Welcome back for another episode of the ABC's of NSM.  What's NSM you say?  We'll go with Network and System Management, but you could throw Security in there as well.  We'll work our way through the alphabet over the next several weeks looking at tools and concepts along the way for all the administrators out abc_2_4   there.   By the way, you can thank Joe for the format & Don for the title (I  couldn't for the life of me come up with one.)   

I just realized looking back at the last entry for Nagios that it's been two weeks!  Where does the time go?  Sorry for slip-sliding away for a while.  Anyway, today's letter O is for OpenVPN.  OpenVPN is an SSL-based open-source VPN package.  What makes it special is it is extremely light-weight (though does require a client install) and supports on-net access (layer two or layer three) for remote-users, site-to-site networks, and is even in use in wireless firmware packages like DD-WRT to secure the airwaves.  It also features load balancing and HA capabilities.  OpenVPN won one of Infoworld's Bossie awards in 2007, so whereas the package isn't obscure, it's definitely worth a look.

The configuration is fairly simple, but there are several GUI-based packages to assist the masses.  I'll skip the key/cert process as every organization approaches this differently.  The configuration below represents a very simple (and least secure) VPN between a client and server:

On the Server:

  • openvpn --genkey --secret my.key
  • vi server.conf
    • dev tun
    • ifconfig 10.10.10.1 10.10.10.2
    • secret my.key
  • openvpn server.conf

On the Client:

  • copy key material from server
  • vi client.conf
    • remote
    • dev tun
    • ifconfig 10.10.10.2 10.10.10.1
    • secret my.key
  • openvpn client.conf

 

Like I said, this is extremely bare bones.  By default, the tunnel will establish on udp port 1194.  The port and protocol (udp/tcp) are configurable, however.

 

Follow me on Twitter Follow me on LinkedIn Follow me on Facebook