1 / 13

OpenVPN

OpenVPN: an open source, cross platform client/server, PKI based VPN. http://openvpn.net. OpenVPN. Some Definitions. VPN – Virtual private network, an extension of a private network via an encrypted tunnel over a public network.

bobby
Télécharger la présentation

OpenVPN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenVPN: an open source, cross platform client/server, PKI based VPN. http://openvpn.net OpenVPN

  2. Some Definitions • VPN – Virtual private network, an extension of a private network via an encrypted tunnel over a public network. • SSL/TLS – Secure Socket Layer v3 ~ Transport Layer Security (SSL 3.1 = TLS 1.0) • Public Key Infrastructure (PKI) - “an arrangement which provides for third-party vetting of, and vouching for, user identities. This is usually carried out by software at a central location together with other coordinated software at distributed locations.”

  3. Cryptographic Primitives – confidentiality, integrity, authentication, non-repudiation • Symmetric encryption – provides confidentiality • Message digests – function applied to block of text to produce a fixed length of cipher text, used to verify message integrity • Asymmetric encryption – system for encrypting/decrypting and digitally signing messages. Uses public/private key pairs on either side of the connection, provides authentication and non-repudiation

  4. RFC 1918 Address Allocation for Private Internets February 1996 The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) Private IP addresses

  5. VPN Types • Tunnels: PPTP, L2TP, IPsec • User space: vtun, ssh, OpenVPN • SSL application gateways: “clientless” & proprietary

  6. Why OpenVPN? • Cross platform client and server versions • TLS/SSL openssl library based • Easy installation and configuration • NAT traversal • Interoperates with other vpns, i.e. PPTP, IPSec

  7. OpenVPN PKI • a separate certificate (also known as a public key) and private key for the server and each client • a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.

  8. OpenVPN PKI • OpenVPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established. • Both server and client will authenticate the other by first verifying that the presented certificate was signed by the master certificate authority (CA), and then by testing information in the now-authenticated certificate header, such as the certificate common name or certificate type (client or server).

  9. OpenVPN PKI • The server only needs its own certificate/key • The server will only accept clients whose certificates were signed by the master CA certificate • If a private key is compromised, it can be disabled by adding its certificate to a CRL (certificate revocation list)

  10. References OpenVPN 2.0 Howto http://openvpn.net/howto.html OpenVPN and the SSL VPN Revolution http://www.sans.org/rr/whitepapers/vpns/1459.php

More Related