Openvpn

I make use of openvpn almost on a daily basis when I’m out in the world and use my laptop to connect to the internet. I’ve done several projects related to openvpn which I’ll detail in this page.

For starters:

openvpn.net and their howto. If you’re not familiar with openvpn it is an open source vpn implementation and is cross platform. I’ve had good success with it and it’s fairly easy to setup TLS authentication.

Update 6-17-10 ….

Big openvpn/dd-wrt project lately that has taken a lot of time, but it has solved an issue that I’m sure a lot of network admins have run into. When designing networks and looking to bridge offices with openvpn network admins are advised to pick unique subnets so that 192.168.1.1 in one office can route well over the vpn to 192.168.2.1 in the other office. If both networks (or multiple) use 192.168.1.0/24 there is network address collision – packets get lost and things don’t work. Well, it is possible with the right setup to do NAT on the packets that are traveling over the vpn. Why? Well, let’s say you’re a client of this 192.168.1.0 office network and are out at a wifi hotspot that also happens to be a 192.168.1.0 – you can’t exactly make them change their addressing to avoid conflicts with your business network and migrating an established business network can be a big task. Of course, you could start out your network design by choosing a different subnet and I’ve used this approach several times, but it’s really just a matter of time until you stumble across someone else with the same subnet that needs to vpn into the network and you run into the hairy address conflict problem.

So, we’ve designed a box based on dd-wrt openvpn edition…. This box has a vpn “personality” (client key and configuration to connect to a server out in the internet (a linux vps is the hub of the wheel for our topology and our openvpn server.) That server identifies the box by it’s certificate and gives it an address at 10.111.1.254. It also pushes routes to 10.111.2.0/24 with 10.111.2.254 as the gateway and 10.111.1.0/24 with gw of 10.111.1.254 to our second box which is given a 10.111.2.254 address. On each device in addition to the vpn personality there is a special brew of firewall rules which handles the packet rewriting such that any device that is attached to our two vpn boxes are accessible from the other side even though internally they can share the same 192.168.2.0/24 network. So, each client has it’s own network address (192.168.34.1) and it’s vpn address 10.111.1.1 This has worked well – it did take a lot of time to initially design but we’ve now rolled out two initial installs of it. (Not bad considering that it’s all done with ~$60 dollar router hardware.) In the future I may provide more details on the setup here because as I researched this I found NO ONE explaining step by step how to design this kind of a setup. At this point the only negative with our setup is that two devices behind the same box will not see each other via their vpn address(10.111.1.1/10.111.1.2), but their lan address (192.168.34.1/192.168.34.2) Of course, this plan also allows for mobile vpn clients that aren’t “behind the box” and they register in the 10.111.0.0/24 subnet and they are all screened with the wider subnet via the server so that anything in the 10.111.0.0/16 is pingable from each vpn subnet.

As I said, it’s been a big project and I may be detailing it here, but want to wait until all the dust settles on our setup.

    “openvpn” – Google News

    Software-update: OpenVPN 2.4.3 – Tweakers


    Tweakers
    Software-update: OpenVPN 2.4.3
    Tweakers
    OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private networks aan elkaar geknoopt kunnen worden door middel van een encrypted tunnel via internet. Voor de beveiliging wordt gebruikgemaakt van …




    オープンソースのVPNソフト「OpenVPN」、4件の脆弱性を修正 – INTERNET Watch


    INTERNET Watch
    オープンソースのVPNソフト「OpenVPN」、4件の脆弱性を修正
    INTERNET Watch
    OpenVPNは22日、オープンソースのVPNソフト「OpenVPN」の新バージョン「2.4.3」と「2.3.17」をリリースした。CVE番号ベースで4件の脆弱性を修正しており、早急なアップデートが推奨されている。 脆弱性「CVE-2017-7520」は、クライアントがNTLM v2認証でHTTPプロキシを …
    OpenVPNに致命的なコード実行の脆弱性マイナビニュース
    「OpenVPN」に複数の脆弱性 – 早期にアップデートをSecurity NEXT

    all 3 news articles »




    OpenVPN Software Has Security Flaws: Patch It Now – Tom’s Guide


    Tom’s Guide
    OpenVPN Software Has Security Flaws: Patch It Now
    Tom’s Guide
    If you've ever worked from home for a big corporation, or subscribe to a VPN service, you may be familiar with OpenVPN. It's an open-source virtual private network protocol, which lets users route all their internet traffic through encrypted




    OpenVPN: Vier kritische Lücken gefährden VPN-Nutzer – derStandard.at


    ZDNet.de
    OpenVPN: Vier kritische Lücken gefährden VPN-Nutzer
    derStandard.at
    Vor gleich vier kritischen Lücken in OpenVPN warnt nun der Sicherheitsforscher Guido Vranken. Zumindest eine davon soll sich – zumindest theoretisch – auch dazu nutzen lassen, um Code auf einem VPN-Server einzuschmuggeln und zur Ausführung zu …
    Neue kritische Lecks in OpenVPNsilicon.de
    Sicherheitslücken in OpenVPN entdecktZDNet.de

    all 4 news articles »




    OpenVPN dicht door Nederlander gevonden kwetsbaarheden – Tweakers


    Bright.nl
    OpenVPN dicht door Nederlander gevonden kwetsbaarheden
    Tweakers
    De ontwikkelaars van OpenVPN hebben verschillende kwetsbaarheden in hun vpn-software verholpen. Deze zijn ontdekt door beveiligingsonderzoeker Guido Vranken, nadat er al audits van de software hadden plaatsgevonden. OpenVPN logo (60 pix) …
    Onderzoeker ontdekt OpenVPN-lekken na eerdere auditsSecurity.nl
    Nederlander vindt grote kwetsbaarheden in vpn-softwareRTL Nieuws

    all 4 news articles »




    Plusieurs trous de s̩curit̩ pour OpenVPN РSilicon


    Silicon
    Plusieurs trous de sécurité pour OpenVPN
    Silicon
    OpenVPN, un logiciel libre permettant de créer des réseaux privés virtuels, est toujours confronté à des problèmes de sécurité. Même si Google est prêt à payer des développeurs pour en améliorer la sécurité et que des audits de sécurité ont déjà été




    Dwa audyty kodu OpenVPN nie pomogły, eksperci przeoczyli groźne luki – dobreprogramy

    Dwa audyty kodu OpenVPN nie pomogły, eksperci przeoczyli groźne luki
    dobreprogramy
    Holenderski badacz Guido Vranken donosi o odkryciu czterech nowych luk w OpenVPN, które nie zostały zauważone w obu tegorocznych audytach. Są one groźne w skutkach, jedna z nich pozwala na zdalne uruchomienie kodu, inna otwiera drogę do …




    Know These Five Tactics Cyber Attackers Use To Hurt Internet Users – PR Web (press release)

    Know These Five Tactics Cyber Attackers Use To Hurt Internet Users
    PR Web (press release)
    Not all cyberattacks are created equal, and OpenVPN CEO Francis Dinha says it's important to distinguish among them to properly defend your digital assets. Here's a breakdown of the top five categories of attack your business must guard against.

    and more »




    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns – The Register


    The Register
    Researcher calls the fuzz on OpenVPN, uncovers crashy vulns
    The Register
    OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on
    OpenVPN taken to task after audit ignores remote code execution flawsZDNet

    all 2 news articles »




    OpenVPN Patches Critical Remote Code Execution Vulnerability – Threatpost

    OpenVPN Patches Critical Remote Code Execution Vulnerability
    Threatpost
    OpenVPN has this week patched four vulnerabilities, including a critical remote code execution bug, a little more than a month after the results of two security audits of the open source VPN software were published. The patches were released after


    en.pdf24.org    Send article as PDF   

    Similar Posts


    Switch to our mobile site