Sun 1 Oct 2006
If you followed part one of this series, VPNs and You: 1 - Providing secure remote access with OpenVPN, then you should have a ready-to-use OpenVPN server, so all we need now is the client. Fortunately for us the client configuration is even easier than the server configuration, so before you know it you’ll have a fully functioning VPN setup…
Mon 12 Jun 2006
So I wanted a nifty “Now Playing” box on the side of my blog, but I wanted to do it securely.
I found a WinAmp plug-in called Do-Something which looked promising, at the start of any new song it would do any (or any chain) of several actions. Most notable to me was submit a URL. The idea was simple enough, submit a url with the artist and song name (these it gets from the file tag), and a shared password, to a CGI script on the web server. The CGI would then update some file used in a SSI by the page, and poof, “Now Playing” would be up and running. Unfortunately, this simple method is not very secure…
Thu 25 May 2006
First things first, why not IPSEC you ask? Long story short, most IPSEC implementations suck. However, directly contrary to that statement, I will be using OpenBSD in this article, and OpenBSD has a truly excellent IPSEC implementation. So, why not use IPSEC? Because *most* IPSEC implementations suck! If both ends of our VPN were OpenBSD, or professional-level homogenius hardware solutions, then IPSEC could be ideal. Secure, high-speed, reliable, you name it - when IPSEC is done right it can be extremely powerful.
However, for remote access for employees, we need to assume the worst case, the worst case being Windows. Windows XP has an IPSEC implementation, I mean, in theory. In reality it is so craptacular that almost everyone uses either the SafeNet client or the Cisco client, both are quite good, both are not free. To be more specific, Cisco’s client is technically free, but only in combination with purchase of their hardware, which is significantly less free.
Enter OpenVPN, a free, open source, SSL based VPN solution for nearly any OS you can think, and of particular import to this discussion - a very good Windows client and a very good OpenBSD server. If you have any history with VPNs, then SSL may set off alarm bells for you as there are a number of crappy web-based SSL VPN solutions around. Don’t be worried, OpenVPN is NOT web based.
Here’s the basics:
Note: I love OpenBSD. I prefer to use it for any internet facing server unless there is a compelling reason not to, hence ability to play well with OpenBSD was a requirement for me.
Installation is a breeze, /usr/ports/net/openvpn/make install and you’re done.
Initial configuration is covered thoroughly in the very clear Official HOW-TO, but here’s the basics:
