Beginning OpenVPN 2.0.9 : build and integrate virtual private ... - GBV

possibledisastrousΑσφάλεια

9 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

94 εμφανίσεις

Beginning
OpenVPN
2.0.9
Build
and
integrate
Virtual
Private Networks
using
OpenVPN
Markus Feilner
Norbert Graf
PUBLISHING
BIRMINGHAM
-
MUMBAI
Table
of
Contents
Preface
1
Chapter
1:
VPN—Virtual
Private Network
7
Broadband
Internet
access
and
VPNs
9
How does
a
VPN
work?
10
What
are
VPNs
used for?
12
Networking
concepts—protocols
and
layers
13
Tunneling
and
overhead
16
VPN
concepts—overview
17
A
proposed
standard
for
tunneling
17
Protocols
implemented
on
OSI
layer
2
18
Protocols
implemented
on
OSI
layer
3
19
Protocols
implemented
on
OSI
layer
4
20
OpenVPN—a
SSL/TLS-based
solution
21
Summary
21
Chapter
2:
VPN
Security
23
VPN
security
23
Privacy—encrypting
traffic
24
Symmetric encryption
and
pre-shared
keys
25
Reliability
and authentication
26
The
problem
of
complexity
in classic VPNs
26
Asymmetric
encryption
with SSL/TLS
27
SSL/TLS
security
28
HTTPS
29
Understanding
SSL/TLS certificates
30
Trusted
certificates
30
Self-signed
certificates
32
Table
of
Contents
SSL/TLS certificates
and VPNs
33
Generating
certificates
and
keys
34
Summary
34
Chapter
3:
OpenVPN
35
Advantages
of
OpenVPN
35
History
of
OpenVPN
37
OpenVPN
Version
1
38
OpenVPN
Version 2
41
The road to version 2.1
42
Networking
with
OpenVPN
44
OpenVPN
and firewalls
46
Configuring OpenVPN
47
Problems with
OpenVPN
48
OpenVPN compared
to
IPsec
VPN 49
User
space
versus
kernel
space
51
Sources for
help
and
documentation 51
The
project
community
52
Documentation
in the software
packages
52
Summary
53
Chapter
4:
Installing
OpenVPN
on
Windows and Mac 65
Obtaining
the
software
55
Installing
OpenVPN
on
Windows 56
Downloading
and
starting
installation
56
Selecting
the
components
and location 57
Finishing
installation 59
Testing
the
installation—a first
look at the
panel applet
60
Installing OpenVPN
on
Mac OS X
(Tunnelblick)
62
Testing
the installation—the Tunnelblick
panel applet
64
Summary
65
Chapter
5:
Installing OpenVPN
on
Linux and Unix
Systems
67
Prerequisites
67
Installing
OpenVPN
on
SuSE Linux
68
Using
YaST
to
install software 69
Installing OpenVPN
on
Red Hat Fedora
using
yum
72
Installing
OpenVPN
on
Red
Hat
Enterprise
Linux 75
Installing OpenVPN
on
RPM-based
systems
77
Using wget
to download
OpenVPN
RPMs 78
Installing OpenVPN
and
the
LZO
library
with
wget
and RPM 79
Using
rpm
to obtain information
on
the installed
OpenVPN
version 80
Table
of
Contents
Installing OpenVPN
on
Debian and
Ubuntu
82
Installing
Debian
packages
84
Using Aptitude
to
search
and
install
packages
86
OpenVPN—the
files
installed
on
Debian
88
Installing
OpenVPN
on
FreeBSD
88
Installing
a newer
version of
OpenVPN
on
FreeBSD—the
ports system
91
Installing
the
port
system
with
sysinstall
91
Downloading
and
installing
a
BSD
port
92
Summary
94
Chapter
6:
Advanced
OpenVPN
Installation
95
Troubleshooting—advanced
installation
methods
95
Installing
OpenVPN
from
source
code
96
Building
and
distributing
.deb
packages
102
Building
your
own
RPM
file
104
Enabling
Linux
kernel TUN/TAP
support
106
Using menuconfig
107
Summary
109
Chapter
7:
Configuring
an
OpenVPN
Server—The First Tunnel
111
OpenVPN
on
Microsoft
Windows 112
Generating
a
static
OpenVPN key
113
Creating
a
sample
connection
-
115
Adapting
the
sample configuration
file
provided by OpenVPN
117
Starting
and
testing
the tunnel 119
A brief look at Windows
OpenVPN
network interfaces
121
Connecting
Windows and Linux 122
File
exchange
between
Windows and Linux 123
WinSCP 123
Transferring
the
key
file from Windows to Linux with WinSCP 124
The second
pitfall—carriage
return/end of line
126
Configuring
the Linux
system
127
Testing
the tunnel 129
Alook at the Linux network interfaces 130
Running OpenVPN automatically
131
OpenVPN
as a server on
Windows 131
OpenVPN
as a
server
on
Linux 133
Runlevels
and
init
scripts
on
Linux 133
Using
runlevel
and init
to
change
and check runlevels 134
The
system
control for runlevels 135
Managing
init
scripts
136
Using
SuSE's YaST module
system
services
(runlevel)
137
Table
of
Contents
Troubleshooting
firewall issues
139
Deactivating
the Windows XP
service
pack
2 firewall
139
Stopping
the
SuSE firewall
141
Summary
142
Chapter
8:
Setting Up
OpenVPN
with X.509
Certificates
143
Creating
certificates
143
Certificate
generation
on
Windows Server
2008 with
easy-rsa
144
Setting variables—editing
vars.bat
145
Creating
the Diffie-Hellman
key
146
Building
the
certificate
authority
147
Generating
server
and
client
keys
148
Distributing
the
files
to
the VPN
partners
152
Configuring OpenVPN
to
use
certificates 154
Using
easy-rsa
on
Linux
157
Preparing
variables in
vars
158
Creating
the Diffie-Hellman
key
and the
certificate
authority
158
Creating
the first
server
certificate/key pair
159
Creating
further
certificates and
keys
161
Troubleshooting
162
Summary
163
Chapter
9:The Command
openvpn
and Its
Configuration
File 165
Syntax
of
openvpn
166
OpenVPN
command-line
parameters
166
Using OpenVPN
at
the command line 167
Parameters used
in
the standard
configuration
file for
a
static
key
client 169
Compressing
the data 169
Controlling
and
restarting
the
tunnel
172
Debugging output—troubleshooting
173
Configuring OpenVPN
with
certificates—simple
TLS mode 175
Overview of
OpenVPN parameters
176
General
tunnel
options
176
Routing
179
Controlling
the
tunnel 181
Scripting
182
Modules
182
Logging
184
Specifying
a user
and
group
185
The
management
interface
186
Proxies
188
Encryption
parameters
189
Table
of
Contents
Testing
the
crypto system
with
-test-crypto
190
SSL information—command
line
191
Server
mode
195
Server
mode
parameters
196
--client-config
options
199
Client mode
parameters
201
Push
options
202
Important Windows-specific
options
203
New
in
Version 2.1
204
Connection
profiles
204
Topology
mode
205
Script-security
206
Port-sharing
206
Test
206
Summary
207
Chapter
10:
Securing OpenVPN
Tunnels and Servers
209
Securing
and
stabilizing OpenVPN
209
Authentication
212
Using
authentication methods 213
Authentication
plugins
overview
216
Authentication with tokens
217
Individual
authentication with
Pam-per-user
218
Linux
and
Firewalls
220
Debian
Linux and Webmin
with
Shorewall
221
Installing
Webmin
and Shorewall 221
Looking
at
Webmin
222
Preparing
Webmin and Shorewall for the first start
223
Preparing
the Shoreline firewall 224
Troubleshooting
Shorewall—editing
the
configuration
files 225
OpenVPN
and
SuSEfirewall
228
Routing
and firewalls
230
Configuring
a
router without
a
firewall 230
iptables—the
standard Linux
firewall
tool
230
Configuring
the
Windows
Firewall for
OpenVPN
234
Summary
238
Chapter
11:
Advanced Certificate
Management
239
Certificate
management
and
security
239
Installing
xca
240
Using
xca
240
Creating
a
database 240
Table
of
Contents
Importing
a
CA
certificate 242
Creating
and
signing
a new
server/client certificate 244
Revoking
certificates with
xca
248
Using
TinyCA2
to
manage
certificates 250
Importing
our
CA 250
Using TinyCA2
for CAadministration 251
Creating
new
certificates and
keys
252
Exporting keys
and certificates with
TinyCA2
254
Revoking
certificates with
TinyCA2
255
Other tools worth
mentioning
255
Summary
256
Chapter
12:
OpenVPN
GUI Tools 257
OpenVPN
server
administration:Webmin's
OpenVPN plugin
257
Client
GUIs
for
Linux
260
KVpnc
260
GAdmin-OpenVPN-Client
262
NetworkManager
263
Summary
264
Chapter
13:Advanced
OpenVPN Configuration
265
Tunneling
a
proxy
server
and
protecting
the
proxy
266
Scripting
OpenVPN—an
overview
268
Using
a
client
configuration directory
with
per-client
configurations
270
Individual firewall rules for
connecting
clients
273
Distributed
compilation through
VPN tunnels with distcc
275
Ethernet
bridging
with
OpenVPN
277
Automatic installation for Windows
clients
279
Clustering
and
redundancy
284
Summary
285
Chapter
14:
Mobile
Security
with
OpenVPN
287
Anonymous
and uncensored Internet
Access 287
OpenVPN
on
Windows Mobile
289
Embedded Linux
-
Maemo
292
Summary
294
Chapter
15:
Troubleshooting
and
Monitoring
295
Testing
network
connectivity
295
Checking interfaces,
routing,
and
connectivity
on
the VPN
servers
298
Debugging
with
tcpdump
and IPTraf
303
Using OpenVPN
protocol
and
status
files for
debugging
305
Scanning
servers
with
Nmap
307
[vi]
Table
of
Contents
Monitoring
tools
308
ntop
309
Munin
310
Nagios
311
OpenVPNgraph
312
Summary
313
Appendix:
Internet
Resources
and More
315
Index
325