Thursday, November 11, 2010

OpenVPN

OpenVPN is a great alternative to PPTP and L2TP, you get strong encryption out of the box and lets face it, no one is going to try to decrypt your stream, the maximum they'll try is MITM (man in the middle) attacks which are easily avoided if you enable some kind of certificate check.


Some interesting features/uses are:


1. You can authenticate on Active Directory.
2. You can actually script authentication on anything you want, check out auth-user-pass-verify.
3. Tunnel through any port on TCP/UDP, TCP is not recommended, as it will slow down connections significantly, but its a great workaround for ISPs that slow down UDP.
4. Connections can be enabled on startup, if you need a poor man's server-to-server VPN, you can use it with automatic startup, take a look at sc.exe,
startup options:
C:\Program Files\OpenVPN\bin\openvpn-gui.exe --connect sitename.ovpn
and retry infinite settings
5. you can bridge the TUN connections with the physical lan if you need bridging other than routing.
6. Connection compression.