Plaintext tunnel

In the very first recipe, we created a tunnel in which the data traffic was not encrypted. To create a completely plain text tunnel, we also disable the HMAC authentication. This can be useful when debugging a bad connection, as all traffic over the tunnel can now easily be monitored. In this recipe, we will look at how to do this. This type of tunnel is also useful when doing performance measurements, as it is the least CPU-intensive tunnel that can be established.

Getting ready

Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Fedora 22 Linux and OpenVPN 2.3.10.

As we are not using any encryption, no secret keys are needed.

How to do it...

  1. Launch the server-side (listening) OpenVPN process:
             [root@server]# openvpn 
                --ifconfig 10.200.0.1 10.200.0.2 
                --dev tun --auth none
    
  2. Then launch the client-side OpenVPN process:
             [root@client]# openvpn 
                --ifconfig 10.200.0.2 10.200.0.1 
                --dev tun --auth none
                --remote openvpnserver.example.com
    
  3. The connection will be established with the following two warning messages as the output:
    
    ... ******* WARNING *******: null cipher specified, no encryption will be 
                          used
    
    
    ... ******* WARNING *******: null MAC specified, no authentication will 
                          be used
    
    

How it works...

With this setup, absolutely no encryption is performed. All of the traffic that is sent over the tunnel is encapsulated in an OpenVPN packet and then sent as is.

There's more...

To actually view the traffic, we can use tcpdump; follow these steps:

  1. Set up the connection as outlined.
  2. Start tcpdump and listen on the network interface, not the tunnel interface itself:
           [root@client]# tcpdump -l -w -  -i eth0 -s 0 host 
               openvpnserver | strings
    
  3. Now, send some text across the tunnel, using something like nc (Netcat). First, launch nc on the server side:
           [server]$ nc -l 31000
    
  4. On the client side, launch the nc command in client mode and type hello and goodbye:
           [client]$ nc 10.200.0.1 3100
             hello
             goodbye
    
  5. In the tcpdump window, you should now see the following:
    There's more...
  6. Press CtrlC to terminate tcpdump as well as nc.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.123.182