In the very first recipe, we created a tunnel in which the data traffic was not encrypted. To create a completely plain text tunnel, we also disable the HMAC authentication. This can be useful when debugging a bad connection, as all traffic over the tunnel can now easily be monitored. In this recipe, we will look at how to do this. This type of tunnel is also useful when doing performance measurements, as it is the least CPU-intensive tunnel that can be established.
Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Fedora 22 Linux and OpenVPN 2.3.10.
As we are not using any encryption, no secret keys are needed.
[root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --auth none
[root@client]# openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --auth none --remote openvpnserver.example.com
... ******* WARNING *******: null cipher specified, no encryption will be used ... ******* WARNING *******: null MAC specified, no authentication will be used
With this setup, absolutely no encryption is performed. All of the traffic that is sent over the tunnel is encapsulated in an OpenVPN packet and then sent as is.
To actually view the traffic, we can use tcpdump
; follow these steps:
tcpdump
and listen on the network interface, not the tunnel interface itself: [root@client]# tcpdump -l -w - -i eth0 -s 0 host
openvpnserver | strings
nc
(Netcat). First, launch nc
on the server side: [server]$ nc -l 31000
nc
command in client mode and type hello
and goodbye
:[client]$ nc 10.200.0.1 3100 hello goodbye
tcpdump
window, you should now see the following:tcpdump
as well as nc
.13.59.123.182