Mastering OpenVPN

 
 
Packt Publishing Limited
  • 1. Auflage
  • |
  • erschienen am 28. August 2015
  • |
  • 364 Seiten
 
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
E-Book | PDF mit Adobe DRM | Systemvoraussetzungen
978-1-78355-314-3 (ISBN)
 
Master building and integrating secure private networks using OpenVPNAbout This BookDiscover how to configure and set up a secure OpenVPNEnhance user experience by using multiple authentication methodsDelve into better reporting, monitoring, logging, and control with OpenVPNWho This Book Is ForIf you are familiar with TCP/IP networking and general system administration, then this book is ideal for you. Some knowledge and understanding of core elements and applications related to Virtual Private Networking is assumed.What You Will LearnIdentify different VPN protocols (IPSec, PPTP, OpenVPN)Build your own PKI and manage certificatesDeploy your VPN on various devices like PCs, mobile phones, tablets, and moreDifferentiate between the routed and bridged networkEnhance your VPN with monitoring and loggingAuthenticate against third-party databases like LDAP or the Unix password fileTroubleshoot an OpenVPN setup that is not performing correctlyIn DetailSecurity on the internet is increasingly vital to both businesses and individuals. Encrypting network traffic using Virtual Private Networks is one method to enhance security. The internet, corporate, and "free internet" networks grow more hostile every day. OpenVPN, the most widely used open source VPN package, allows you to create a secure network across these systems, keeping your private data secure. The main advantage of using OpenVPN is its portability, which allows it to be embedded into several systems.This book is an advanced guide that will help you build secure Virtual Private Networks using OpenVPN. You will begin your journey with an exploration of OpenVPN, while discussing its modes of operation, its clients, its secret keys, and their format types. You will explore PKI: its setting up and working, PAM authentication, and MTU troubleshooting. Next, client-server mode is discussed, the most commonly used deployment model, and you will learn about the two modes of operation using "tun" and "tap" devices.The book then progresses to more advanced concepts, such as deployment scenarios in tun devices which will include integration with back-end authentication, and securing your OpenVPN server using iptables, scripting, plugins, and using OpenVPN on mobile devices and networks.Finally, you will discover the strengths and weaknesses of the current OpenVPN implementation, understand the future directions of OpenVPN, and delve into the troubleshooting techniques for OpenVPN.By the end of the book, you will be able to build secure private networks across the internet and hostile networks with confidence.Style and approachAn easy-to-follow yet comprehensive guide to building secure Virtual Private Networks using OpenVPN. A progressively complex VPN design is developed with the help of examples. More advanced topics are covered in each chapter, with subjects grouped according to their complexity, as well as their utility.
  • Englisch
  • Birmingham
  • |
  • Großbritannien
978-1-78355-314-3 (9781783553143)
1783553146 (1783553146)
weitere Ausgaben werden ermittelt
Eric F Crist is an IT professional with experience in hardware and software systems integration. With a few others, he has had a key role in building the OpenVPN community to what it is today. He works in research and development as a principal computer system specialist for St. Jude Medical. His role involves system engineering, configuration management, and cyber security analysis for products related to the Cardiovascular Ablation Technology division.
You can find him online at the Freenode and EFNet IRC networks as ecrist. He calls the Twin Cities, Minnesota, his home and lives with his wife, DeeDee, his son, Lance, and his daughter, Taylor. Jan Just Keijser is an open source professional from Utrecht, the Netherlands. He has a wide range of experience in IT, ranging from providing user support, system administration, and systems programming to network programming. He has worked for various IT companies since 1989. He has been working mainly on Unix/Linux platforms since 1995. He was an active USENET contributor in the early 1990s.
Currently, he is employed as a senior scientific programmer in Amsterdam, the Netherlands, at Nikhef, the institute for subatomic physics from the Dutch Foundation for Fundamental Research on Matter (FOM). He is working on multi-core and many-core computing systems, grid computing, as well as smartcard applications. His open source interests include all types of virtual private networking, including IPSec, PPTP, and of course, OpenVPN. In 2004, he discovered OpenVPN and has been using it ever since.
His first book was OpenVPN 2 Cookbook, Packt Publishing.
  • Cover
  • Copyright
  • Credits
  • About the Authors
  • About the Reviewers
  • www.PacktPub.com
  • Table of Contents
  • Preface
  • Chapter 1: Introduction to OpenVPN
  • What is a VPN?
  • Types of VPNs
  • PPTP
  • IPSec
  • SSL-based VPNs
  • OpenVPN
  • Comparison of VPNs
  • Advantages and disadvantages of PPTP
  • Advantages and disadvantages of IPSec
  • Advantages and disadvantages of SSL-based VPNs
  • Advantages and disadvantages of OpenVPN
  • History of OpenVPN
  • OpenVPN packages
  • The open source (community) version
  • The closed source (commercial) Access Server
  • The mobile platform (mixed) OpenVPN/OpenVPN Connect
  • Other platforms
  • OpenVPN internals
  • The tun/tap driver
  • The UDP and TCP modes
  • The encryption protocol
  • The control and data channels
  • Ciphers and hashing algorithms
  • OpenSSL versus PolarSSL
  • Summary
  • Chapter 2: Point-to-point Mode
  • Pros and cons of the key mode
  • The first example
  • TCP protocol and different ports
  • The TAP mode
  • The topology subnet
  • The cleartext tunnel
  • OpenVPN secret keys
  • Using multiple keys
  • Using different encryption and authentication algorithms
  • Routing
  • Configuration files versus the command line
  • The complete setup
  • Advanced IP-less setup
  • Three-way routing
  • Route, net_gateway, vpn_gateway, and metrics
  • Bridged tap adapter on both ends
  • Removing the bridges
  • Combining point-to-point mode with certificates
  • Summary
  • Chapter 3: PKIs and Certificates
  • An overview of PKI
  • PKI using Easy-RSA
  • Building the CA
  • Certificate revocation list
  • Server certificates
  • Client certificates
  • PKI using ssl-admin
  • OpenVPN server certificates
  • OpenVPN client certificates
  • Other features
  • Multiple CAs and CRLs
  • Extra security - hardware tokens, smart cards, and PKCS#11
  • Background information
  • Supported platforms
  • Initializing a hardware token
  • Generating a certificate/private key pair
  • Generating a private key on a token
  • Generating a certificate request
  • Writing an X.509 certificate to the token
  • Getting a hardware token ID
  • Using a hardware token with OpenVPN
  • Summary
  • Chapter 4: Client/Server Mode with tun Devices
  • Understanding the client/server mode
  • Setting up the Public Key Infrastructure
  • Initial setup of the client/server mode
  • Detailed explanation of the configuration files
  • Topology subnet versus topology net30
  • Adding extra security
  • Using tls-auth keys
  • Generating a tls-auth key
  • Checking certificate key usage attributes
  • Basic production-level configuration files
  • TCP-based configuration
  • Configuration files for Windows
  • Routing and server-side routing
  • Special parameters for the route option
  • Masquerading
  • Redirecting the default gateway
  • Client-specific configuration: CCD files
  • How to determine if a CCD file is properly processed
  • CCD-files and topology net30
  • Client-side routing
  • In-depth explanation of the client-config-dir configuration
  • Client-to-client traffic
  • The OpenVPN status file
  • Reliable connection tracking for UDP mode
  • The OpenVPN management interface
  • Session key renegotiation
  • A note on PKCS#11 devices
  • Using IPv6
  • Protected IPv6 traffic
  • Using IPv6 as transit
  • Advanced configuration options
  • Proxy ARP
  • How does Proxy ARP work?
  • Assigning public IP addresses to clients
  • Summary
  • Chapter 5: Advanced Deployment Scenarios in tun Mode
  • Enabling file sharing over VPN
  • Using NetBIOS names
  • Using nbtstat to troubleshoot connection problems
  • Using LDAP as a backend authentication mechanism
  • Troubleshooting the LDAP backend authentication
  • Filtering OpenVPN
  • FreeBSD example
  • A Windows example
  • Policy-based routing
  • Windows network locations - public versus private
  • Background
  • Changing the TAP-Win adapter location using the redirect-gateway
  • Using the Group Policy editor to force an adapter to be private
  • Changing the TAP-Win adapter location using extra gateways
  • Redirecting all traffic in combination with extra gateways
  • Using OpenVPN with HTTP or SOCKS proxies
  • HTTP proxies
  • SOCKS proxies
  • Summary
  • Chapter 6: Client/Server Mode with tap Devices
  • The basic setup
  • Enabling client-to-client traffic
  • Filtering traffic between clients
  • Disadvantage of the proxy_arp_pvlan method
  • Filtering traffic using the pf filter of OpenVPN
  • Using the tap device (bridging)
  • Bridging on Linux
  • Tearing down the bridge
  • Bridging on Windows
  • Using an external DHCP server
  • Checking broadcast and non-IP traffic
  • Address Resolution Protocol traffic
  • NetBIOS traffic
  • Comparing tun mode to tap mode
  • Layer 2 versus layer 3
  • Routing differences and iroute
  • Client-to-client filtering
  • Broadcast traffic and "chattiness" of the network
  • Bridging
  • Summary
  • Chapter 7: Scripting and Plugins
  • Scripting
  • Server-side scripts
  • --setenv and --setenv-safe
  • --script-security
  • --up-restart
  • --up
  • --route-up
  • --tls-verify
  • --auth-user-pass-verify
  • --client-connect
  • --learn-address
  • --client-disconnect
  • --route-pre-down
  • --down
  • Client-side scripts
  • --setenv and --setenv-safe
  • --script-security
  • --up-restart
  • --tls-verify
  • --ipchange
  • --up
  • --route-up
  • --route-pre-down
  • --down
  • Examples of server scripts
  • Client-connect scripts
  • Examples of client scripts
  • The server-side script log
  • Environment variables set in the server-side scripts
  • The client-side script log
  • Environment variables set in the client-side scripts
  • Plugins
  • Down-root
  • The auth-pam plugin
  • Summary
  • Chapter 8: Using OpenVPN on Mobile Devices and Home Routers
  • Using the OpenVPN for Android app
  • Creating an OpenVPN app profile
  • Using the PKCS#12 file
  • Using the OpenVPN Connect app for Android
  • Using the OpenVPN Connect app for iOS
  • Integrating smartphones into an existing VPN setup
  • Using a home router as a VPN client
  • Using a home router as a VPN server
  • Summary
  • Chapter 9: Troubleshooting and Tuning
  • How to read the log files
  • Detecting a non-working setup
  • Fixing common configuration mistakes
  • Wrong CA certificate in the client configuration
  • How to fix
  • Client certificate not recognized by the server
  • How to fix
  • Client certificate and private key mismatch
  • How to fix
  • The auth and tls-auth key mismatch
  • How to fix
  • MTU size mismatch
  • How to fix
  • Cipher mismatch
  • How to fix
  • Compression mismatch
  • How to fix
  • The fragment mismatch
  • How to fix
  • The tun versus tap mismatch
  • How to fix
  • The client-config-dir issues
  • How to fix
  • No access to the tun device in Linux
  • How to fix
  • Missing elevated privileges in Windows
  • How to fix
  • Troubleshooting routing issues
  • Drawing a detailed picture
  • Start in the middle and work your way outward
  • Find a time to temporarily disable firewall
  • If all else fails, use tcpdump
  • How to optimize performance by using ping and iperf
  • Using ping
  • Using iperf
  • Gigabit networking
  • Analyzing OpenVPN traffic by using tcpdump
  • Summary
  • Chapter 10: Future Directions
  • Current strengths
  • Current weaknesses
  • Scaling at gigabit speeds and above
  • Where we are going
  • Improved compression support
  • Per-client compression
  • New cryptographic routines
  • Mixed certificate/username authentication
  • IPv6 support
  • Windows privilege separation
  • Summary
  • Index

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Dateiformat: PDF
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

40,53 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
PDF mit Adobe DRM
siehe Systemvoraussetzungen
Hinweis: Die Auswahl des von Ihnen gewünschten Dateiformats und des Kopierschutzes erfolgt erst im System des E-Book Anbieters
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung dieser Web-Seiten erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok