VPN Virtual private network (Wikipedia) A virtual private network ( VPN ) is a secure way of connecting to a private Local Area Network at a remote location, using the Internet or any insecure public network to transport the network data packets privately, using encryption. Local Area Network Internet encryption
OpenVPN is a free and open source software application implements virtual private network (VPN) techniques creates secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities uses SSL/TLS security for encryption capable of traversing network address translators (NATs) and firewalls written by James Yonan and is published under the GNU General Public License (GPL).
Installation Compile, +ipv6 patch gzip -d openvpn-2.1.1-ipv6-0.4.11.patch.gz mv openvpn-2.1.1-ipv6-0.4.11.patch openvpn- 2.1.1 cd openvpn-2.1.1 patch -p1 < openvpn-2.1.1-ipv6-0.4.11.patch./configure make sudo make install
Configuration We use client – server mode only since 2.0 “allowing multiple clients to connect to a single OpenVPN server process over a single TCP or UDP port.” Others client – client mode site – site mode
Configuration use easy-rsa tool $openvpn/easy-rsa/2.0 if apt-get, /usr/share/doc/openvpn/example if compile, your source path Modify vars source vars ./clean-all# Clean keys ./build-ca# Build a root certificate ./build-key-server# Make a certificate/private key pair using a locally generated root certificate. ./build-key# ditto ./build-dh# Build Diffie-Hellman parameters for the server side of an SSL/TLS connection.
Configuration - Server use template $openvpn/sample-config-files/server.conf Detail.. proto upd proto udp6 to use ipv6 uncomment push "dhcp-option DNS a.b.c.d", modify uncomment push "redirect-gateway def1 bypass-dhcp" uncomment push "route 192.168.10.0 255.255.255.0", add other routes ca ca.crt # root certificate cert server.crt # certificate key server.key # private key key dh1024.pem # Diffie-Hellman parameters
Configuration - Client use template $openvpn/sample-config-files/client.conf Detail.. proto upd proto udp6 to use ipv6 remote a.b.c.d 9999, server address & port ca ca.crt cert client.crt key client.key generated by build-ca, build-key
Other platforms OpenVPN GUI for Windows .ovpn ≈.conf GUI OpenVPN Mac
Launch! Server Launch openvpn sudo openvpn --config server.conf Set routing rules sudo iptables -A POSTROUTING -t nat -o eth0 -s 10.8.0.1/24 -d 0/0 -j MASQUERADE Client Launch openvpn sudo openvpn --config client.conf Windows GUI: click Routing rule set if "push"ed in server.conf
Point-to-Point Tunneling Protocol is a method for implementing virtual private networks(VPN) uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. Specification: RFC 2637
Implementations MS Windows support since 95, WM since 2003 Server: Routing And Remote Access Service Linux: “lacked full PPTP support” packet: pptp-linux, pptpd SuSE Linux 10 was the first Linux distribution to provide a complete working PPTP client Mac OS X & iOS have PPTP client Palm PDA has PPTP client Android has PPTP client, since 1.6
Client Windows create new VPN choose PPTP input user, password save connect Mac OS X: same Android: same Linux: apt-get install pptp-linux pptpsetup --create xx --server x.x.x.x --username user --password password –start sudo route add default dev ppp0
Save routing rule So don’t need to do it on each reboot sudo iptables-save > /etc/iptables-rules modify /etc/network/interfaces find eth0 (or wlan0) pre-up iptables-restore < /etc/iptables-rules
Compare ... In a nutshell: OpenVPN is much safer, sometimes the only choice PPTP is easy to configure, widely supported