OpenVPN Setup
by Jascha on December 1, 2006
I found the setup and configuration of OpenVPN to be very easy and straight forward. Much easier than setting up IPSec for sure. It was as easy as doing a yum install openvpn then editing the configuration file to fit my needs. One thing I also installed was the OpenVPN Webmin module. The way I use Webmin is to set it up to use SSL after installing it. Then I run it once I log in via SSH to a server. That way it is not running continuously, nor do I keep it on the default port of 10000.
Once the server is configured it is quite easy using the Webmin module to create a CA (Certificate Authority) and generate certs. Another function the module does well is generate a zip file with the needed keys and a client config file for the user you create. This makes is easy to maintain a large list of VPN users. Some clients I use in our environment:
- Windows: OpenVPN GUI
- Mac OS X: Tunnelblick
- Linux: Kovpn
I have found from testing that even with the use of 2048bit keys performance is very good. By forcing users connected to use our internal DNS servers people can access our intranet sites easily from anywhere.
4 comments
I’m very happy to see that you appreciated our work…
Thank’s
Diaolin
by Diaolin on 01/27/2007 at 7:57 am. #
Any chance you want to do a write up on creating the keys and some explanation of how it works? I’ve been toying with OpenVPN for a while but haven’t dug really deep into it yet.
by dan on 11/15/2007 at 4:39 am. #
I’ve installed and the wpm module of openvpn to work with webmin. This was the easy part. Creating the ca, crt and pem keys was easy. However, I’ve ran into one problem after another after trying to configure the vpn for either tun or tap. I couldn’t get tap to configure at all. However, inspite of the problems I’m having, I like the webmin interface, as it certainly saves a lot of typing. Also, through it, I can visually see what’s required of setting up a vpn.
by leotec on 11/19/2008 at 1:18 am. #
Just curious, did you look at VcubeV? It might align nicely with your EC2 efforts.
Jeff
by Jeff Schneider on 12/15/2008 at 3:56 pm. #