- OpenVPN 2 Cookbook
- Jan Just Keijser
- 377字
- 2021-04-09 22:05:45
This recipe uses OpenVPN secret keys to secure the VPN tunnel. It is very similar to the previous recipe but this time a shared secret key is used to encrypt the traffic between the client and the server.
Install OpenVPN 2.0 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1 and the client was running Windows XP SP3 and OpenVPN 2.1.1.
- First, we generate a secret key on the server (listener):
[root@server]# openvpn --genkey --secret secret.key - We transfer this key to the client side over a secure channel (for example, using
scp). - Next, we launch the server (listening)-side OpenVPN process:
[root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 \ --dev tun --secret secret.key
- Then, we launch the client-side OpenVPN process:
[WinClient] C:\>"\Program Files\OpenVPN\bin\openvpn.exe" \ --ifconfig 10.200.0.2 10.200.0.1 \ --dev tun --secret secret.key \ --remote openvpnserver.example.com
The connection is established:
This example works exactly as the very first: the server listens to the incoming connections on UDP port 1194. The client connects to the server on this port. After the initial handshake, the server configures the first available TUN device with IP address 10.200.0.1 and it expects the remote end (Peer address) to be 10.200.0.2. The client does the opposite.
By default, OpenVPN uses two symmetric keys when setting up a point-to-point connection:
- A Cipher key to encrypt the contents of the packets being exchanged.
- An HMAC key to sign packets. When packets arrive that are not signed using the appropriate HMAC key they are dropped immediately. This is the first line of defense against a "Denial of Service" attack.
The same set of keys are used on both ends and both keys are derived from the file specified using the --secret parameter.
An OpenVPN secret key file is formatted as follows:
# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- <16 lines of random bytes> -----END OpenVPN Static key V1-----
From the random bytes, the OpenVPN Cipher and HMAC keys are derived. Note that these keys are the same for each session!
- 持續演進的Cloud Native:云原生架構下微服務最佳實踐
- Photoshop CC 2018實用教程
- Apache OFBiz Development: The Beginner's Tutorial
- Midjourney AI繪畫藝術創作教程:關鍵詞設置、藝術家與風格應用175例
- Unity 2D與3D手機游戲開發實戰
- Photoshop CS6從入門到精通
- ImageMagick Tricks
- SolidWorks2014基礎實例教程
- Adobe創意大學After Effects產品專家認證標準教材(CS6修訂版)
- PHP應用開發與實踐
- Implementing SugarCRM 5.x
- Backbone.js Cookbook
- 中文版Photoshop CC基礎培訓教程
- SolidWorks 2020中文版從入門到精通
- 邊做邊學:Illustrator CS6平面設計案例教程(微課版)