OpenVPN Cookbook Second Edition Discover over 90 practical and exciting recipes that leverage the power of OpenVPN 2.4 to help you obtain a reliable and secure VPN Jan Just Keijser BIRMINGHAM - MUMBAI OpenVPN Cookbook Second Edition Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: February 2011 Second edition: February 2017 Production reference: 1100217 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78646-312-8 www.packtpub.com Credits Author Copy Editor Jan Just Keijser Pranjali Chury Reviewer Project Coordinator Ralf Hildebrandt Izzat Contractor Commissioning Editor Proofreader Pratik Shah Safis Editing Acquisition Editor Indexer Rahul Nair Tejal Soni Content Development Editor Production Coordinator Zeeyan Pinheiro Melwyn D'sa Technical Editor Vivek Pala About the Author Jan Just Keijser is an open source professional from Utrecht, the Netherlands. He has a wide range of experience in IT, ranging from providing user support, system administration, and systems programming to network programming. He has worked for various IT companies since 1989. He was an active USENET contributor in the early 1990s and has been working mainly on Unix/Linux platforms since 1995. Currently, he is employed as a senior scientific programmer in Amsterdam, the Netherlands, at Nikhef, the institute for subatomic physics from the Dutch Foundation for Fundamental Research on Matter (FOM). He works on multi-core and many-core computing systems and grid computing as well as smartcard applications. His open source interests include all types of virtual private networking, including IPSec, PPTP, and, of course, OpenVPN. In 2004, he discovered OpenVPN and has been using it ever since. His first book was OpenVPN 2 Cookbook by Packt Publishing in 2011, followed by Mastering OpenVPN, also by Packt Publishing, in 2015. About the Reviewer Ralf Hildebrandt is an active and well-known figure in the Postfix community. He’s currently employed at Charite, Europe’s largest university hospital. OpenVPN has successfully been used at Charite for over 10 years now on a multitude of client operating systems. Together with Patrick Koetter, he has written the Book of Postfix. www.PacktPub.com For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. https://www.packtpub.com/mapt Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career. Why subscribe? Fully searchable across every book published by Packt Copy and paste, print, and bookmark content On demand and accessible via a web browser Customer Feedback Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://goo.gl/A3V0ND. If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products! Table of Contents Preface 1 Chapter 1: Point-to-Point Networks 7 Introduction 7 The shortest setup possible 8 Getting ready 8 How to do it… 8 How it works… 10 There's more… 10 Using the TCP protocol 10 Forwarding non-IP traffic over the tunnel 11 OpenVPN secret keys 11 Getting ready 11 How to do it… 11 How it works… 12 There's more… 12 See also 13 Multiple secret keys 13 Getting ready 14 How to do it… 14 How it works… 15 There's more… 16 See also 16 Plaintext tunnel 16 Getting ready 16 How to do it… 16 How it works… 17 There's more… 17 Routing 18 Getting ready 18 How to do it… 19 How it works… 21 There's more… 21 Routing issues 21 Automating the setup 22 See also 22 Configuration files versus the command line 22 Getting ready 22 How to do it… 23 How it works… 23 There's more… 24 Exceptions to the rule 24 Complete site-to-site setup 25 Getting ready 25 How to do it… 25 How it works… 27 There's more… 28 See also 28 Three-way routing 28 Getting ready 28 How to do it… 29 How it works… 32 There's more… 32 Scalability 32 Routing protocols 33 See also 33 Using IPv6 33 Getting ready 33 How to do it… 34 How it works… 36 There's more… 37 Log file errors 37 IPv6-only tunnel 37 See also 38 Chapter 2: Client-server IP-only Networks 39 Introduction 39 Setting up the public and private keys 40 Getting ready 40 How to do it… 41 How it works… 45 There's more… 45 Using the easy-rsa scripts on Windows 45 Some notes on the different variables 45 See also 46 A simple configuration 46 Getting ready 46 [ ii ]