Using UBUNTU OS and OpenVPN and Hamachi in Server –Client environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol [9] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and Firewalls - wikipediaopen-sourcevirtual private network [9]SSL/TLSnetwork address translators

Update server’s package $ sudo apt –get update Install easy –rsa package $ sudo apt –get install openvpn easy –rsa

OpenVPN is an TLS/SSL VPN – it utilizes certificates to encrypt traffic between server and clients Copy the easy-rsa template to home directory $ make-cadir ~/openvpn-ca Move to newly created directory $ cd ~/openvpn-ca

To do this open the vars file and edit it $ nano vars Edit the highlighted values to whatever you prefer Also edit the KEY_NAME value to “server”

One must be in CA directory and then source the vars file $ cd ~/openvpn-ca $ source vars Then build the root CA $./build –ca ( This initiates the process of building CA)

In this step server certificate and key pairs as well as some additional files used during encryption are generated. (a 2048 bit RSA Private Key is generated and written to “Server.key”) A notification is given indicating the time frame for the certificate validation – in this case it is until 2027

The process can be done both on the client machine and then signed by the server/CA for security reasons, it is also possible to generate the signed key on the server A single client key can be generated if there is only one client, but the generation process can be repeated as many times as there are clients

Configure the OpenVPN Service Adjust the Server Networking Configuratuion Allow IP Forwarding Adjust UFW rules to Masquerade Client Connections Open the OpenVPN Port – allow 1194/udp, Open SSH

Start and Enable the OpenVPN Service Create Client Configuration Infrastructure Create the Client Config Directory Structure Create a base Configuration Create a Configuration Generation Script

Generate Client Configurations Transfer Configration to Clients Devices – PC, mobile device Install the Client Configuration Windows Linux

LogMeIn Hamachi is a virtual private network (VPN) application that is capable of establishing direct links between computers that are behind NAT firewalls without requiring reconfiguration.virtual private networkNAT It establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a local area network. - Wikipedealocal area network

LogMeIn Hamachi's security is end-to-end: two Hamachi nodes exchange information with each other after mutual authentication and session key agreement. While node-to-node traffic (that is, regular VPN flow) typically bypasses LogMeIn's servers and is sent directly from one point to the other, even traffic that has to be relayed through a server is secured and encrypted at the endpoints.

The LogMeIn servers authenticate Hamachi nodes using an RSA keypair. To log in, the node submits its Hamachi identifier and uses its private key to sign the server's challenge. The server verifies the signature and this authenticates the client. When the node connects to the server, it announces which key it expects the server to have. If the server has the requested key, the login sequence commences.

When any two entities exchange data with each other, a key exchange protocol takes place in conjunction with the obligatory authentication phase. The key exchange protocol is Diffie-Hellman with the 2048-bit MODP group as defined in RFC Once a session key has been established, the AES-256-CBC cipher is used for data encryption and decryption with ESP- style padding as defined in RFC Packets are authenticated with the HMAC-SHA-1-96 (RFC 2404)