OpenVPN: Building and Integrating Virtual Private Networks

Posted by Steve on Mon 11 Dec 2006 at 05:45

I was recently offered the opportunity to review a copy of "OpenVPN - Building and integrating Virtual Private Networks" by Markus Feilner. This book covers everything from installing OpenVPN, configuring it, and using it in mixed environments. Read on for a review of this excellent book.

The Target Audience

The book describes itself as being written for Network Administrators and others who are interested in building secure VPNs with OpenVPN. It assumes basic knowledge of Linux, but none of OpenVPN itself.

Given the discussion within the book of different operating systems, such as GNU/Linux (SuSE Linux, Fedora, & Debian), FreeBSD, and Microsoft Windows there is little need to be tied to a particular environment.

I'd say that the book is well-targeted and suitable for beginners to VPN setups, since it covers all the basics from installation to configuration in a manner which is easy to understand and easy to follow.

About The Book

The book is a relatively slim volume coming in at just over 250 pages, but don't let the size fool you, there is an awful lot of information packed into the pages, and the level of detail is pitched just right for the target audience.

Because the book, like the software itself, isn't tied to any particular operating system you might find yourself skipping sections which discuss operation system-specific operation, but there isn't much space wasted even if you're only using a single platform such as Debian GNU/Linux.

The simple contents list is shown below. A complete table of contents is also available online.

The Book

There are a lot of good things that could be said about this book, but I think the most obvious is that it really does live up to its promise. A newcomer to OpenVPN who read this book really would understand how it works, how it can be used, and how to use it in a secure fashion in production use.

Ultimately the reason people would buy and read a book like this is to get a good understanding of using the software, and this book certainly delivers.

There is a lot of useful information contained within the book, some of it new to me, and all of it given in a clear readable style.

The initial chapters provide a good working example of what a VPN is and why a company might use one to connect multiple offices together over the insecure internet.

From this theoretical introduction of VPN operation we move onto a discussion of security and then a brief introduction to OpenVPN itself.

Once these introductions are out of the way we're introduced to installing and actually using the software. The installation covers multiple operating systems, including Debian GNU/Linux, Mac OS X, FreeBSD, and Microsoft Windows.

After the installation of OpenVPN is complete we move on to our first example; creating a VPN tunnel between two Microsoft Windows systems, and then adding a Linux computer into the mix. This example really underlines the cross-platform nature of OpenVPN, and the coverage this gets in the book. Whilst some people will only ever use one platform in many environments interoperability is key so seeing this addressed from the start is a nice touch.

Once our first tunnel has been setup, and tested, we move on to coverage of X509 certificates. These certificates are introduced and explored both upon a Microsoft Windows system, and a Debian system.

Once we've been introduced to a working system the book moves on to discuss security and explores the use of Shorewall and iptables for creating a secure system. The discussion of Shorewall is basic but useful - I'm sure a whole book could be written about Shorewall alone! However despite the brief nature of the introduction this is useful and relevant demonstrating how a firewall can and should be combined with a VPN solution.

After firewalling and security have been reinforced the coverage of certificate management is expanded, and explained in greater detail.

The last two chapters cover troubleshooting and advanced OpenVPN usage, demonstrating securing distcc with OpenVPN, scripting and other useful things such as "pushing" default routes, and other per-client configuration settings from a single-server.

Once discussion has finished there is an appendix giving links to online resources, these are briefly described and serve as a good source of further reading.

The Bad

I have only one minor complaint about this book and that is that some of the screen shots are a little blurry.

The presentation of the book as a whole is high-quality and pleasing to the eye. There are a lot of clear, readable, and useful diagrams included in the text at appropriate points, especially in the introduction to VPN operation.

However there are a several sections which contain screen shots of terminal, or command-prompt, windows which are a little blurrier than I'd like. This is only a minor point and one I'd easily overlook considering the otherwise great content.

Summary

If you're looking at creating VPN infrastructure, complete with keys and certificates etc, with OpenVPN then I'd highly recommend this book.

Whilst there is a lot of useful documentation available upon the OpenVPN website there is a lot to be said for having all that information compiled in a useful book.

Details
TitleOpenVPN: Building and Integrating Virtual Private Networks
AuthorsMarkus Feilner
PublisherPackt Publishing
ISBN1-904811-85-X
Cover Price
  • £36.99
  • $59.99
  • €54.99

(An "e-book" version is available in PDF format from the publisher too, price £19.99.)

Availability

This article can be found online at the Debian Administration website at the following bookmarkable URL:

This article is copyright 2006 Steve - please ask for permission to republish or translate.