|
OpenVPN is a virtual private network (VPN) package for creating point-to-point encrypted tunnels between host computers. It was written by James Yonan. A virtual private network (VPN) is a private communications network often used by companies or organizations, to communicate confidentially over a public network. ...
James Yonan is an Assyrian and founder of OpenVPN. Category: ...
It allows peers to authenticate to each other using a preshared private key, certificates, or username/password. It makes extensive use of the OpenSSL encryption library, and uses the SSLv3/TLSv1 protocol. It is available on Solaris, Linux, xBSD, Mac OS X, and Windows 2000/XP. It offers a wealth of security and control features. It is not a "web-based" VPN, and is not compatible with IPsec or any other VPN package. The entire package consists of one binary for both client and server connections, an optional configuration file, and one or more key files depending on the authentication method used. OpenSSL is an open source implementation of the SSL and TLS protocols. ...
This article or section does not adequately cite its references or sources. ...
IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. ...
Encryption
OpenVPN uses the OpenSSL library to provide encryption of both the data and control channels. It lets OpenSSL do all the encryption and authentication work, allowing OpenVPN to use all the ciphers available in the OpenSSL package. It can also use the HMAC packet authentication feature to add an additional layer of security to the connection (referred to as an "HMAC Firewall" by the creator). It can also use hardware acceleration to get better encryption performance. OpenSSL is an open source implementation of the SSL and TLS protocols. ...
This article is about algorithms for encryption and decryption. ...
A keyed-hash message authentication code, or HMAC, is a type of message authentication code (MAC) calculated using a cryptographic hash function in combination with a secret key. ...
Authentication OpenVPN has several ways to authenticate peers to one another. OpenVPN offers preshared secret key, certificate-based, and username/password-based authentication. Preshared secret key is the easiest, with certificate based being the most robust and feature-rich. The username/password is a new feature (version 2.0) that can be used with or without a client certificate (the server still needs a certificate). The source tarball includes a sample Perl script to verify the username/password with PAM and a C auth-pam plugin. Authentication (Greek: αυθεντικός = real or genuine, from authentes = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. ...
In computing, the tar (file) format (derived from tape archive) is a type of archive bitstream or file format. ...
Perl is a dynamic programming language created by Larry Wall and first released in 1987. ...
Pluggable authentication modules or PAM are a mechanism to integrate multiple low-level authentication schemes into a high-level API, which allows for programs that rely on authentication to be written independently of the underlying authentication scheme. ...
C is a general-purpose, procedural, imperative computer programming language developed in 1972 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system. ...
Networking OpenVPN multiplexes all communications over a single IP port. It can run over UDP (preferred, and default) or TCP. It has the ability to work through most proxy servers (including HTTP) and is good at working through NAT and getting out through firewalls. The server configuration has the ability to "push" certain network configuration options to the clients. These include IP addresses, routing commands, and a few connection options. OpenVPN offers two types of interfaces for networking via the Universal Tun/Tap driver. It can create either a layer-3 based IP tunnel, or a layer-2 based Ethernet "tap" that can carry any type of Ethernet traffic. OpenVPN can optionally use the LZO compression library to compress the data stream. Port 1194 is the official IANA assigned port number for OpenVPN. Newer versions of the program now default to that port. A feature in the 2.0 version allows for one process to manage several simultaneous tunnels, as opposed to the original "one tunnel per process" restriction on the 1.x series. The User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. ...
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite, often simply referred to as TCP/IP. Using TCP, applications on networked hosts can create connections to one another, over which they can exchange streams of data using Stream Sockets. ...
A proxy server is a computer network service which allows clients to make indirect network connections to other network services. ...
HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ...
Look up Nat, Nat. ...
In computer networking, TUN and TAP are virtual network kernel drivers — they simulate network devices using software. ...
LZO is a data compression algorithm that is focused on decompression speed. ...
For other uses of IANA, see IANA (disambiguation). ...
OpenVPN's use of common network protocols (TCP and UDP) makes it a desirable alternative to IPsec in situations where an ISP may block specific VPN protocols in order to force users to subscribe to a higher-priced, "business grade," service tier. IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. ...
An Internet service provider (abbr. ...
A virtual private network (VPN) is a private communications network often used by companies or organizations, to communicate confidentially over a public network. ...
Security OpenVPN offers several internal security features. It runs in userspace, instead of requiring IP stack (and therefore kernel) operation. OpenVPN has the ability to drop root privileges, use mlockall to prevent swapping sensitive data to disk, and enter a chroot jail after initialization. An operating system usually segregates the available system memory into kernel space and user space. ...
A chroot jail is a sandbox environment on a UNIX system, created using the chroot command. ...
OpenVPN offers support of smartcards via PKCS#11 based cryptographic tokens. A smartcard or smart card is a tiny secure cryptoprocessor embedded within a credit card-sized or smaller (like the GSM SIM) card. ...
There are very few or no other articles that link to this one. ...
Compare to - OpenSSH, which also implements a level-2/3 "tun"-based VPN
- stunnel encrypt any TCP connection (single port service) over SSL
OpenSSH (Open Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. ...
Stunnel is a free multi-platform computer program, used to provide universal TLS/SSL service. ...
See also Image File history File links Key-crypto-sideways. ...
OpenVPN Infrastructure describes any specific implementation of OpenVPN servers and clients to provide a certain type, quality, and quantity of secure network interconnection between them. ...
In Computing UDP Hole Punching refers to a commonly used NAT Traversal Technique. ...
External links |
Feeds |
Contact