PapaScott I like big blogs and I cannot lie! 🐘

VPN Part 2

So, as I was saying, I was looking for a simple and workable VPN solution. OpenVPN seems to fill the bill. Here are the points that impressed me the most.

  • It runs on any Unix-like system or even Windows. The server is not tied to a particular operating system or Linux distribution. I was able to switch back and forth between FreeBSD and SuSE Linux servers with ease.

  • The connection can run on a single UDP port. It can been tunneled through a firewall with ease, and several clients can run behind a single firewall.

  • Software installation on the client is extremely simple. The configuration is a text file, but one only has to edit a couple of lines.

  • Authentication and encryption is done with standard OpenSSL certificates. If you can set up certificates for a web sever, you can set up certificates for OpenVPN. They even include a simple structure for setting up your own certificate authority (or you can use TinyCA or the native OpenSSL scripts).

  • The networking is set up on the server side, and the routing information is pushed to the client. DHCP options like DNS and default domains can also be pushed to the client. Even for a site-to-site VPN, the configuration is all on the server side.

The howto was extremely helpful for setting up the server, and answered all the questions that I had.

I've been running an OpenVPN client (using the Tunnelblick, a primitive GUI) for nearly a week now, and I'm already convinced. I don't want to go back to using SSH-tunnels. For OS X, you'll probably want a script to adjust your DNS when connected, and you probably don't want to downgrade privileges to nobody. Linux worked well on the command line. I wasn't as impressed with the Windows client, but I don't use Windows much at all, so maybe I was missing something.

It's not as simple as PPTP for clients, of course, since PPTP is built into Windows and OS X. But for users with more than basic needs, it's worth switching to OpenVPN.

comments powered by Disqus