OpenVPN Cookbook - Second Edition : Discover over 90 Practical and Exciting Recipes That Leverage the Power of OpenVPN 2. 4 to Help You Obtain a Reliable and Secure VPN.

Cover -- Credits -- About the Author -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: Point-to-Point Networks -- Introduction -- The shortest setup possible -- Getting ready -- How to do it… -- How it works… -- There's more… -- Using the TCP protocol -- Forwarding non-IP traffic over the tunnel -- OpenVPN secret keys -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Multiple secret keys -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Plaintext tunnel -- Getting ready -- How to do it… -- How it works… -- There's more… -- Routing -- Getting ready -- How to do it… -- How it works… -- There's more… -- Routing issues -- Automating the setup -- See also -- Configuration files versus the command line -- Getting ready -- How to do it… -- How it works… -- There's more… -- Exceptions to the rule -- Complete site-to-site setup -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Three-way routing -- Getting ready -- How to do it… -- How it works… -- There's more… -- Scalability -- Routing protocols -- See also -- Using IPv6 -- Getting ready -- How to do it… -- How it works… -- There's more… -- Log file errors -- IPv6-only tunnel -- See also -- Chapter 2: Client-server IP-only Networks -- Introduction -- Setting up the public and private keys -- Getting ready -- How to do it… -- How it works… -- There's more… -- Using the easy-rsa scripts on Windows -- Some notes on the different variables -- See also -- A simple configuration -- Getting ready -- How to do it… -- How it works… -- There's more… -- Server-side routing -- Getting ready -- How to do it… -- How it works… -- There's more… -- Linear addresses -- Using the TCP protocol -- Server certificates and ns-cert-type server -- Masquerading.

Adding IPv6 support -- Getting ready -- How to do it… -- How it works… -- There's more… -- IPv6 endpoints -- IPv6-only setup -- Using client-config-dir files -- Getting ready -- How to do it… -- How it works… -- There's more… -- The default configuration file -- Troubleshooting -- Options allowed in a client-config-dir file -- Routing - subnets on both sides -- Getting ready -- How to do it… -- How it works… -- There's more… -- Masquerading -- Client-to-client subnet routing -- No route statements in a CCD file -- See also -- Redirecting the default gateway -- Getting ready -- How to do it… -- How it works… -- There's more… -- Redirect-gateway parameters -- The redirect-private option -- Split tunneling -- See also -- Redirecting the IPv6 default gateway -- Getting ready -- How to do it… -- How it works… -- There's more… -- Using an ifconfig-pool block -- Getting ready -- How to do it… -- How it works… -- There's more.. -- Configuration files on Windows -- Client-to-client access -- Using the TCP protocol -- Using the status file -- Getting ready -- How to do it… -- How it works… -- There's more… -- Status parameters -- Disconnecting clients -- Explicit-exit-notify -- The management interface -- Getting ready -- How to do it… -- How it works… -- There's more… -- See Also -- Proxy ARP -- Getting ready -- How to do it… -- How it works… -- There's more… -- TAP-style networks -- User nobody -- Broadcast traffic might not always work -- See also -- Chapter 3: Client-server Ethernet-style Networks -- Introduction -- Simple configuration - non-bridged -- Getting ready -- How to do it… -- How it works… -- There's more… -- Differences between TUN and TAP -- Using the TCP protocol -- Making IP forwarding permanent -- See also -- Enabling client-to-client traffic -- Getting ready -- How to do it… -- How it works… -- There's more….

Broadcast traffic may affect scalability -- Filtering traffic -- TUN-style networks -- Bridging - Linux -- Getting ready -- How to do it… -- How it works… -- There's more… -- Fixed addresses and the default gateway -- Name resolution -- See also -- Bridging- Windows -- Getting ready -- How to do it… -- How it works… -- See also -- Checking broadcast and non-IP traffic -- Getting ready -- How to do it… -- How it works… -- An external DHCP server -- Getting ready -- How to do it… -- How it works… -- There's more… -- DHCP server configuration -- DHCP relay -- Tweaking /etc/sysconfig/network-scripts -- Using the status file -- Getting ready -- How to do it… -- How it works… -- There's more… -- Difference with TUN-style networks -- Disconnecting clients -- See also -- The management interface -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Integrating IPv6 into TAP-style networks -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Chapter 4: PKI, Certificates, and OpenSSL -- Introduction -- Certificate generation -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- OpenSSL tricks - x509, pkcs12, verify output -- Getting ready -- How to do it… -- How it works… -- Revoking certificates -- Getting ready -- How to do it… -- How it works… -- There's more… -- What is needed to revoke a certificate -- See also -- The use of CRLs -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Checking expired/revoked certificates -- Getting ready -- How to do it… -- How it works… -- There's more… -- Intermediary CAs -- Getting ready -- How to do it… -- How it works… -- There's more… -- Multiple CAs - stacking, using the capath directive -- Getting ready -- How to do it… -- How it works… -- There's more… -- Using the -capath directive.

Determining the crypto library to be used -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Crypto features of OpenSSL and PolarSSL -- Getting ready -- How to do it… -- How it works… -- There's more… -- AEAD Ciphers -- Encryption speed -- Pushing ciphers -- Getting ready -- How to do it… -- How it works… -- There's more… -- Future enhancements -- Elliptic curve support -- Getting ready -- How to do it… -- How it works… -- There's more… -- Elliptic curve support -- Chapter 5: Scripting and Plugins -- Introduction -- Using a client-side up/down script -- Getting ready -- How to do it… -- How it works… -- There's more… -- Environment variables -- Calling the down script before the connection terminates -- Advanced - verify the remote hostname -- Using a client-connect script -- Getting ready -- How to do it… -- How it works… -- There's more… -- Pitfall in using ifconfig-push -- The client-disconnect scripts -- Environment variables -- Absolute paths -- Using a learn-address script -- Getting ready -- How to do it… -- How it works… -- There's more… -- User nobody -- The update action -- Using a tls-verify script -- Getting ready -- How to do it… -- How it works… -- There's more… -- Using an auth-user-pass-verify script -- Getting ready -- How to do it… -- How it works… -- There's more… -- Specifying the username and password in a file on the client -- Passing the password via environment variables -- Script order -- Getting ready -- How to do it… -- How it works… -- There's more… -- Script security and logging -- Getting ready -- How to do it… -- How it works… -- There's more… -- Scripting and IPv6 -- Getting ready -- How to do it… -- How it works… -- There's more… -- Using the down-root plugin -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Using the PAM authentication plugin.

Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Chapter 6: Troubleshooting OpenVPN - Configurations -- Introduction -- Cipher mismatches -- Getting ready -- How to do it… -- How it works… -- There's more… -- Pushable ciphers -- TUN versus TAP mismatches -- Getting ready -- How to do it… -- How it works… -- Compression mismatches -- Getting ready -- How to do it… -- How it works… -- Key mismatches -- Getting ready -- How to do it… -- How it works… -- See also -- Troubleshooting MTU and tun-mtu issues -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Troubleshooting network connectivity -- Getting ready -- How to do it… -- How it works… -- There's more… -- Troubleshooting client-config-dir issues -- Getting ready -- How to do it… -- How it works… -- There's more… -- More verbose logging -- Other frequent client-config-dir mistakes -- See also -- Troubleshooting multiple remote issues -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Troubleshooting bridging issues -- Getting ready -- How to do it… -- How it works… -- See also -- How to read the OpenVPN log files -- Getting ready -- How to do it… -- How it works… -- There's more… -- Chapter 7: Troubleshooting OpenVPN - Routing -- Introduction -- The missing return route -- Getting ready -- How to do it… -- How it works… -- There's more… -- Masquerading -- Adding routes on the LAN hosts -- See also -- Missing return routes when iroute is used -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- All clients function except the OpenVPN endpoints -- Getting ready -- How to do it… -- How it works… -- There's more… -- See also -- Source routing -- Getting ready -- How to do it… -- How it works… -- There's more… -- Routing and permissions on Windows -- Getting ready -- How to do it….

How it works….

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.