Introducing VPNs and OpenVPN

Sean Reifschneider

tummy.com, ltd.

What is a VPN?

• A network: Packets sent over some medium
• Ethernet/Modem+PPP/Satellite
• Why not use TCP/IP as a transport?
• Usually encrypted
• Isolated IP addresses (you hope)
• Below application support (unlike TLS/SSL)

Why a VPN?

• You're going to DefCon
• Secure all wireless traffic
• Connecting multiple locations into one network
• Load-balancing or diversity over "cheap" connections
• More secure "port knocking"
• Secure insecure protocols

Other Non-options

• PPP over SSH

Other Options

• IPSEC
• In the kernel now
• Will be a part of IPv6
• Fairly complex
• Built in key exchange and authentication
• IP traffic only
• NAT-T required for NAT traversal
• L2TP/PPTP
• MPLS (Trusted network)
• OpenVPN

Why OpenVPN?

• Encryption provided by OpenSSL
• Works between Windows, MacOS, and Linux
• Available in most Linux Distributions
• Usually requires no special kernel configuration
• Well supported and documented
• Written in Boulder

The magic of TUN/TAP

• Device drivers
• Push packets to/from user-space program
• TUN
• Point-to-point
• One IP for each end-point
• Like a modem PPP link
• TAP
• Like an Ethernet device
• Many remote endpoints on one interface
• Can participate in bonding/bridging

Links

• http://www.tummy.com/Community/Presentations/
• http://en.wikipedia.org/wiki/Vpn
• http://openvpn.net/
• http://openvpn.net/static.html (Static key Mini-HOWTO)