- IPsec Versus OpenVPN
- Requirements for the OpenVPN Solution
- Setting Up the Public Key Infrastructure (PKI)
- Setting Up the VPN Serve
- Configuring OpenVPN
- Configuring a Sample Client
- Connecting to the Server
- Configuring the Routing
- Working with Unprivileged Users
- Advantages and Disadvantages of This Solution
Setting Up the Public Key Infrastructure (PKI)
OpenVPN uses X.509 certificates to secure the data. The use of certificates is important because this approach not only provides for an encrypted network, but adds authentication and identification checks. However, for certificates to work, we need a service that can distribute and manage the certificates. Many commercial options are available, but I recommend OpenSSL because it's free. OpenSSL is a command-line program, but it has an optional GUI front end called XCA.
Prior to running OpenVPN, you must create several keys in OpenSSL:
- A certificate authority (CA) root key pair, which will issue and sign all future certificates
- A certificate for each user/machine that will need to connect to the VPN server
Each certificate has to be signed by the issuing certificate authority; otherwise, the user won't be able to authenticate to the VPN. For more information on using OpenSSL or XCA, see this page on my site.