OpenVPN

OpenVPN is a opensourse Software to establish virtual private network(VPN) via encrypted TLS connections. It provides a secure and encrypted user data communication between different hosts and networks.

The focus on OpenVPN is on

  • High compatibility and support for many Operation systems (Linux, OS X, Windows, iOS, and Android)
  • High stability
  • Easy Scalability
  • Flexible VPN client extenions
  • Easy installation

How to setup OpenVPN

The following step by step instruction will guide you through a OpenVPN configuration. So basically OpenVPN does have two different modes:

Bridge mode (TAP):

Advantages

  • behaves like a real network adapter (except it is a virtual network adapter)
  • can transport any network protocols (IPv4, IPv6, Netalk, IPX, etc, etc)
  • Works in layer 2, meaning Ethernet frames are passed over the VPN tunnel
  • Can be used in bridges

Disadvantages

  • causes much more broadcast overhead on the VPN tunnel
  • adds the overhead of Ethernet headers on all packets transported over the VPN tunnel
  • scales poorly

Routing Mode (TUN)

Advantages

  • A lower traffic overhead, transports only traffic which is destined for the VPN client
  • Transports only layer 3 IP packets

Disadvantages

  • Broadcast traffic is not normally transported
  • Can only transport IPv4 (OpenVPN 2.3 adds IPv6)
  • Cannot be used in bridges

Network setup

For this configuration we will use the most common mode, the routing mode.

Server

GeneralParameter
Operation modeServer
Server port1194
TypeTUN
ProtocolUDP
CipherAES-256-CBC
AuthenticationParameter
certificate-based
HMAC digestSHA256
Manage keys and certifictaes (below)
OptionsParameter
use compressionenable
use keepaliveenable

After you done with the server configuation apply the setting and we will continue with the client configuation.

Client

GeneralParameter
Operation modeClient
Server port1194
TypeTUN
ProtocolUDP
CipherAES-256-CBC
AuthenticationParameter
certificate-based
HMAC digestSHA256
Manage keys and certifictaes (below)
OptionsParameter
use compressionenable
use keepaliveenable

minimal configuration

Generate a static key:

  openvpn --genkey --secret static.key

Copy the static key to both client and server, over a pre-existing secure channel. Server configuration file

  dev tun
  ifconfig 10.8.0.1 10.8.0.2
  secret static.key

Client configuration file

  remote myremote.mydomain
  dev tun
  ifconfig 10.8.0.2 10.8.0.1
  secret static.key

See openvpn.pdf