Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    How to install a VPN on your router – TechRadar


    TechRadar
    How to install a VPN on your router
    TechRadar
    OpenVPN is considered the most secure, but it can be slower due to the higher level of security – it is also a good choice when trying to get past a firewall restriction. PPTP has the lowest level of security, but is generally faster with less




    6 common myths of VPN debunked – TechRadar


    TechRadar
    6 common myths of VPN debunked
    TechRadar
    Another key differentiating factor is security with free VPNs tending to have 128-bit encryption, often via the less secure PPTP protocol, with paid options offering 256-bit encryption, and more secure protocols such as OpenVPN. As with many pieces of …

    and more »




    SaferVPN Review – BestVPN.com (blog)


    BestVPN.com (blog)
    SaferVPN Review
    BestVPN.com (blog)
    Under almost any circumstance, OpenVPN with AES-256 is the best protocol. IKEv2 is good, and is particularly great when regularly switching between WiFi and mobile, or between different WiFi networks, but OpenVPN is always our default recommendation.




    Why OpenVPN Supports OSTIF’s Bug Bounty Program – Benzinga

    Why OpenVPN Supports OSTIF's Bug Bounty Program
    Benzinga
    Leading companies like Facebook and Google have paid out millions to developers through their bug bounty programs. Now OpenVPN is supporting OSTIF's efforts in engaging the brilliant minds in the community to maintain high cyber security standards.

    and more »




    ProtonMail opens free ProtonVPN service to everyone – VentureBeat


    VentureBeat
    ProtonMail opens free ProtonVPN service to everyone
    VentureBeat
    For now, ProtonVPN only offers a native application for desktop users, but as the service is built upon OpenVPN, an open source and open-standards VPN, it is compatible with other VPN clients that support OpenVPN. This means that if you do wish to use …




    OpenVPN 2.4.3 – PCMag


    PCMag
    OpenVPN 2.4.3
    PCMag
    Powerful and flexible. Installs on a wide variety of Apple, Linux, and Windows operating systems. Supports cloud instances and virtual appliances. Supports mobile (Android, iOS) and even BSD. Cons. Installation of the Community Client requires

    and more »




    Connexions chiffrées : l’âge des protocoles VPN en question – Le portail dédié à l’électronique

    Connexions chiffrées : l'âge des protocoles VPN en question
    Le portail dédié à l’électronique
    Après plus d'une décennie de bons et loyaux services, OpenVPN serait en passe de trouver un remplaçant avec WireGuard. Son concepteur, Jason Donenfeld, estime que l'outil actuel est trop ancien et lourd pour être sûr. Plusieurs services VPN nous …

    and more »




    Make your own VPN server to protect your devices from prying eyes – Alphr


    Alphr
    Make your own VPN server to protect your devices from prying eyes
    Alphr
    A private key and OpenVPN profile will be generated. Open the File Manager and navigate to the folder where this file has been saved. By default, this is "/home/pi/ovpns". You can copy this to your OpenVPN client using FTP or via email (remember to …




    OpenVPN Patches Critical Remote Code Execution Vulnerability – Threatpost

    OpenVPN Patches Critical Remote Code Execution Vulnerability
    Threatpost
    OpenVPN has this week patched four vulnerabilities, including a critical remote code execution bug, a little more than a month after the results of two security audits of the open source VPN software were published. The patches were released after




    OpenVPN Audits Yield Mixed Bag – Threatpost


    The Register
    OpenVPN Audits Yield Mixed Bag
    Threatpost
    Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software was cryptographically sound, while another found two legitimate vulnerabilities. The news comes …
    Good news, OpenVPN fans: Your software's only a little bit buggyThe Register

    all 2 news articles »


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site