E-book details

OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network

OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network

Open VPN Solutions, Jan Just Keijser

Ebook
  • OpenVPN 2 Cookbook
    • Table of Contents
    • OpenVPN 2 Cookbook
    • Credits
    • About the Author
    • About the Reviewers
    • www.PacktPub.com
      • Support files, eBooks, discount offers and more
        • Why Subscribe?
        • Free Access for Packt account holders
    • Preface
      • What this book covers
      • What you need for this book
      • Who this book is for
      • Conventions
      • Reader feedback
      • Customer support
        • Errata
        • Piracy
        • Questions
    • 1. Point-to-Point Networks
      • Introduction
      • Shortest setup possible
        • Getting ready
        • How to do it...
        • How it works...
        • Theres more...
          • Using the TCP protocol
          • Forwarding non-IP traffic over the tunnel
      • OpenVPN secret keys
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Multiple secret keys
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Plaintext tunnel
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Routing
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Routing issues
          • Automating the setup
        • See also
      • Configuration files versus the command-line
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • OpenVPN 2.1 specifics
      • Complete site-to-site setup
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • 3-way routing
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Scalability
          • Routing protocols
        • See also
    • 2. Client-server IP-only Networks
      • Introduction
      • Setting up the public and private keys
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Using the easy-rsa scripts on Windows
          • Some notes on the different variables
        • See also
      • Simple configuration
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • 'net30' addresses
      • Server-side routing
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Linear addresses
          • Using the TCP protocol
          • Server certificates and ns-cert-type server
          • Masquerading
      • Using 'client-config-dir' files
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Default configuration file
          • Troubleshooting
          • OpenVPN 2.0 'net30' compatibility
          • Allowed options in a 'client-config-dir' file
      • Routing: subnets on both sides
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Masquerading
          • Client-to-client subnet routing
        • See also
      • Redirecting the default gateway
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Redirect-gateway parameters
          • Split tunneling
        • See also
      • Using an 'ifconfig-pool' block
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Configuration files on Windows
          • Topology subnet
          • Client-to-client access
          • Using the TCP protocol
      • Using the status file
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Status parameters
          • Disconnecting clients
          • Explicit-exit-notify
      • Management interface
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Server-side management interface
        • See Also
      • Proxy-arp
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • User 'nobody'
          • TAP-style networks
          • Broadcast traffic might not always work
        • See also
    • 3. Client-server Ethernet-style Networks
      • Introduction
      • Simple configurationnon-bridged
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Differences between TUN and TAP
          • Using the TCP protocol
          • Making IP fowarding permanent
        • See also
      • Enabling client-to-client traffic
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Broadcast traffic may affect scalability
          • Filtering traffic
          • TUN-style networks
      • BridgingLinux
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Fixed addresses & the default gateway
          • Name resolution
        • See also
      • BridgingWindows
        • Getting ready
        • How to do it...
        • How it works...
        • See also
      • Checking broadcast and non-IP traffic
        • Getting ready
        • How to do it...
        • How it works...
      • External DHCP server
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • DHCP server configuration
          • DHCP relay
          • Tweaking the /etc/sysconfig/network-scripts
      • Using the status file
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Difference with TUN-style networks
          • Disconnecting clients
        • See also
      • Management interface
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Client side management interface
        • See also
    • 4. PKI, Certificates, and OpenSSL
      • Introduction
      • Certificate generation
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • xCA: a GUI for managing a PKI (Part 1)
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • xCA : a GUI for managing a PKI (Part 2)
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • OpenSSL tricks: x509, pkcs12, verify output
        • Getting ready
        • How to do it...
        • How it works...
      • Revoking certificates
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • What is needed to revoke a certificate
        • See also
      • The use of CRLs
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Checking expired/revoked certificates
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Intermediary CAs
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Multiple CAs: stacking, using --capath
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Stacking CRLs
          • Using the --capath directive
    • 5. Two-factor Authentication with PKCS#11
      • Introduction
      • Initializing a hardware token
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Public and private objects
          • OpenSC versus Aladdin PKI Client driver
      • Getting a hardware token ID
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • What about automatic selection?
          • PKCS#11 libraries
      • Using a hardware token
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • What is different?
          • Using the OpenSC driver
      • Using the management interface to list PKCS#11 certificates
        • Getting ready
        • How to do it...
        • How it works...
        • See also
      • Selecting a PKCS#11 certificate using the management interface
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Generating a key on the hardware token
        • Getting ready
        • How to do it...
        • How it works...
      • Private method for getting a PKCS#11 certificate
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Pin caching example
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
    • 6. Scripting and Plugins
      • Introduction
      • Using a client-side up/down script
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Environment variables
          • Calling the 'down' script before the connection terminates
          • Advanced: verify the remote hostname
      • Windows login greeter
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Spaces in filenames
          • setenv or setenv-safe
          • Security considerations
      • Using client-connect/client-disconnect scripts
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • 'client-disconnect' scripts
          • Environment variables
          • Absolute paths
      • Using a 'learn-address' script
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • User 'nobody'
          • The 'update' action
      • Using a 'tls-verify' script
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Using an 'auth-user-pass-verify' script
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Specifying the username and password in a file on the client
          • Passing the password via environment variables
      • Script order
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Script security and logging
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Using the 'down-root' plugin
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Using the PAM authentication plugin
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
    • 7. Troubleshooting OpenVPN: Configurations
      • Introduction
      • Cipher mismatches
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • TUN versus TAP mismatches
        • Getting ready
        • How to do it...
        • How it works...
      • Compression mismatches
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Key mismatches
        • Getting ready
        • How to do it...
        • How it works...
        • See also
      • Troubleshooting MTU and tun-mtu issues
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Troubleshooting network connectivity
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Troubleshooting 'client-config-dir' issues
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • More verbose logging
          • Other frequent client-config-dir mistakes
        • See also
      • How to read the OpenVPN log files
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
    • 8. Troubleshooting OpenVPN: Routing
      • Introduction
      • The missing return route
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Masquerading
          • Adding routes on the LAN hosts
        • See also
      • Missing return routes when 'iroute' is used
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • All clients function except the OpenVPN endpoints
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Source routing
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Routing and permissions on Windows
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Troubleshooting client-to-client traffic routing
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Understanding the 'MULTI: bad source' warnings
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Other occurrences of the 'MULTI: bad source' message
        • See also
      • Failure when redirecting the default gateway
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
    • 9. Performance Tuning
      • Introduction
      • Optimizing performance using 'ping'
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Optimizing performance using 'iperf'
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Client versus server 'iperf' results
          • Network latency
          • Gigabit networks
      • OpenSSL cipher speed
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Compression tests
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Pushing compression options
          • Adaptive compression
      • Traffic shaping
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Tuning UDP-based connections
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • Tuning TCP-based connections
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Analyzing performance using tcpdump
        • Getting ready
        • How to do it...
        • How it works...
        • See also
    • 10. OS Integration
      • Introduction
      • Linux: using NetworkManager
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Setting up routes using NetworkManager
          • DNS settings
          • Scripting
      • Linux: using 'pull-resolv-conf'
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • MacOS: using Tunnelblick
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Name resolution
          • Scripting
      • Windows Vista/7: elevated privileges
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Windows: using the CryptoAPI store
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • The CA certificate file
          • Certificate fingerprint
      • Windows: updating the DNS cache
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Windows: running OpenVPN as a service
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Automatic service startup
          • OpenVPN User name
        • See also
      • Windows: public versus private network adapters
        • Getting ready
        • How to do it...
        • How it works...
        • See also
      • Windows: routing methods
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
    • 11. Advanced Configuration
      • Introduction
      • Including configuration files in config files
        • Getting ready
        • How to do it...
        • How it works...
      • Multiple remotes and remote-random
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Mixing TCP and UDP-based setups
          • Advantage of using TCP-based connections
          • Automatically reverting to the first OpenVPN server
        • See also
      • Details of ifconfig-pool-persist
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Specifying the update interval
          • Caveat: the duplicate-cn option
          • When 'topology net30' is used
      • Connecting using a SOCKS proxy
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Performance
          • Note #1 on SOCKS proxies via SSH
          • Note #2 on SOCKS proxies via SSH
          • SOCKS proxies using plain-text authentication
        • See also
      • Connecting via an HTTP proxy
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • http-proxy options
          • Ducking firewalls
          • Performance
        • See also
      • Connecting via an HTTP proxy with authentication
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • NTLM proxy authorization
          • New features in OpenVPN 2.2
        • See also
      • Using dyndns
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Failover
          • NetworkManager and 'ddclient'
        • See also
      • IP-less setups (ifconfig-noexec)
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Point-to-point and TUN-style networks
          • Routing and firewalling
    • 12. New Features of OpenVPN 2.1 and 2.2
      • Introduction
      • Inline certificates
        • Getting ready
        • How to do it...
        • How it works...
      • Connection blocks
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • Allowed directives inside connection blocks
          • Pitfalls when mixing TCP and UDP-based setups
        • See also
      • Port sharing with an HTTPS server
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
      • Routing features: redirect-private, allow-pull-fqdn
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • The route-nopull directive
          • The 'max-routes' directive
      • Handing out the public IPs
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
        • See also
      • OCSP support
        • Getting ready
        • How to do it...
        • How it works...
        • See also
      • New for 2.2: the 'x509_user_name' parameter
        • Getting ready
        • How to do it...
        • How it works...
        • There's more...
          • OpenVPN 2.1 behaviour
    • Index
  • Title: OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network
  • Author: Open VPN Solutions, Jan Just Keijser
  • Original title: OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network.
  • ISBN: 9781849510110, 9781849510110
  • Date of issue: 2011-02-17
  • Format: Ebook
  • Item ID: e_3cxx
  • Publisher: Packt Publishing