OpenVPN: Building and Integrating Virtual Private Networks

Posted by Steve on Mon 11 Dec 2006 at 05:45

I was recently offered the opportunity to review a copy of "OpenVPN - Building and integrating Virtual Private Networks" by Markus Feilner. This book covers everything from installing OpenVPN, configuring it, and using it in mixed environments. Read on for a review of this excellent book.

The Target Audience

The book describes itself as being written for Network Administrators and others who are interested in building secure VPNs with OpenVPN. It assumes basic knowledge of Linux, but none of OpenVPN itself.

Given the discussion within the book of different operating systems, such as GNU/Linux (SuSE Linux, Fedora, & Debian), FreeBSD, and Microsoft Windows there is little need to be tied to a particular environment.

I'd say that the book is well-targeted and suitable for beginners to VPN setups, since it covers all the basics from installation to configuration in a manner which is easy to understand and easy to follow.

About The Book

The book is a relatively slim volume coming in at just over 250 pages, but don't let the size fool you, there is an awful lot of information packed into the pages, and the level of detail is pitched just right for the target audience.

Because the book, like the software itself, isn't tied to any particular operating system you might find yourself skipping sections which discuss operation system-specific operation, but there isn't much space wasted even if you're only using a single platform such as Debian GNU/Linux.

The simple contents list is shown below. A complete table of contents is also available online.

  • VPN - Virtual Private Network
  • VPN Security
  • OpenVPN
  • Installing OpenVPN
  • Configuring an OpenVPN Server - The First Tunnel
  • Setting Up OpenVPN with X509 Certificates
  • The Command OpenVPN and its Configuration File
  • Securing OpenVPN Tunnels and Servers
  • Advanced Certificate Management
  • Advanced OpenVPN Configuration
  • Troubleshooting and Monitoring
    • Index
    • Appendix A: Internet Resources
The Book

There are a lot of good things that could be said about this book, but I think the most obvious is that it really does live up to its promise. A newcomer to OpenVPN who read this book really would understand how it works, how it can be used, and how to use it in a secure fashion in production use.

Ultimately the reason people would buy and read a book like this is to get a good understanding of using the software, and this book certainly delivers.

There is a lot of useful information contained within the book, some of it new to me, and all of it given in a clear readable style.

The initial chapters provide a good working example of what a VPN is and why a company might use one to connect multiple offices together over the insecure internet.

From this theoretical introduction of VPN operation we move onto a discussion of security and then a brief introduction to OpenVPN itself.

Once these introductions are out of the way we're introduced to installing and actually using the software. The installation covers multiple operating systems, including Debian GNU/Linux, Mac OS X, FreeBSD, and Microsoft Windows.

After the installation of OpenVPN is complete we move on to our first example; creating a VPN tunnel between two Microsoft Windows systems, and then adding a Linux computer into the mix. This example really underlines the cross-platform nature of OpenVPN, and the coverage this gets in the book. Whilst some people will only ever use one platform in many environments interoperability is key so seeing this addressed from the start is a nice touch.

Once our first tunnel has been setup, and tested, we move on to coverage of X509 certificates. These certificates are introduced and explored both upon a Microsoft Windows system, and a Debian system.

Once we've been introduced to a working system the book moves on to discuss security and explores the use of Shorewall and iptables for creating a secure system. The discussion of Shorewall is basic but useful - I'm sure a whole book could be written about Shorewall alone! However despite the brief nature of the introduction this is useful and relevant demonstrating how a firewall can and should be combined with a VPN solution.

After firewalling and security have been reinforced the coverage of certificate management is expanded, and explained in greater detail.

The last two chapters cover troubleshooting and advanced OpenVPN usage, demonstrating securing distcc with OpenVPN, scripting and other useful things such as "pushing" default routes, and other per-client configuration settings from a single-server.

Once discussion has finished there is an appendix giving links to online resources, these are briefly described and serve as a good source of further reading.

The Bad

I have only one minor complaint about this book and that is that some of the screen shots are a little blurry.

The presentation of the book as a whole is high-quality and pleasing to the eye. There are a lot of clear, readable, and useful diagrams included in the text at appropriate points, especially in the introduction to VPN operation.

However there are a several sections which contain screen shots of terminal, or command-prompt, windows which are a little blurrier than I'd like. This is only a minor point and one I'd easily overlook considering the otherwise great content.

Summary

If you're looking at creating VPN infrastructure, complete with keys and certificates etc, with OpenVPN then I'd highly recommend this book.

Whilst there is a lot of useful documentation available upon the OpenVPN website there is a lot to be said for having all that information compiled in a useful book.

Details
TitleOpenVPN: Building and Integrating Virtual Private Networks
AuthorsMarkus Feilner
PublisherPackt Publishing
ISBN1-904811-85-X
Cover Price
  • £36.99
  • $59.99
  • €54.99

(An "e-book" version is available in PDF format from the publisher too, price £19.99.)

Availability

 

 


Posted by spiney (85.125.xx.xx) on Mon 11 Dec 2006 at 07:31
[ Send Message ]
One question, Steve:
what exactly is described in the "advanced certificate management" chapter? I think I know OpenVPN pretty well, but if that chapter does a lot more than explaining the easy-rsa scripts that come with OpenVPN, I might still buy it.

Kind regards
Wolfgang Karall
--
Debian GNU/Linux on an IBM Thinkpad T43p

[ Parent | Reply to this comment ]

Posted by Steve (62.30.xx.xx) on Tue 12 Dec 2006 at 09:13
[ Send Message | View Steve's Scratchpad | View Weblogs ]

The easy-rsa scripts are described fairly well in earlier sections, in chapter 9 the author covers using the xca tool under Windows and the tinyCA2 under Linux.

So there is more detail on the tools, and a walk-through of basic CA operations, generating and revoking keys.

Steve

[ Parent | Reply to this comment ]

Posted by Anonymous (139.140.xx.xx) on Mon 11 Dec 2006 at 09:39
How does the information in the book differ from the online documentation and HOWTOs at the OpenVPN website?

[ Parent | Reply to this comment ]

Posted by chaica (222.64.xx.xx) on Mon 11 Dec 2006 at 10:05
[ Send Message ]
Could you copy the whole book in your news above plz? I don't come on debian-administration.org to read commercials. You could at least have suggested another possible choice. And thanks I know amazon and etc exist.

[ Parent | Reply to this comment ]

Posted by Steve (80.68.xx.xx) on Mon 11 Dec 2006 at 12:41
[ Send Message | View Steve's Scratchpad | View Weblogs ]

Book reviews on topics of interest will always be welcome here. If you regard them as adverts then you're welcome to not read them.

Writing good documentation is hard, as you'll know if you're ever tried. So suggesting that people infringe copyright is very much out of order, especially on this site.

Free software is obviously a good thing, and obviously something that Debian developers and users feel strongly about, but that doesn't mean that printed books which cost money are inherantly bad.

Steve

[ Parent | Reply to this comment ]

Posted by chaica (222.64.xx.xx) on Tue 12 Dec 2006 at 04:22
[ Send Message ]
I didn't say a book which costs money is "bad", please read me again because you obviously fantasize this one.

I read a lot of technical books and I don't need a single opinion on one book, turned as an obvious advertisment, to make an opinion. Maybe you have commercial interests in amazon.com and the original publisher, I don't know, but I really dislike to see this "push-to-buy" behavior at the end of a review.

And about the copyright, you are the only one here to think about copying/pasting the whole book here is something else than a joke highlighting the lack of interest of this "review advertisment".

[ Parent | Reply to this comment ]

Posted by Steve (62.30.xx.xx) on Tue 12 Dec 2006 at 09:16
[ Send Message | View Steve's Scratchpad | View Weblogs ]

Suggesting that we paste the contents here implies that paying for it would be bad! Still if that was a joke I guess I missed it.

I'm a little confused why linking to a couple of retailors would be bad? All links are non-referer based, I'm just figure that at the end of any review you need to know where to buy the item in question if you're interested. I use Amazon.co.uk since I'm UK based but I figure the publisher should get a mention and I added in the Amazon.com link for the benefit of the great number of American readers.

Fair enough books are easy to find online, and even in physical stores but a review without the pricing information would feel incomplete.

Steve

[ Parent | Reply to this comment ]

Posted by Anonymous (128.187.xx.xx) on Tue 12 Dec 2006 at 18:53
'A Good Thing™'
Steve - please continue your current course of posting book reviews along with relevant links. I appreciate it and read this website for that reason (among others).

[ Parent | Reply to this comment ]

Posted by Anonymous (59.176.xx.xx) on Sun 17 Dec 2006 at 06:27
Often free-as-in-freedom is mixed up with the freedom of free-as-in-freedom-to-make-money-from-something-which-is-free-as- in-freedom.

A lot of debian people and GNU/Linux people generally come up against these two somewhat philosophical issues.

So I think I'll submit an article on this. I suspect it will open up a debate, which is good -- it is better to shine a light on such matters so everyone can reason more clearly where they stand, and why.

PJ

[ Parent | Reply to this comment ]

Posted by Steve (62.30.xx.xx) on Sun 17 Dec 2006 at 10:02
[ Send Message | View Steve's Scratchpad | View Weblogs ]

I'd be interested in seeing something like that - have a look at the comments in other book review-tagged articles too!

The first one I had a poll on, but after that I assumed it would be OK.

Steve

[ Parent | Reply to this comment ]

Posted by Anonymous (59.176.xx.xx) on Sat 20 Jan 2007 at 05:05
I submitted the article a few days ago. It seems to have been disapproved - possibly because it isn't technical, but about GNU philosophy.

PJ (debadminpublicforum.20.peejay at spamgourmet com)

[ Parent | Reply to this comment ]

Sign In

Username:

Password:

[Register|Advanced]

 

Flattr

 

Current Poll

Which init system are you using in Debian?






( 1618 votes ~ 7 comments )