Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Networking with OpenVPN

Published byAsher Flowers Modified over 6 years ago

Similar presentations

Presentation on theme: "Virtual Private Networking with OpenVPN"— Presentation transcript:

1 Virtual Private Networking with OpenVPN
Wim Kerkhoff Fraser Valley Linux Users Group April 15, 2004 FVLUG/OpenVPN presentation, April Wim Kerkhoff

2 FVLUG/OpenVPN presentation, April 2004 Wim Kerkhoff
The Basics: What is VPN? Short for Virtual Private Network Creates a private network over a public medium Typically uses for encrypting/securing traffic sent across the Internet between two locations Can also be used for single hosts on a LAN (even a wireless one) Nobody with access to the public network can see the traffic moving through the VPN – looks like garbage FVLUG/OpenVPN presentation, April Wim Kerkhoff

3 What does OpenVPN offer?
It’s Open Source (GPL), flexible, easy to setup Can tunnel any IP (layer 3) or Ethernet (layer 2) over a single UDP or TCP port Cross platform (Linux, *BSD/OSX, Windows 2000/XP, Solaris) Encryption provided via OpenSSL – tons of options/ciphers/etc Can use a 2048 bit shared key or digital certificates (PKI) Compression, traffic-shaping Works nicely with restrictive firewalls FVLUG/OpenVPN presentation, April Wim Kerkhoff

4 How is OpenVPN different from other VPN packages?
Only open source package that uses SSL Doesn’t need a special kernel module, unlike FreeS/WAN. Only the generic TAP/TUN driver is needed Very portable Easy – lots of configuration examples Traffic shaping per tunnel Can support hundreds of tunnels User-space: can co-exist with other networking packages eg IP/SEC. Can connect through an HTTP proxy Easier to set up on non-Win32 systems then PPTP FVLUG/OpenVPN presentation, April Wim Kerkhoff

5 FVLUG/OpenVPN presentation, April 2004 Wim Kerkhoff
Modes Routed IP tunnels (layer 3) More efficient then bridged ethernet tunnels Easier to configure Bridged Ethernet tunnels (layer 2) Can tunnel IP and non-IP traffic IPX, NetBEUI, etc Both sides of VPN see network broadcasts Required for some LAN games FVLUG/OpenVPN presentation, April Wim Kerkhoff

6 FVLUG/OpenVPN presentation, April 2004 Wim Kerkhoff
Routed IP Tunnels Possible Topologies: Network <-> Network Network <-> Host Host <-> Network Host <-> Host When doing VPNs with networks, an iptables script will have to created to set up IP Masquerading and some firewalling rules Uses “TUN” mode FVLUG/OpenVPN presentation, April Wim Kerkhoff

7 Bridged Ethernet tunnel
Really just operates like a transparent ethernet bridge. Hence, special IP tables, NAT magic, or routing is required Uses “TAP” mode Bridge tools (bcrtl) are required Need to create a script to bind eth1 and tap0 together into a bridged device called br0 Then assign an IP to br0 FVLUG/OpenVPN presentation, April Wim Kerkhoff

8 FVLUG/OpenVPN presentation, April 2004 Wim Kerkhoff
OpenVPN on Windows XP/2000 Double click installer Can be configured as a Windows Service that starts on boot Some simple configuration changes in the .ovpn config file Just need to put the shared key or certificates in FVLUG/OpenVPN presentation, April Wim Kerkhoff

9 FVLUG/OpenVPN presentation, April 2004 Wim Kerkhoff
OpenVPN 2.0 Beta Series Can handle multiple UDP clients using a single UDP port Can support thousands of clients depending on hardware and network connection Has DHCP-like mechanism to push/pull specific settings to clients Better multithreading/SMP support Can run with least-privileges FVLUG/OpenVPN presentation, April Wim Kerkhoff

10 FVLUG/OpenVPN presentation, April 2004 Wim Kerkhoff
Beyond OpenVPN 2.0 True point-to-multipoint Use a dynamic routing protocol to route through a larger and more complicated VPN cloud Reduce need to get route through a central server/office to access a system in another branch office FVLUG/OpenVPN presentation, April Wim Kerkhoff

11 FVLUG/OpenVPN presentation, April 2004 Wim Kerkhoff
Conclusions… Definitely the way to go for anything VPN using Windows clients Way easier to setup then IPSec on either Windows or Linux Stable/Reliable OpenVPN website: FVLUG/OpenVPN presentation, April Wim Kerkhoff

Download ppt "Virtual Private Networking with OpenVPN"

Similar presentations

RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.

RASPro is a secure high performance remote application delivery platform through a perfect combination of application hosting and application streaming.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
Module 8: Concepts of a Network Load Balancing Cluster

Module 8: Concepts of a Network Load Balancing Cluster
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
M2M Gateway Features Jari Lahti, CTO www.violasystems.com.

M2M Gateway Features Jari Lahti, CTO
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,

1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,
Networking Components Chad Benedict – LTEC 4550 1.

Networking Components Chad Benedict – LTEC
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
Building a massively scalable serverless VPN using Any Source Multicast Athanasios Douitsis Dimitrios Kalogeras National Technical University of Athens.

Building a massively scalable serverless VPN using Any Source Multicast Athanasios Douitsis Dimitrios Kalogeras National Technical University of Athens.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.

DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Similar presentations

Ads by Google