sans.org/reading_room/whitepapers/vpns/openvpn-ssl-vpn-revolution.pdf
openvpn.net/papers/BLUG-talk/index.html
OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol[2] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).[3]
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features.
1 Architecture
1.1 Encryption
1.2 Authentication
1.3 Networking
OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created SSL tunnels on a single TCP/UDP port[6] (RFC 3948 for UDP).[7] It has the ability to work through most proxy servers (including HTTP) and is good at working through Network address translation (NAT) and getting out through firewalls. The server configuration has the ability to "push" certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options. OpenVPN offers two types of interfaces for networking via the Universal TUN/TAP driver. It can create either a layer-3 based IP tunnel (TUN), or a layer-2 based Ethernet TAP that can carry any type of Ethernet traffic. OpenVPN can optionally use the LZO compression library to compress the data stream. Port 1194 is the official IANA assigned port number for OpenVPN. Newer versions of the program now default to that port. A feature in the 2.0 version allows for one process to manage several simultaneous tunnels, as opposed to the original "one tunnel per process" restriction on the 1.x series.
OpenVPN's use of common network protocols (TCP and UDP) makes it a desirable alternative to IPsec in situations where an ISP may block specific VPN protocols in order to force users to subscribe to a higher-priced, "business grade," service tier.
1.4 Security
1.5 Extensibility
2 Platforms
2.1 Notable client software
2.2 Firmware implementations
OpenVPN has been integrated into routing firmware packages such as Vyatta, pfSense, DD-WRT,[18][19] OpenWrt[20] and Tomato (firmware),[21][22] allowing users to run OpenVPN in client or server mode from their network routers. A router running OpenVPN in client mode, for example, facilitates users within that network to access their VPN without having to install OpenVPN on each computer on that network.
1.1 Encryption
1.2 Authentication
1.3 Networking
OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created SSL tunnels on a single TCP/UDP port[6] (RFC 3948 for UDP).[7] It has the ability to work through most proxy servers (including HTTP) and is good at working through Network address translation (NAT) and getting out through firewalls. The server configuration has the ability to "push" certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options. OpenVPN offers two types of interfaces for networking via the Universal TUN/TAP driver. It can create either a layer-3 based IP tunnel (TUN), or a layer-2 based Ethernet TAP that can carry any type of Ethernet traffic. OpenVPN can optionally use the LZO compression library to compress the data stream. Port 1194 is the official IANA assigned port number for OpenVPN. Newer versions of the program now default to that port. A feature in the 2.0 version allows for one process to manage several simultaneous tunnels, as opposed to the original "one tunnel per process" restriction on the 1.x series.
OpenVPN's use of common network protocols (TCP and UDP) makes it a desirable alternative to IPsec in situations where an ISP may block specific VPN protocols in order to force users to subscribe to a higher-priced, "business grade," service tier.
1.4 Security
1.5 Extensibility
2 Platforms
2.1 Notable client software
2.2 Firmware implementations
OpenVPN has been integrated into routing firmware packages such as Vyatta, pfSense, DD-WRT,[18][19] OpenWrt[20] and Tomato (firmware),[21][22] allowing users to run OpenVPN in client or server mode from their network routers. A router running OpenVPN in client mode, for example, facilitates users within that network to access their VPN without having to install OpenVPN on each computer on that network.
-
Firmware Package Cost Developer Latest release Link OpenWRT Free Community driven
development10.03.1 "backfire"
December 21, 2011OpenWRT.org
DD-WRT Free NewMedia-NET
GmbHv24 SP1
(Build10020)
July 27, 2008dd-wrt.com
IPFire Free Community driven
development2.11 ipfire.org
PfSense Free BSD Perimeter LLC 2.0.1
December 20, 2011pfsense.org
Tomato (firmware) Free Keith Moyer 1.27vpn3.6
January 31, 2010tomatovpn.keithmoyer.com
4 See also
5 References
6 External links
OpenVPN (Windows/Mac/Linux, Free)
OpenVPN is an open source VPN server that's easy to set up for use with open source VPN clients. You can easily export configuration files from OpenVPN to import into a variety of open source and commercial clients. OpenVPN is also integrated into several router firmware packages including popular DD-WRT, OpenWRT, and Tomato. The OpenVPN system isn't compatible with popular commercial VPN providers, but it provides an open source and free alternative for setting up VPNs to expensive and closed commercial models.
overview of the OpenVPN Community Open Source Software Project. It describes what OpenVPN is andwhat it can do. | ||||||||||
Community Software Overview -UnderstandingOpenVPN.... | ||||||||||
What is OpenVPN? - With OpenVPN you can...... | ||||||||||
Why OpenVPN? - Strengths of OpenVPN are..... | ||||||||||
Why OpenVPN uses TLS? - Underlining Protocol used is.... | ||||||||||
Why SSL VPN? - VPN types are.... | ||||||||||
OpenVPN Compatibility . | ||||||||||
Building OpenVPN . | ||||||||||
OpenVPN Project - Developing, contributing and getting support... | ||||||||||
OpenVPN logos and icons - For websites, applications and menus... | ||||||||||
For more detailed information explore our Documentation and FAQ OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets. OpenVPN combines security with ease-of-use OpenVPN's lightweight design sheds many of the complexities that characterize other VPN implementations. The OpenVPN security model is based on SSL, the industry standard for secure communications via the internet. OpenVPN implements OSI layer 2 or 3 secure network extension using the SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser. OpenVPN Community Editition and Access Server Edition OpenVPN Technologies, Inc. is committed to both OpenVPN community edition and access server edition and is working on a full range of services and products to meet your specific needs. The community version of the software is developed openly and transparently in community-driven fashion. Understanding OpenVPN For a good conceptual introduction to OpenVPN, see the program notes for James Yonan's talk at Linux Fest Northwest 2004 --Understanding the User-Space VPN: History, Conceptual Foundations, and Practical Usage. You may also wish to read OpenVPN and the SSL VPN Revolution by Charlie Hosner OpenVPN runs on: OpenVPN runs on Linux, Windows 2000/XP/Vista/7 and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris.
Instructions for verifying the signatures are available here. Clients http://sourceforge.net/projects/securepoint/ Recommended Projects Icon OpenVPN GUI Icon OpenVPN Manager Icon OpenVPN UI With limitations: http://www.tunxten.com/ http://www.sparklabs.com/viscosity/ |
No comments:
Post a Comment