OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the fundamental premise that complexity is the enemy of security, OpenVPN offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.
This page is designed to provide an applied-level of support. The OpenVPN HowTo has lots of great examples and configuration option.
Help with creating a VPN which connects multiple lans. Server and clients have lans behind them. This will help you understand how to use the route, push route, and iroute commands.
OpenVPN is readily available through most distributions package managers. Gnome's network-manager can manage various types of VPN's, including OpenVPN through plugins.
- Viscosity ($$$)
- Supports 2.0.9 AND 2.1-rc15
- Tunnelblick (FREE)
- Supports 2.0.9 in release version, 2.1.1 in beta version.
- Tunnelblick How-To
Building custom Win32/64 OpenVPN installer
- eurephia Authentication Plugin for OpenVPN
- Linux Journal: Building a Multisourced Infrastructure Using OpenVPN
DH Param Notes
Just for laughs, I generate three 4096-bit primes using openssl on three different systems; the results are here.
FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 email@example.com:/usr/obj/usr/src/sys/GENERIC Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(R) CPU E5530 @ 2.40GHz (2394.01-MHz K8-class CPU) 976.093u 0.060s 16:16.66 99.9% 494+1043k 7+0io 12pf+0w
FreeBSD 8.1-PRERELEASE #5: Tue Jul 13 14:10:29 CDT 2010 firstname.lastname@example.org:/usr/obj/usr/src/sys/GENERIC-CARP amd64 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz (2261.01-MHz K8-class CPU) 685.101u 0.022s 11:25.47 99.9% 495+1037k 2+0io 6pf+0w
machdep.cpu.vendor: GenuineIntel machdep.cpu.brand_string: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz Darwin Swordfish.local 10.6.0 Darwin Kernel Version 10.6.0: Wed Nov 10 18:13:17 PST 2010; root:xnu-1504.9.26~3/RELEASE_I386 i386 2249.944u 1.799s 37:32.94 99.9% 0+0k 2+9io 0pf+0w