OpenVPN
-
Upload
kaloyan-tsvetkov -
Category
Technology
-
view
1.263 -
download
7
description
Transcript of OpenVPN
- 1. OpenVPN poor mans VPN solution
2. OpenVPN?
- FOSS
3. ... 4. , road-warriors 5. Don't be afraid to be paranoid 6. , Openfest :) 7. OpenVPN:
- SSLVPN
8. Portable - *nix, win, *bsd, macos, solaris 9. 10. ( 1 + 1 ) 11. : :
- Userland ( )
12. 13. DHCP 14. SSL (industry-proven) 15. NAT - 16. auth.
- VPN
17. Userland =>-? 18. Overhead => ip/ethernet => ssl => tcp/udp 19. :
- 4 auth[ ]PSK, PKI, user/pass, PKCS#11(2)
20. PKCS#11 (crypto token) 21. HMAC firewall(1) 22. OpenSSL. 23. Drop-root(3) 24. Networking stuff
- 2 UDP/TCP
25. UDP -- 26. TCP congestion avoidance. 27. LZO ( ) 28. Bridged/Routed VPN-a. 29. Networking stuff(2)
- Bridge VPN TAP ( /, broadcast)
30. Routed VPN TUN( p2p, ) 31. -
- client
32. port 1194 33. proto udp 34. dev tun 35. remotexxx . xxx . xxx . xxx 36. ca "C:rogram FilespenVPNa.crt" 37. cert "C:rogram FilespenVPNlient1.crt" 38. key "C:rogram FilespenVPNlient1.key" 39. ns-cert-type server # , . 40. - port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/test.crt key /etc/openvpn/keys/test.key dh /etc/openvpn/keys/dh1024.pem client-config-dir ccd- per-client server 10.10.10.0 255.255.255.0 client-to-client- status openvpn-status.log keepalive 20 60 41. ?