Once you have installed OpenVPN, it is time to test it. Make sure the server process is started with service openvpn [re]start. You should see the TUN device with ifconfig. With my config, it shows:
Link: encap:Point-to-Point Protocol Inet addr:192.168.100.1 P-t-P 192.168.100.2.
Now, start up the client OpenVPN service. A file found at D:/Program Files/Openvpn/*.log contains debugging information. With the verb setting, you can elaborate the logging. When you start the client service, the icon in your tray shouts it is connected. Ipconfig /all in a DOSBox shows an IP address on the tap interface, for instance, 192.168.100.10
Ethernet adapter Local Area Connection 8: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V8 Physical Address. . . . . . . . . : 00-FF-CF-10-9F-A6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.100.10 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 192.168.100.5
print route gives you some routes:
192.168.100.1 255.255.255.255 192.168.100.9 4 1 192.168.100.8 255.255.255.252 192.168.100.10 4 1 192.168.100.10 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.100.255 255.255.255.255 192.168.100.10 4
Although this all may look quite odd, it works. You now can ping 192.168.100.1; if that succeeds the tunnel is okay. On the server you can see the pings coming in with tcpdump -nlpi tun0. Also, tail -f /var/log/messages supplies some information.
The routes on the server look something like this (netstat -rn) kernel IP routing table:
Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.100.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 18.104.22.168 0.0.0.0 255.255.255.0 U 0 0 0 eth1 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 22.214.171.124 0.0.0.0 UG 0 0 0 eth1
If all goes well, your connection should be there. If not, check the server routing table and tcpdump the TUN interfaces. You also can use the iptables debug rules.
In this article I have shown a simple setup for a OpenVPN. In real life, the setup will not be much more complex. Although the security implications of any VPN should be well thought-out, setting up OpenVPN turned out to be rather easy. If you do get into trouble, plenty of helping hands can be found on the mailing lists.
OpenVPN is a serious VPN product. It can contend with IPsec in many ways. It certainly is cheap--try buying a Cisco concentrator--easy to install and, in the open-source tradition, tinkerable.
If OpenVPN has a disadvantage, it might be latency. However, no real-life data exists yet to back up that claim.
- Android Browser Security--What You Haven't Been Told
- Epiq Solutions' Sidekiq M.2
- Readers' Choice Awards 2013
- The Many Paths to a Solution
- Nativ Disc
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Synopsys' Coverity
- Securing the Programmer
- RPi-Powered pi-topCEED Makes the Case as a Low-Cost Modular Learning Desktop
- Returning Values from Bash Functions
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide