Tampa Tech Club

blueberrystoreSecurity

Dec 9, 2013 (3 years and 8 months ago)

159 views

February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
1
Tampa Tech Club
Presents
By
Barry Simons
http://www.tampatechclub.org
http://www.facebook.com/tampatechclub
https://twitter.com/tampatechclub
http://www.youtube.com/tampatechclub
This presentation is Creative Commons licensed
See
http://creativecommons.org/licenses/by/3.0/
for details
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
2
Overview

What is a Virtual Private Network (VPN)?

OpenVPN Options

OpenVPN Ethernet Bridge Example

OpenVPN Demo

Please ask questions at anytime
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
3
Virtual Private Network

Firewall/Router
OpenVPN Server
Desktop
Mobile
Internet
Graphics provided by
openclipart.org
VPN
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
4
OpenVPN Options

Tunnel (Tun)

Ethernet Bridge (Tap)

UDP – User Datagram Protocol

TCP – Transmission Control Protocol

Android / iOS / Linux / Mac / Windows

DD-WRT / TomatoVPN

Open Source

Community and Commercial Support
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
5
Basic Setup

VirtualBox -
https://www.virtualbox.org

Ubuntu 10.04 LTS -
http://www.ubuntu.com/

apt-get install openvpn bridge-utils

bridge-utils only needed for Ethernet bridge

useradd -r -U -d /etc/openvpn -s /bin/false openvpn

Edit example server.conf, bridge-start, and bridge-stop

See following slides for config
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
6
server.conf

proto tcp

dev tap0

ca ca.crt

cert server.crt

key server.key

dh dh2048.pem

crl-verify crl.pem

ifconfig-pool-persist ipp.txt

server-bridge 192.168.3.1 255.255.255.0 192.168.3.200
192.168.3.250

push "redirect-gateway def1"
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
7
server.conf (continued)

push "dhcp-option DNS 192.168.3.1"

client-to-client

cipher AES-128-CBC

comp-lzo

user openvpn

group openvpn

persist-key

persist-tun

status openvpn-status.log

up bridge-start

down bridge-stop
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
8
client.ovpn

client

remote 192.168.1.149

ca ca.crt

cert client.crt

key client.key

cipher AES-128-CBC

comp-lzo yes

dev tap

proto tcp
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
9
client.ovpn (continued)

nobind

auth-nocache

script-security 2

persist-key

persist-tun

user openvpn

group openvpn
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
10
Easy RSA

cd /etc/openvpn

cp -R /usr/share/doc/openvpn/examples/easy-rsa .

cd easy-rsa/2.0

Edit vars and source vars

./clean-all ./build-dh ./build-ca

./build-key-server server

./build-key client
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
11
Demo
Working OpenVPN Implementaion
February 8, 2012
Barry Simons | OpenVPN | CC BY 3.0 License
12
Summary

VPN – Securly connect two networks

OpenVPN Tun / Tap

OpenVPN Ethernet Bridge Example

OpenVPN Demo

More information at
http://www.openvpn.net