Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Jan Just Keijser
OpenVPN Cookbook - Second Edition
OpenVPN Cookbook - Second Edition
OpenVPN Cookbook - Second Edition
Credits
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Point-to-Point Networks
Introduction
The shortest setup possible
Getting ready
How to do it...
How it works...
There's more...
Using the TCP protocol
Forwarding non-IP traffic over the tunnel
OpenVPN secret keys
Getting ready
How to do it...
How it works...
There's more...
See also
Multiple secret keys
Getting ready
How to do it...
How it works...
There's more...
See also
Plaintext tunnel
Getting ready
How to do it...
How it works...
There's more...
Routing
Getting ready
How to do it...
How it works...
There's more...
Routing issues
Automating the setup
See also
Configuration files versus the command line
Getting ready
How to do it...
How it works...
There's more...
Exceptions to the rule
Complete site-to-site setup
Getting ready
How to do it...
How it works...
There's more...
See also
Three-way routing
Getting ready
How to do it...
How it works...
There's more...
Scalability
Routing protocols
See also
Using IPv6
Getting ready
How to do it...
How it works...
There's more...
Log file errors
IPv6-only tunnel
See also
2. Client-server IP-only Networks
Introduction
Setting up the public and private keys
Getting ready
How to do it...
How it works...
There's more...
Using the easy-rsa scripts on Windows
Some notes on the different variables
See also
A simple configuration
Getting ready
How to do it...
How it works...
There's more...
Server-side routing
Getting ready
How to do it...
How it works...
There's more...
Linear addresses
Using the TCP protocol
Server certificates and ns-cert-type server
Masquerading
Adding IPv6 support
Getting ready
How to do it...
How it works...
There's more...
IPv6 endpoints
IPv6-only setup
Using client-config-dir files
Getting ready
How to do it...
How it works...
There's more...
The default configuration file
Troubleshooting
Options allowed in a client-config-dir file
Routing - subnets on both sides
Getting ready
How to do it...
How it works...
There's more...
Masquerading
Client-to-client subnet routing
No route statements in a CCD file
See also
Redirecting the default gateway
Getting ready
How to do it...
How it works...
There's more...
Redirect-gateway parameters
The redirect-private option
Split tunneling
See also
Redirecting the IPv6 default gateway
Getting ready
How to do it...
How it works...
There's more...
Using an ifconfig-pool block
Getting ready
How to do it...
How it works...
There's more..
Configuration files on Windows
Client-to-client access
Using the TCP protocol
Using the status file
Getting ready
How to do it...
How it works...
There's more...
Status parameters
Disconnecting clients
Explicit-exit-notify
The management interface
Getting ready
How to do it...
How it works...
There's more...
See Also
Proxy ARP
Getting ready
How to do it...
How it works...
There's more...
TAP-style networks
User nobody
Broadcast traffic might not always work
See also
3. Client-server Ethernet-style Networks
Introduction
Simple configuration - non-bridged
Getting ready
How to do it...
How it works...
There's more...
Differences between TUN and TAP
Using the TCP protocol
Making IP forwarding permanent
See also
Enabling client-to-client traffic
Getting ready
How to do it...
How it works...
There's more...
Broadcast traffic may affect scalability
Filtering traffic
TUN-style networks
Bridging - Linux
Getting ready
How to do it...
How it works...
There's more...
Fixed addresses and the default gateway
Name resolution
See also
Bridging- Windows
Getting ready
How to do it...
How it works...
See also
Checking broadcast and non-IP traffic
Getting ready
How to do it...
How it works...
An external DHCP server
Getting ready
How to do it...
How it works...
There's more...
DHCP server configuration
DHCP relay
Tweaking /etc/sysconfig/network-scripts
Using the status file
Getting ready
How to do it...
How it works...
There's more...
Difference with TUN-style networks
Disconnecting clients
See also
The management interface
Getting ready
How to do it...
How it works...
There's more...
See also
Integrating IPv6 into TAP-style networks
Getting ready
How to do it...
How it works...
There's more...
See also
4. PKI, Certificates, and OpenSSL
Introduction
Certificate generation
Getting ready
How to do it...
How it works...
There's more...
See also
OpenSSL tricks - x509, pkcs12, verify output
Getting ready
How to do it...
How it works...
Revoking certificates
Getting ready
How to do it...
How it works...
There's more...
What is needed to revoke a certificate
See also
The use of CRLs
Getting ready
How to do it...
How it works...
There's more...
See also
Checking expired/revoked certificates
Getting ready
How to do it...
How it works...
There's more...
Intermediary CAs
Getting ready
How to do it...
How it works...
There's more...
Multiple CAs - stacking, using the capath directive
Getting ready
How to do it...
How it works...
There's more...
Using the -capath directive
Determining the crypto library to be used
Getting ready
How to do it...
How it works...
There's more...
See also
Crypto features of OpenSSL and PolarSSL
Getting ready
How to do it...
How it works...
There's more...
AEAD Ciphers
Encryption speed
Pushing ciphers
Getting ready
How to do it...
How it works...
There's more...
Future enhancements
Elliptic curve support
Getting ready
How to do it...
How it works...
There's more...
Elliptic curve support
5. Scripting and Plugins
Introduction
Using a client-side up/down script
Getting ready
How to do it...
How it works...
There's more...
Environment variables
Calling the down script before the connection terminates
Advanced - verify the remote hostname
Using a client-connect script
Getting ready
How to do it...
How it works...
There's more...
Pitfall in using ifconfig-push
The client-disconnect scripts
Environment variables
Absolute paths
Using a learn-address script
Getting ready
How to do it...
How it works...
There's more...
User nobody
The update action
Using a tls-verify script
Getting ready
How to do it...
How it works...
There's more...
Using an auth-user-pass-verify script
Getting ready
How to do it...
How it works...
There's more...
Specifying the username and password in a file on the client
Passing the password via environment variables
Script order
Getting ready
How to do it...
How it works...
There's more...
Script security and logging
Getting ready
How to do it...
How it works...
There's more...
Scripting and IPv6
Getting ready
How to do it...
How it works...
There's more...
Using the down-root plugin
Getting ready
How to do it...
How it works...
There's more...
See also
Using the PAM authentication plugin
Getting ready
How to do it...
How it works...
There's more...
See also
6. Troubleshooting OpenVPN - Configurations
Introduction
Cipher mismatches
Getting ready
How to do it...
How it works...
There's more...
Pushable ciphers
TUN versus TAP mismatches
Getting ready
How to do it...
How it works...
Compression mismatches
Getting ready
How to do it...
How it works...
Key mismatches
Getting ready
How to do it...
How it works...
See also
Troubleshooting MTU and tun-mtu issues
Getting ready
How to do it...
How it works...
There's more...
See also
Troubleshooting network connectivity
Getting ready
How to do it...
How it works...
There's more...
Troubleshooting client-config-dir issues
Getting ready
How to do it...
How it works...
There's more...
More verbose logging
Other frequent client-config-dir mistakes
See also
Troubleshooting multiple remote issues
Getting ready
How to do it...
How it works...
There's more...
See also
Troubleshooting bridging issues
Getting ready
How to do it...
How it works...
See also
How to read the OpenVPN log files
Getting ready
How to do it...
How it works...
There's more...
7. Troubleshooting OpenVPN - Routing
Introduction
The missing return route
Getting ready
How to do it...
How it works...
There's more...
Masquerading
Adding routes on the LAN hosts
See also
Missing return routes when iroute is used
Getting ready
How to do it...
How it works...
There's more...
See also
All clients function except the OpenVPN endpoints
Getting ready
How to do it...
How it works...
There's more...
See also
Source routing
Getting ready
How to do it...
How it works...
There's more...
Routing and permissions on Windows
Getting ready
How to do it...
How it works...
There's more...
Unable to change Windows network location
Getting ready
How to do it...
How it works...
There's more...
Troubleshooting client-to-client traffic routing
Getting ready
How to do it...
How it works...
There's more...
See also
Understanding the MULTI: bad source warnings
Getting ready
How to do it...
How it works...
There's more...
Other occurrences of the MULTI: bad source message
See also
Failure when redirecting the default gateway
Getting ready
How to do it...
How it works...
There's more...
See also
8. Performance Tuning
Introduction
Optimizing performance using ping
Getting ready
How to do it...
How it works...
There's more...
See also
Optimizing performance using iperf
Getting ready
How to do it...
How it works...
There's more...
Client versus server iperf results
Network latency
Gigabit networks
See also
Comparing IPv4 and IPv6 speed
Getting ready
How to do it...
How it works...
There's more...
Client versus server iperf results
OpenSSL cipher speed
Getting ready
How to do it...
How it works...
There's more...
See also
OpenVPN in Gigabit networks
Getting ready
How to do it...
How it works...
There's more...
Plain-text tunnel
Windows performance
Compression tests
Getting ready
How to do it...
How it works...
There's more...
Traffic shaping
Getting ready
How to do it...
How it works...
Tuning UDP-based connections
Getting ready
How to do it...
How it works...
There's more...
See also
Tuning TCP-based connections
Getting ready
How to do it...
How it works...
There's more...
Analyzing performance using tcpdump
Getting ready
How to do it...
How it works...
See also
9. OS Integration
Introduction
Linux - using NetworkManager
Getting ready
How to do it...
How it works...
There's more...
Setting up routes using NetworkManager
DNS settings
Scripting
Linux - using pull-resolv-conf
Getting ready
How to do it...
How it works...
There's more...
Windows - elevated privileges
Getting ready
How to do it...
How it works...
Windows - using the CryptoAPI store
Getting ready
How to do it...
How it works...
There's more...
The CA certificate file
Certificate fingerprint
Windows - updating the DNS cache
Getting ready
How to do it...
How it works...
See also
Windows - running OpenVPN as a service
Getting ready
How to do it...
How it works...
There's more...
Automatic service startup
OpenVPN user name
See also
Windows - public versus private network adapters
Getting ready
How to do it...
How it works...
See also
Windows - routing methods
Getting ready
How to do it...
How it works...
There's more...
Windows 8+ - ensuring DNS lookups are secure
Getting ready
How to do it...
How it works...
There's more...
Android - using the OpenVPN for Android clients
Getting ready
How to do it...
How it works...
There's more...
See also
Push-peer-info - pushing options to Android clients
Getting ready
How to do it...
How it works...
There's more...
10. Advanced Configuration
Introduction
Including configuration files in config files
Getting ready
How to do it...
How it works...
Multiple remotes and remote-random
Getting ready
How to do it...
How it works...
There's more...
Mixing TCP and UDP-based setups
Advantage of using TCP-based connections
Automatically reverting to the first OpenVPN server
See also
Inline certificates
Getting ready
How to do it...
How it works...
There's more...
Connection blocks
Getting ready
How to do it...
How it works...
There's more...
Allowed directives inside connection blocks
Pitfalls when mixing TCP and UDP-based setups
See also
Details of ifconfig-pool-persist
Getting ready
How to do it...
How it works...
There's more...
Specifying the update interval
Caveat - the duplicate-cn option
When topology net30 is used
Connecting using a SOCKS proxy
Getting ready
How to do it...
How it works...
There's more...
Performance
SOCKS proxies via SSH
SOCKS proxies using plain-text authentication
See also
Connecting via an HTTP proxy
Getting ready
How to do it...
How it works...
There's more...
http-proxy options
Dodging firewalls
Performance
Using the OpenVPN GUI
See also
Connecting via an HTTP proxy with authentication
Getting ready
How to do it...
How it works...
There's more...
NTLM proxy authorization
Authentication methods
OpenVPN GUI limitations
See also
IP-less setups - ifconfig-noexec
Getting ready
How to do it...
How it works...
There's more...
Point-to-point and TUN-style networks
Routing and firewalling
Port sharing with an HTTPS server
Getting ready
How to do it...
How it works...
There's more...
Alternatives
Routing features - redirect-private, allow-pull-fqdn
Getting ready
How to do it...
How it works...
There's more...
The route-nopull directive
The max-routes directive
See also
Filtering out pushed options
Getting ready
How to do it...
How it works...
Handing out the public IPs
Getting ready
How to do it...
How it works...
There's more...
See also
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Table of Contents
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset