What is OpenVPN? How it works?

0 votes
504 views
asked Jan 27, 2015 in Linux by administrator (9,170 points)

I want to learn details about OpenVPN, it is possible to run it mobile platforms such as Windows Mobile, Android and Apple IOS?
related to an answer for: Comparison between OpenVPN and IPsec VPN

1 Answer

0 votes
answered Jan 27, 2015 by wikianswers (8,540 points)

OpenVPN is a client / server VPN for both teams GNU / Linux and Windows.

What is doing this?

To connect to the internet in a secure manner from any network either wired or WiFi, with or without encryption WEP / WPA encryption. All traffic will be encrypted through a tunnel from the AP we connect to our house and from there will go internet is like being in our house. The downside is that you have a good upload speed because that will depend more your speed down (unless you connect the network where descent is less than the upload speed of your connection).

It also serves redirection if no traffic, to access shared resources like our house can be printed from the University, copy us from hard disk files shared house etc.

The VPN is SSL / TLS, and we can find two types, TUN and TAP.

TUN: The controller TUN device emulates a point-to-point, is used to create virtual tunnels operate with the IP protocol. This way you can encapsulate all packets that are transported through it as TCP or UDP datagrams (later you will see that we choose UDP instead of TCP, and wondering why since TCP is connective, reliable and connection-oriented) .Machines enclosed behind each end of the link belong to different subnets.

TAP: Simulate Ethernet network interface, more commonly known as bridge or bridge mode, these virtual tunnels encapsulate Ethernet packets directly . This package allows different frameworks to IP. Machines located behind each of the ends of the link may operate as part of the same subnet (if IP is used). Bridge mode operation is particularly useful to link remote users, as they can connect to a single server and virtually joining the core network.

The manual will use TUN.

This manual will explain how you do it in GNU / Linux , but in essence it is the same for Windows only change the commands in the console (cmd.exe), certificates and keys are the same for both , i.e. you can create ALL in GNU / Linux and then pass it to Windows to use (either client or server), you only need to change the extension of the client / server .conf .ovpn

I'll explain how to perform the most secure setting possible.

- We will use a key RSA to create ca.key of 2048bits without the least affect the performance of the VPN.

- The symmetric key is AES-256-CBC (Cipher Block Chaining) one of the safest (OpenVPN includes all this, we must not "set it" or anything).

- We will include TLS / HMAC signature AUTH one additional for all SSL / TLS negotiations for integrity verification. Any packet UDP does not have the correct HMAC signature is blocked. The firm HMAC-AUTH TLS provides additional security level beyond which provides SSL / TLS, thus we guard against DoS attacks, port scans and we save work to the server (because if it fails to attempt authentication cuts and still not trying).

Protocol UDP instead of TCP because it is stronger against DoS attacks and port scans (UDP is not connective, unreliable, and connectionless).


...