Book Review: OpenVPN - Building and Integrating Virtual Private Networks
review by: Martin "mpot" Pot
published: 28 February 2007
This review looks at a book titled "OpenVPN - Building and Integrating Virtual Private Networks",
written by Markus Feilner.
The book was published by Packt Publishing in 2006.
Overview
The back cover of this book states that
This is a practical guide to using OpenVPN for building both basic and complex Virtual Private Networks (VPNs). It will save you a lot of time and help you build better VPNs for your specific requirements.
The back cover also specifies the target audience as being
...Network administrators and anyone who is interested in building secure VPNs using OpenVPN. It presumes basic knowledge of Linux, but no knowledge of VPNs is required. All basic VPN and relevant security concepts are covered.
These are fairly broad claims, so let's take a closer look to see if the author can meet the relatively
high expectations that have been set by the blurb on the back cover.
| |
| |
front cover
| |
rear cover
|
Analysis
The content in this 258-page soft-cover book is nice on the eyes, with each the page layout
providing easy-to-read text, interspersed with plenty of sample configurations and screenshots.
Scattered throughout the text are plenty of URLs linking to websites containing more details.
The first few chapters provide background information on the subject matter, with
chapter 1 providing background information on VPNs, how they are used, and typical technologies
and protocols that have been used over the years.
The author then takes a closer look at VPN security, providing information on encryption and authentication.
The third chapter is where an overview of OpenVPN is provided, including the advantages it provides over
other VPN solutions, a history of OpenVPN, and a comparison between OpenVPN and IPSEC.
Installation of OpenVPN software is described for various platforms,
including Windows, Mac OSX, and several linux/unix distributions (SuSE, Fedora, Debian and FreeBSD).
The instructions are detailed, with plenty of detail, including screenshots.
Detailed instructions are also provided for building OpenVPN from source.
Chapter 5 covers configuration of an OpenVPN server - specifically the configuration of the first tunnel.
Again, detailed information is provided for doing this on multiple operating systems, with screenshots
and sample configuration files.
Background information is also provided on using SCP for transferring files between a Windows PC and a
linux PC. While this initially appears to be off-topic, it becomes very relevant when the book describes
how to use SCP to transfer static OpenVPN key files from a Windows PC to a linux PC in order to be
able to establish a VPN tunnel.
In several other areas, the author does not restrict himself only to OpenVPN, but also provides information
on add-on packages, such as the OpenVPN GUI for Windows, Webmin, and others where appropriate.
Similarly, where appropriate, the author provides information on runlevels and init scripts, specifically
in relation to configuring the OpenVPN service on a linux PC.
The next two chapters provide detailed information on using OpenVPN with X509 certificates,
and the "openvpn" command line parameters, and more details about options which can be specified
in the OpenVPN configuration files.
Chapter 8 provides information on securing OpenVPN tunnels and servers, and covers
installation and configuration of Shorewall on a Debian system with Webmin, the SuSEfirewall2, the
Windows XP firewall, as well as more generic information on using iptables on linux.
The iptables information, although very brief, is sufficient, as there is a plethora of information
on iptables on the web already.
The next two chapters provide information on advanced certificate management,
advanced OpenVPN configuration, including more information on firewalling, scripting, authentication,
and bridging.
The eleventh chapter provides very important and useful information on troubleshooting and monitoring
OpenVPN connections, covering information from checking IP configuration details, route tables,
and using ping, to more advanced tools such as tcpdump and IPTraf.
An overview of Nmap, ntop and some other utilities is also provided.
The last chapter provides a complete list of all the URLs that are mentioned throughout the book,
and is a useful compilation of additional resources.
Summary
I believe the author has succeeded in meeting the relatively high expectations set by the
blurb on the rear cover of the book.
This book is definitely a very practical reference guide for anyone who is interested in using
OpenVPN. It provides lots of examples and screenshots, and covers basic concepts, as well as
advanced topics, thus catering for readers with minimal or no linux or VPN experience,
as well as readers well versed in those areas.
While one of the key features of this book is the multitude of URLs mentioned throughout the text,
this could also be seen as a bad point, as some of these URLs could become useless if and when
web content is moved or removed.
However, I believe this is a minor point, and shouldn't detract from the fact that
this book provides excellent coverage of the subject material.
This book is available in hard copy, but is also available as an eBook.
References
About the author:
Markus Feilner is a Linux author, trainer, and consultant from Regensburg, Germany,
and has been working with open-source software since the mid 1990s.
His first contact with UNIX was a SUN cluster and SPARC workstations at Regensburg University
(during his studies of geography).
Since the year 2000, he has published several documents used in Linux training all over Germany.
In 2001, he founded his own Linux consulting and training company, Feilner IT.
Furthermore, he is an author, currently working as a trainer, consultant, and systems engineer at
Millenux, Munich, where he focuses on groupware, collaboration, and virtualization with Linux-based
systems and networks.
He is interested in anything about geography, travelling, photography, philosophy
(especially that of open-source software), global politics, and literature, but always has too little
time for these hobbies.
About the reviewer:
Martin Pot is an applications consultant from Western Australia, and has been using
linux and other opensource software for many years.
Contributing to the opensource Smoothwall firewall project,
Martin has also written guides for using various linux applications,
and has been using OpenVPN to secure multiple VPNs on linux servers, and also uses OpenVPN
on embedded devices such as the Linksys WRT54G,
to secure point-to-point wireless links.
Addendum
(added: 20 September 2007)
Packt Publishing have created an on-line wiki,
intended to be a useful collection of information on installing software.
The wiki has initially been populated using content from books published by Packt
(including an OpenVPN page),
and the nature of wikis means anyone can add additional information.
A press-release from Packt is available here.
last updated 20 Sep 2007
|
