OpenVPN

OpenVPN
OpenVPN
Ovpntech logo-s REVISED.png
Original author(s) James Yonan
Developer(s) OpenVPN project / OpenVPN Technologies, Inc.
Initial release 1.1.0 / April 10, 2002; 9 years ago (2002-04-10) [1]
Stable release

2.2.1  (July 6, 2011; 4 months ago (2011-07-06))

855 [+/−]
Preview release 2.x (Git HEAD)  (Every Sunday 05:00 GMT -5 Main Mirror) [+/−]
Platform Cross-platform
Type VPN
License GNU GPL
Website http://openvpn.net/index.php/open-source.html

OpenVPN is a free and open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol[2] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).[3]

OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features.

Contents

Architecture

Encryption

OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels. It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package. It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an "HMAC Firewall" by the creator). It can also use hardware acceleration to get better encryption performance.[4][5] Support for PolarSSL is planned in version 2.3

Authentication

OpenVPN has several ways to authenticate peers to each another. OpenVPN offers pre-shared secret key, certificate-based, and username/password-based authentication. Preshared secret key is the easiest, with certificate based being the most robust and feature-rich. In version 2.0 username/password authentications can be enabled, both with or without certificates. However to make use of username/password authentications, OpenVPN depends on third-party modules. See the Extensibility paragraph for more info.

Networking

OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) transports, multiplexing created IPsec ESP tunnels on a single TCP/UDP port[citation needed] (RFC 3948 for UDP).[6] It has the ability to work through most proxy servers (including HTTP) and is good at working through Network address translation (NAT) and getting out through firewalls. The server configuration has the ability to "push" certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options. OpenVPN offers two types of interfaces for networking via the Universal TUN/TAP driver. It can create either a layer-3 based IP tunnel (TUN), or a layer-2 based Ethernet TAP that can carry any type of Ethernet traffic. OpenVPN can optionally use the LZO compression library to compress the data stream. Port 1194 is the official IANA assigned port number for OpenVPN. Newer versions of the program now default to that port. A feature in the 2.0 version allows for one process to manage several simultaneous tunnels, as opposed to the original "one tunnel per process" restriction on the 1.x series.

OpenVPN's use of common network protocols (TCP and UDP) makes it a desirable alternative to IPsec in situations where an ISP may block specific VPN protocols in order to force users to subscribe to a higher-priced, "business grade," service tier.

Security

OpenVPN offers several internal security features. It runs in userspace, instead of requiring IP stack (and therefore kernel) operation. OpenVPN has the ability to drop root privileges, use mlockall to prevent swapping sensitive data to disk, enter a chroot jail after initialization and apply a SELinux context after initialization.

OpenVPN runs a custom security protocol based on SSL and TLS[2]. OpenVPN offers support of smart cards via PKCS#11 based cryptographic tokens.

Extensibility

OpenVPN can be extended with third-party plug-ins or scripts which can be called at defined entry points.[7][8] The purpose of this is often to extend OpenVPN with more advanced logging, enhanced authentication with username and passwords, dynamic firewall updates, RADIUS integration and so on. The plug-ins are dynamically loadable modules, usually written in C, while the scripts interface can execute any scripts or binaries available to OpenVPN. In the OpenVPN source code [9] there are some examples of such plug-ins, including a PAM authentication plug-in.

Platforms

It is available on Solaris, Linux, OpenBSD, FreeBSD, NetBSD, QNX, Mac OS X, and Windows 2000/XP/Vista/7. While most mobile phone OSes (iOS, Palm OS, etc) do not support OpenVPN, it is available for Maemo,[10] Windows Mobile 6.5 and below,[11] and Android devices which have had the Cyanogenmod aftermarket firmware flashed[12] or have the correct kernel module installed.[13] It is not a "web-based" VPN, meaning that it is not shown as a web page such as Citrix or TS Web access - the program is installed independently and configured by editing text files manually, rather than through a GUI-based wizard. OpenVPN is not compatible with IPsec or any other VPN package. The entire package consists of one binary for both client and server connections, an optional configuration file, and one or more key files depending on the authentication method used.

Firmware implementations

OpenVPN has been integrated into routing firmware packages such as Vyatta, pfSense, DD-WRT,[14][15] OpenWrt[16] and Tomato (firmware),[17][18] allowing users to run OpenVPN in client or server mode from their network routers. A router running OpenVPN in client mode, for example, facilitates users within that network to access their VPN without having to install OpenVPN on each computer on that network.

Third-party client software

Client Operating System Cost Developer Latest release Link Notes
OpenVPN Client Cross-platform Free OpenVPN Technologies, Inc. 1.7.2 / April 11, 2011; 7 months ago (2011-04-11) openvpn.net, Commercial version download Commercial version, Requires .NET Framework 3.5 SP1 for Desktop Client. Installs TAP-Win32 Adapter OAS.
OpenVPN Portable Microsoft Windows Free Lukas Landis 1.6.6 / February 9, 2010; 20 months ago (2010-02-09) sourceforge.net/projects/ovpnp Installs TAP-Win32 Adapter V9 at startup and uninstalls adapter after shutdown.
OpenVPN Manager Microsoft Windows Free Jochen Wierum 0.0.3.1 / March 31, 2009; 2 years ago (2009-03-31) openvpn.jowisoftware.de/, sourceforge.net/projects/openvpnmngr
SecurepointSSLVPN Microsoft Windows Free Securepoint GmbH RC3 / November 22, 2010; 11 months ago (2010-11-22) sourceforge.net/projects/securepoint Uses TAP-Win32 Adapter V9.
OpenVPN MI GUI Microsoft Windows Free Boris Wesslowski 20110902 / September 2, 2011; 2 months ago (2011-09-02) openvpn-mi-gui.inside-security.de Alternative to the shipped Windows GUI that overcomes some of its problems
Viscosity Mac OS X & Microsoft Windows Paid SparkLabs 1.3.4 / August 2, 2011; 3 months ago (2011-08-02) thesparklabs.com/viscosity Available for both Mac OS X & Windows
Tunnelblick Mac OS X Free Tunnelblick 3.1.7 / April 3, 2011; 7 months ago (2011-04-03) code.google.com/p/tunnelblick Can act as client or server. Beta versions with advanced features also available.
Shimo Mac OS X Paid ChungwaSoft 2.2.3 / June 3, 2010; 17 months ago (2010-06-03) shimoapp.com
OpenVPN DD-WRT Free NewMedia-NET GmbH v24 SP1 (Build10020) / July 27, 2008; 3 years ago (2008-07-27) dd-wrt.com
TomatoVPN Tomato (firmware) Free Keith Moyer 1.27vpn3.6 / January 27, 2010; 21 months ago (2010-01-27) tomatovpn.keithmoyer.com
TunnelDroid Android Free TunnelDroid December 12, 2009; 22 months ago (2009-12-12) sourceforge.net/projects/tunneldroid, Market Download Merged with OpenVPN Settings.
OpenVPN Settings Android Free android-openvpn-settings 0.4.7 / October 11, 2010; 13 months ago (2010-10-11) code.google.com/p/android-openvpn-settings
LiliVPN Cross-platform Free Rens Sparrius 0.4 Alpha June 11, 2010; 17 months ago (2010-06-11) lilivpn.com
OAST Cross-platform Free Chlen Nigera, Karthik Upadhyayula 2.4.2.0 / July 18, 2009; 2 years ago (2009-07-18) sourceforge.net/projects/oast/ Requires: Java, portable version is bundled with Java.
Guizmovpn iPhone/iPad/iOS Paid Guizmo 1.1.0 / May 30, 2011; 5 months ago (2011-05-30) GuizmOVPN.com Only on JailBroken IOS devices on the cydia store due to interference with DNS and routing.[19]

There's a more thorough list of projects related to OpenVPN in the OpenVPN wiki.

Community

A circa 2005 version of the OpenVPN community logo.

There are many support options for OpenVPN. The primary method for community support is through the OpenVPN mailing lists. Other sources of support, not directly affiliated with OpenVPN include:

Support Source Description
OpenVPN Documentation 2.0 Manual 2.1 Manual 2.2 Manual
IRC #openvpn on irc.freenode.net
Forum Official OpenVPN forums
Community Official OpenVPN wiki/bug tracker
OpenVPN e.V. community
Secure Computing Networks OpenVPN Wiki

See also

References

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • OpenVPN — Entwickler OpenVPN Technologies, Inc. Aktuelle Version 2.2.1 (6. Juli 2011) Betriebssystem Windows …   Deutsch Wikipedia

  • Openvpn — Entwickler: OpenVPN Solutions LLC Aktuelle Version: 2.0.9 (1. Oktober 2006) Aktuelle Vorabversion: 2.1 rc15 (19. November 2008) Betriebssystem: Windows 2000/XP/Vista und diverse …   Deutsch Wikipedia

  • OpenVPN — es una solución de conectividad basada en software: SSL (Secure Sockets Layer) VPN Virtual Private Network (red virtual privada), OpenVPN ofrece conectividad punto a punto con validación jerárquica de usuarios y host conectados remotamente,… …   Wikipedia Español

  • OpenVPN — Développeur James Yonan Dernière version 2.2.1 (6 juillet 2011) [ …   Wikipédia en Français

  • OpenVPN — es una solución de conectividad basada en software: SSL (Secure Sockets Layer) VPN Virtal Private Netword (red virtual privada), OpenVPN ofrece conectividad punto a punto con validación, jerárquica de usuarios y host conectados remotamente,… …   Enciclopedia Universal

  • OpenVPN — Для улучшения этой статьи желательно?: Проставив сноски, внести более точные указания на источники. Переработать оформление в соответствии с правилами написания статей …   Википедия

  • OpenVPN ALS — is a web based SSL VPN server written in Java. It has a browser based AJAX UI which allows easy access to intranet services. OpenVPN ALS is a direct descendant of Adito, which was a fork of SSL Explorer.[1] References ^ OpenVPN ALS Project… …   Wikipedia

  • Tunnelblick (Software) — OpenVPN Entwickler: OpenVPN Solutions LLC Aktuelle Version: 2.0.9 (1. Oktober 2006) Aktuelle Vorabversion: 2.1 rc15 (19. November 2008) Betriebssystem: Windows 2000/XP/Vista und diverse …   Deutsch Wikipedia

  • Virtual Private Network — VPN (англ. Virtual Private Network виртуальная частная сеть) логическая сеть, создаваемая поверх другой сети, например Интернет. Несмотря на то, что коммуникации осуществляются по публичным сетям с использованием небезопасных протоколов, за счёт… …   Википедия

  • Виртуальная частная сеть — VPN (англ. Virtual Private Network виртуальная частная сеть) логическая сеть, создаваемая поверх другой сети, например Интернет. Несмотря на то, что коммуникации осуществляются по публичным сетям с использованием небезопасных протоколов, за счёт… …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”