine,


    Popularity: 1% [?]

    Free PDF    Send article as PDF   

    Similar Posts

    Switch to our mobile site