Difference between revisions of "OpenVPN"

From Secure Computing Wiki
Jump to: navigation, search
(DH Param Notes)
 
(32 intermediate revisions by 13 users not shown)
Line 1: Line 1:
 +
{{OpenVPN_Menu}}
 
[[image:openvpn_logo.png|right]]OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.
 
[[image:openvpn_logo.png|right]]OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.
  
 
This page is designed to provide an applied-level of support.  The [http://openvpn.net/index.php/documentation/howto.html OpenVPN HowTo] has lots of great examples and configuration option.
 
This page is designed to provide an applied-level of support.  The [http://openvpn.net/index.php/documentation/howto.html OpenVPN HowTo] has lots of great examples and configuration option.
 +
 
<p>
 
<p>
 
Help with creating a VPN which connects multiple lans.  Server and clients have lans behind them.  This will help you understand how to use the route, push route, and iroute commands.<br>
 
Help with creating a VPN which connects multiple lans.  Server and clients have lans behind them.  This will help you understand how to use the route, push route, and iroute commands.<br>
 
* [[OpenVPN/Routing]]
 
* [[OpenVPN/Routing]]
  
== OpenVPN Topics at SCN ==
+
== Client Software/Packages==
* [[OpenVPN/Routed]]
+
=== Windows ===
* [[OpenVPN/Bridge Server]]
+
=== Linux ===
* [[OpenVPN/FAQ]]
+
OpenVPN is readily available through most distributions package managers. Gnome's network-manager can manage various types of VPN's, including OpenVPN through plugins.
 +
 
 +
=== Mac ===
 +
* [http://www.viscosityvpn.com/ Viscosity ($$$)]
 +
** Supports 2.0.9 AND 2.1-rc15
 +
* [http://code.google.com/p/tunnelblick/ Tunnelblick (FREE)]
 +
** Supports 2.0.9 in release version, 2.1.1 in beta version.
 +
** [[Tunnelblick|Tunnelblick How-To]]
 +
 
 +
== Building custom Win32/64 OpenVPN installer ==
 +
* [[OpenVPN/HowTo for Windows|HowTo for Windows]]
 +
* [[OpenVPN/HowTo for Windows 2|HowTo for Windows 2]]
 +
 
 +
== Related Links ==
 +
* [http://www.eurephia.net/ eurephia Authentication Plugin for OpenVPN]
 +
* [http://www.linuxjournal.com/article/9915 Linux Journal: Building a Multisourced Infrastructure Using OpenVPN]
 +
 
 +
== DH Param Notes ==
 +
Just for laughs, I generate three 4096-bit primes using openssl on three different systems; the results are here.
 +
 
 +
<pre>FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009
 +
    root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
 +
Timecounter "i8254" frequency 1193182 Hz quality 0
 +
CPU: Intel(R) Xeon(R) CPU          E5530  @ 2.40GHz (2394.01-MHz K8-class CPU)
 +
 
 +
976.093u 0.060s 16:16.66 99.9% 494+1043k 7+0io 12pf+0w</pre>
 +
 
 +
<pre>FreeBSD 8.1-PRERELEASE #5: Tue Jul 13 14:10:29 CDT 2010
 +
    root@jaguar-2.claimlynx.com:/usr/obj/usr/src/sys/GENERIC-CARP amd64
 +
Timecounter "i8254" frequency 1193182 Hz quality 0
 +
CPU: Intel(R) Xeon(R) CPU          E5520  @ 2.27GHz (2261.01-MHz K8-class CPU)
 +
 
 +
685.101u 0.022s 11:25.47 99.9%  495+1037k 2+0io 6pf+0w</pre>
  
For instruction on setting up an OpenVPN server on FreeBSD, see [[OpenVPN Server]].
+
<pre>machdep.cpu.vendor: GenuineIntel
 +
machdep.cpu.brand_string: Intel(R) Core(TM) i7 CPU      M 620  @ 2.67GHz
 +
Darwin Swordfish.local 10.6.0 Darwin Kernel Version 10.6.0: Wed Nov 10 18:13:17 PST 2010; root:xnu-1504.9.26~3/RELEASE_I386 i386
  
 +
2249.944u 1.799s 37:32.94 99.9% 0+0k 2+9io 0pf+0w</pre>
 
[[Category: OpenVPN]]
 
[[Category: OpenVPN]]

Latest revision as of 09:50, 9 February 2011

OpenVPN Topics

GENERAL: RoutingRIP RoutingBridgingFAQFirewallVPN ChainingHigh-AvailabilityTroubleshootingDonationsIRC meetingsDeveloper DocsTester Docs
OS RELATED: FreeBSD Routed FreeBSD Bridged

Openvpn logo.png
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.

This page is designed to provide an applied-level of support. The OpenVPN HowTo has lots of great examples and configuration option.

Help with creating a VPN which connects multiple lans. Server and clients have lans behind them. This will help you understand how to use the route, push route, and iroute commands.

Client Software/Packages

Windows

Linux

OpenVPN is readily available through most distributions package managers. Gnome's network-manager can manage various types of VPN's, including OpenVPN through plugins.

Mac

Building custom Win32/64 OpenVPN installer

Related Links

DH Param Notes

Just for laughs, I generate three 4096-bit primes using openssl on three different systems; the results are here.

FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009
    root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(R) CPU           E5530  @ 2.40GHz (2394.01-MHz K8-class CPU)

976.093u 0.060s 16:16.66 99.9%	494+1043k 7+0io 12pf+0w
FreeBSD 8.1-PRERELEASE #5: Tue Jul 13 14:10:29 CDT 2010
    root@jaguar-2.claimlynx.com:/usr/obj/usr/src/sys/GENERIC-CARP amd64
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(R) CPU           E5520  @ 2.27GHz (2261.01-MHz K8-class CPU)

685.101u 0.022s 11:25.47 99.9%  495+1037k 2+0io 6pf+0w
machdep.cpu.vendor: GenuineIntel
machdep.cpu.brand_string: Intel(R) Core(TM) i7 CPU       M 620  @ 2.67GHz
Darwin Swordfish.local 10.6.0 Darwin Kernel Version 10.6.0: Wed Nov 10 18:13:17 PST 2010; root:xnu-1504.9.26~3/RELEASE_I386 i386

2249.944u 1.799s 37:32.94 99.9%	0+0k 2+9io 0pf+0w