OpenVPN - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

OpenVPN

Description:

VPN Virtual private network, an extension of a private network via an ... SSL application gateways: 'clientless' & proprietary. Why OpenVPN? ... – PowerPoint PPT presentation

Number of Views:1106
Avg rating:3.0/5.0
Slides: 14
Provided by: OAR8
Category:

less

Transcript and Presenter's Notes

Title: OpenVPN


1
OpenVPN
  • OpenVPN an open source, cross platform
    client/server, PKI based VPN.
  • http//openvpn.net

2
Some Definitions
  • VPN Virtual private network, an extension of a
    private network via an encrypted tunnel over a
    public network.
  • SSL/TLS Secure Socket Layer v3 Transport
    Layer Security (SSL 3.1 TLS 1.0)
  • Public Key Infrastructure (PKI) - an arrangement
    which provides for third-party vetting of, and
    vouching for, user identities. This is usually
    carried out by software at a central location
    together with other coordinated software at
    distributed locations.

3
Cryptographic Primitives confidentiality,
integrity, authentication, non-repudiation
  • Symmetric encryption provides confidentiality
  • Message digests function applied to block of
    text to produce a fixed length of cipher text,
    used to verify message integrity
  • Asymmetric encryption system for
    encrypting/decrypting and digitally signing
    messages. Uses public/private key pairs on either
    side of the connection, provides authentication
    and non-repudiation

4
(No Transcript)
5
Private IP addresses
  • RFC 1918 Address Allocation for Private
    Internets February 1996
  • The Internet Assigned Numbers Authority (IANA)
    has reserved the
  • following three blocks of the IP address space
    for private internets
  • 10.0.0.0 - 10.255.255.255 (10/8
    prefix)
  • 172.16.0.0 - 172.31.255.255
    (172.16/12 prefix)
  • 192.168.0.0 - 192.168.255.255
    (192.168/16 prefix)

6
VPN Types
  • Tunnels PPTP, L2TP, IPsec
  • User space vtun, ssh, OpenVPN
  • SSL application gateways clientless
    proprietary

7
Why OpenVPN?
  • Cross platform client and server versions
  • TLS/SSL openssl library based
  • Easy installation and configuration
  • NAT traversal
  • Interoperates with other vpns, i.e. PPTP, IPSec

8
(No Transcript)
9
OpenVPN PKI
  • a separate certificate (also known as a public
    key) and private key for the server and each
    client
  • a master Certificate Authority (CA) certificate
    and key which is used to sign each of the server
    and client certificates.

10
OpenVPN PKI
  • OpenVPN supports bidirectional authentication
    based on certificates, meaning that the client
    must authenticate the server certificate and the
    server must authenticate the client certificate
    before mutual trust is established.
  • Both server and client will authenticate the
    other by first verifying that the presented
    certificate was signed by the master certificate
    authority (CA), and then by testing information
    in the now-authenticated certificate header, such
    as the certificate common name or certificate
    type (client or server).

11
OpenVPN PKI
  • The server only needs its own certificate/key
  • The server will only accept clients whose
    certificates were signed by the master CA
    certificate
  • If a private key is compromised, it can be
    disabled by adding its certificate to a CRL
    (certificate revocation list)

12
(No Transcript)
13
References
OpenVPN 2.0 Howto http//openvpn.net/howto.html
OpenVPN and the SSL VPN Revolution
http//www.sans.org/rr/whitepapers/vpns/1459.php
Write a Comment
User Comments (0)
About PowerShow.com