OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network - Helion
ebook
Autor: Open VPN Solutions, Jan Just KeijserTytuÅ‚ oryginaÅ‚u: OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network.
ISBN: 9781849510110
stron: 356, Format: ebook
Data wydania: 2011-02-17
Księgarnia: Helion
Cena książki: 159,00 zł
Osoby które kupowaÅ‚y "OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network", wybieraÅ‚y także:
- Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
- Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
- DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
- Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
- Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
Spis treści
OpenVPN 2 Cookbook. Everything you need to know to master the intricacies of OpenVPN 2 is contained in this cookbook. Packed with recipes, tips, and tricks, it’s the perfect companion for anybody wanting to build a secure virtual private network eBook -- spis treÅ›ci
- OpenVPN 2 Cookbook
- Table of Contents
- OpenVPN 2 Cookbook
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Support files, eBooks, discount offers and more
- Why Subscribe?
- Free Access for Packt account holders
- Support files, eBooks, discount offers and more
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Errata
- Piracy
- Questions
- 1. Point-to-Point Networks
- Introduction
- Shortest setup possible
- Getting ready
- How to do it...
- How it works...
- Theres more...
- Using the TCP protocol
- Forwarding non-IP traffic over the tunnel
- OpenVPN secret keys
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Multiple secret keys
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Plaintext tunnel
- Getting ready
- How to do it...
- How it works...
- There's more...
- Routing
- Getting ready
- How to do it...
- How it works...
- There's more...
- Routing issues
- Automating the setup
- See also
- Configuration files versus the command-line
- Getting ready
- How to do it...
- How it works...
- There's more...
- OpenVPN 2.1 specifics
- Complete site-to-site setup
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- 3-way routing
- Getting ready
- How to do it...
- How it works...
- There's more...
- Scalability
- Routing protocols
- See also
- 2. Client-server IP-only Networks
- Introduction
- Setting up the public and private keys
- Getting ready
- How to do it...
- How it works...
- There's more...
- Using the easy-rsa scripts on Windows
- Some notes on the different variables
- See also
- Simple configuration
- Getting ready
- How to do it...
- How it works...
- There's more...
- 'net30' addresses
- Server-side routing
- Getting ready
- How to do it...
- How it works...
- There's more...
- Linear addresses
- Using the TCP protocol
- Server certificates and ns-cert-type server
- Masquerading
- Using 'client-config-dir' files
- Getting ready
- How to do it...
- How it works...
- There's more...
- Default configuration file
- Troubleshooting
- OpenVPN 2.0 'net30' compatibility
- Allowed options in a 'client-config-dir' file
- Routing: subnets on both sides
- Getting ready
- How to do it...
- How it works...
- There's more...
- Masquerading
- Client-to-client subnet routing
- See also
- Redirecting the default gateway
- Getting ready
- How to do it...
- How it works...
- There's more...
- Redirect-gateway parameters
- Split tunneling
- See also
- Using an 'ifconfig-pool' block
- Getting ready
- How to do it...
- How it works...
- There's more...
- Configuration files on Windows
- Topology subnet
- Client-to-client access
- Using the TCP protocol
- Using the status file
- Getting ready
- How to do it...
- How it works...
- There's more...
- Status parameters
- Disconnecting clients
- Explicit-exit-notify
- Management interface
- Getting ready
- How to do it...
- How it works...
- There's more...
- Server-side management interface
- See Also
- Proxy-arp
- Getting ready
- How to do it...
- How it works...
- There's more...
- User 'nobody'
- TAP-style networks
- Broadcast traffic might not always work
- See also
- 3. Client-server Ethernet-style Networks
- Introduction
- Simple configurationnon-bridged
- Getting ready
- How to do it...
- How it works...
- There's more...
- Differences between TUN and TAP
- Using the TCP protocol
- Making IP fowarding permanent
- See also
- Enabling client-to-client traffic
- Getting ready
- How to do it...
- How it works...
- There's more...
- Broadcast traffic may affect scalability
- Filtering traffic
- TUN-style networks
- BridgingLinux
- Getting ready
- How to do it...
- How it works...
- There's more...
- Fixed addresses & the default gateway
- Name resolution
- See also
- BridgingWindows
- Getting ready
- How to do it...
- How it works...
- See also
- Checking broadcast and non-IP traffic
- Getting ready
- How to do it...
- How it works...
- External DHCP server
- Getting ready
- How to do it...
- How it works...
- There's more...
- DHCP server configuration
- DHCP relay
- Tweaking the /etc/sysconfig/network-scripts
- Using the status file
- Getting ready
- How to do it...
- How it works...
- There's more...
- Difference with TUN-style networks
- Disconnecting clients
- See also
- Management interface
- Getting ready
- How to do it...
- How it works...
- There's more...
- Client side management interface
- See also
- 4. PKI, Certificates, and OpenSSL
- Introduction
- Certificate generation
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- xCA: a GUI for managing a PKI (Part 1)
- Getting ready
- How to do it...
- How it works...
- There's more...
- xCA : a GUI for managing a PKI (Part 2)
- Getting ready
- How to do it...
- How it works...
- There's more...
- OpenSSL tricks: x509, pkcs12, verify output
- Getting ready
- How to do it...
- How it works...
- Revoking certificates
- Getting ready
- How to do it...
- How it works...
- There's more...
- What is needed to revoke a certificate
- See also
- The use of CRLs
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Checking expired/revoked certificates
- Getting ready
- How to do it...
- How it works...
- There's more...
- Intermediary CAs
- Getting ready
- How to do it...
- How it works...
- There's more...
- Multiple CAs: stacking, using --capath
- Getting ready
- How to do it...
- How it works...
- There's more...
- Stacking CRLs
- Using the --capath directive
- 5. Two-factor Authentication with PKCS#11
- Introduction
- Initializing a hardware token
- Getting ready
- How to do it...
- How it works...
- There's more...
- Public and private objects
- OpenSC versus Aladdin PKI Client driver
- Getting a hardware token ID
- Getting ready
- How to do it...
- How it works...
- There's more...
- What about automatic selection?
- PKCS#11 libraries
- Using a hardware token
- Getting ready
- How to do it...
- How it works...
- There's more...
- What is different?
- Using the OpenSC driver
- Using the management interface to list PKCS#11 certificates
- Getting ready
- How to do it...
- How it works...
- See also
- Selecting a PKCS#11 certificate using the management interface
- Getting ready
- How to do it...
- How it works...
- There's more...
- Generating a key on the hardware token
- Getting ready
- How to do it...
- How it works...
- Private method for getting a PKCS#11 certificate
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Pin caching example
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- 6. Scripting and Plugins
- Introduction
- Using a client-side up/down script
- Getting ready
- How to do it...
- How it works...
- There's more...
- Environment variables
- Calling the 'down' script before the connection terminates
- Advanced: verify the remote hostname
- Windows login greeter
- Getting ready
- How to do it...
- How it works...
- There's more...
- Spaces in filenames
- setenv or setenv-safe
- Security considerations
- Using client-connect/client-disconnect scripts
- Getting ready
- How to do it...
- How it works...
- There's more...
- 'client-disconnect' scripts
- Environment variables
- Absolute paths
- Using a 'learn-address' script
- Getting ready
- How to do it...
- How it works...
- There's more...
- User 'nobody'
- The 'update' action
- Using a 'tls-verify' script
- Getting ready
- How to do it...
- How it works...
- There's more...
- Using an 'auth-user-pass-verify' script
- Getting ready
- How to do it...
- How it works...
- There's more...
- Specifying the username and password in a file on the client
- Passing the password via environment variables
- Script order
- Getting ready
- How to do it...
- How it works...
- There's more...
- Script security and logging
- Getting ready
- How to do it...
- How it works...
- There's more...
- Using the 'down-root' plugin
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Using the PAM authentication plugin
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- 7. Troubleshooting OpenVPN: Configurations
- Introduction
- Cipher mismatches
- Getting ready
- How to do it...
- How it works...
- There's more...
- TUN versus TAP mismatches
- Getting ready
- How to do it...
- How it works...
- Compression mismatches
- Getting ready
- How to do it...
- How it works...
- There's more...
- Key mismatches
- Getting ready
- How to do it...
- How it works...
- See also
- Troubleshooting MTU and tun-mtu issues
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Troubleshooting network connectivity
- Getting ready
- How to do it...
- How it works...
- There's more...
- Troubleshooting 'client-config-dir' issues
- Getting ready
- How to do it...
- How it works...
- There's more...
- More verbose logging
- Other frequent client-config-dir mistakes
- See also
- How to read the OpenVPN log files
- Getting ready
- How to do it...
- How it works...
- There's more...
- 8. Troubleshooting OpenVPN: Routing
- Introduction
- The missing return route
- Getting ready
- How to do it...
- How it works...
- There's more...
- Masquerading
- Adding routes on the LAN hosts
- See also
- Missing return routes when 'iroute' is used
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- All clients function except the OpenVPN endpoints
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Source routing
- Getting ready
- How to do it...
- How it works...
- There's more...
- Routing and permissions on Windows
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Troubleshooting client-to-client traffic routing
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Understanding the 'MULTI: bad source' warnings
- Getting ready
- How to do it...
- How it works...
- There's more...
- Other occurrences of the 'MULTI: bad source' message
- See also
- Failure when redirecting the default gateway
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- 9. Performance Tuning
- Introduction
- Optimizing performance using 'ping'
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Optimizing performance using 'iperf'
- Getting ready
- How to do it...
- How it works...
- There's more...
- Client versus server 'iperf' results
- Network latency
- Gigabit networks
- OpenSSL cipher speed
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Compression tests
- Getting ready
- How to do it...
- How it works...
- There's more...
- Pushing compression options
- Adaptive compression
- Traffic shaping
- Getting ready
- How to do it...
- How it works...
- There's more...
- Tuning UDP-based connections
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- Tuning TCP-based connections
- Getting ready
- How to do it...
- How it works...
- There's more...
- Analyzing performance using tcpdump
- Getting ready
- How to do it...
- How it works...
- See also
- 10. OS Integration
- Introduction
- Linux: using NetworkManager
- Getting ready
- How to do it...
- How it works...
- There's more...
- Setting up routes using NetworkManager
- DNS settings
- Scripting
- Linux: using 'pull-resolv-conf'
- Getting ready
- How to do it...
- How it works...
- There's more...
- MacOS: using Tunnelblick
- Getting ready
- How to do it...
- How it works...
- There's more...
- Name resolution
- Scripting
- Windows Vista/7: elevated privileges
- Getting ready
- How to do it...
- How it works...
- There's more...
- Windows: using the CryptoAPI store
- Getting ready
- How to do it...
- How it works...
- There's more...
- The CA certificate file
- Certificate fingerprint
- Windows: updating the DNS cache
- Getting ready
- How to do it...
- How it works...
- There's more...
- Windows: running OpenVPN as a service
- Getting ready
- How to do it...
- How it works...
- There's more...
- Automatic service startup
- OpenVPN User name
- See also
- Windows: public versus private network adapters
- Getting ready
- How to do it...
- How it works...
- See also
- Windows: routing methods
- Getting ready
- How to do it...
- How it works...
- There's more...
- 11. Advanced Configuration
- Introduction
- Including configuration files in config files
- Getting ready
- How to do it...
- How it works...
- Multiple remotes and remote-random
- Getting ready
- How to do it...
- How it works...
- There's more...
- Mixing TCP and UDP-based setups
- Advantage of using TCP-based connections
- Automatically reverting to the first OpenVPN server
- See also
- Details of ifconfig-pool-persist
- Getting ready
- How to do it...
- How it works...
- There's more...
- Specifying the update interval
- Caveat: the duplicate-cn option
- When 'topology net30' is used
- Connecting using a SOCKS proxy
- Getting ready
- How to do it...
- How it works...
- There's more...
- Performance
- Note #1 on SOCKS proxies via SSH
- Note #2 on SOCKS proxies via SSH
- SOCKS proxies using plain-text authentication
- See also
- Connecting via an HTTP proxy
- Getting ready
- How to do it...
- How it works...
- There's more...
- http-proxy options
- Ducking firewalls
- Performance
- See also
- Connecting via an HTTP proxy with authentication
- Getting ready
- How to do it...
- How it works...
- There's more...
- NTLM proxy authorization
- New features in OpenVPN 2.2
- See also
- Using dyndns
- Getting ready
- How to do it...
- How it works...
- There's more...
- Failover
- NetworkManager and 'ddclient'
- See also
- IP-less setups (ifconfig-noexec)
- Getting ready
- How to do it...
- How it works...
- There's more...
- Point-to-point and TUN-style networks
- Routing and firewalling
- 12. New Features of OpenVPN 2.1 and 2.2
- Introduction
- Inline certificates
- Getting ready
- How to do it...
- How it works...
- Connection blocks
- Getting ready
- How to do it...
- How it works...
- There's more...
- Allowed directives inside connection blocks
- Pitfalls when mixing TCP and UDP-based setups
- See also
- Port sharing with an HTTPS server
- Getting ready
- How to do it...
- How it works...
- There's more...
- Routing features: redirect-private, allow-pull-fqdn
- Getting ready
- How to do it...
- How it works...
- There's more...
- The route-nopull directive
- The 'max-routes' directive
- Handing out the public IPs
- Getting ready
- How to do it...
- How it works...
- There's more...
- See also
- OCSP support
- Getting ready
- How to do it...
- How it works...
- See also
- New for 2.2: the 'x509_user_name' parameter
- Getting ready
- How to do it...
- How it works...
- There's more...
- OpenVPN 2.1 behaviour
- Index