Book review: OpenVPN: Building and Integrating Virtual Private Networks <i>by Markus Feilner</i>

Book review: OpenVPN: Building and Integrating Virtual Private Networks by Markus Feilner


Virtual Private Networking enables secure online communication over TCP/IP networks such as the Internet and Extranets and between road warriors and there online bases. VPN’s are the stock and blood of many distributed organizations. The technologies involved are relatively easy to use and widely applied. OpenVPN is one suitably viable and mature (James Yonan started the project in 2001), and open source instance. When properly deployed the server has a significant and beneficial impact on the security of your organizations online communication. The product specific book OpenVPN Building and Integrating Virtual Private Networks is a thorough and detailed manual on achieving a realistic and successful deployment. The authors in depth personal knowledge is warmly encapsulated in the content.

The book’s cover The book’s cover

Marketers and techno cool geeks can shroud underlying VPN structures in self serving terminology: IPSec, revocation lists, symmetrical, asymmetrical keys, tunneling, encapsulation, and whole dictionaries worth of conventions. Luckily for the doers in this world the author Markus Feilner concentrates on the practical and only mentions the underlying complexities when necessary and at a suitably non religious shallow and glancing angle.

Markus Feilner concentrates on the practical and only mentions the underlying complexities when necessary

The contents

Within the 258 pages and 11 chapters of this well crafted book sit all the content you need for a relevant and open source VPN solution. Starting from the very basics defining what a VPN is the book speeds through the first three chapters of lightly explained conceptual background. The first significant thick chapter, chapter four explains the subject of installation in much detail and rightly so the chapter is of the same length as all the theoretical chapters together.

There is much to like in the content, for example details on building RPM or DEB packages in chapter 4 or the use of Webmin to manage INIT startup scripts in chapter 5.

My day job is as a developer of campus wide infrastructure at a University; therefore, from this perspective, my particular favorite description was on the subject of how to call a script to check for passwords. This allows you to knock OpenVPN into your organization specific authentication services without too much hassle.

A couple of chapters are generic enough to have broader meaning than for VPN’s alone. These chapters are Chapters 9 Advanced Certificate Management and Chapter 11 Troubleshooting and Monitoring. One can imagine deploying a simple Certificate Authority via XCA or finding errors within your Intranet ntop.

There is much to like in the content

Who’s this book for?

As hinted previously Markus Feilner has written a practical book best suited for system administrators or developers that need to deploy a VPN solution. Background information over Webmin, XCA, troubleshooting and monitoring networks is an added bonus.

Relevance to free software

A successful OpenVPN solution involves not only the software but also the underlying OS networking services. The VPN offering needs to tap into these services for secure tunneling between systems to exist at all. OpenVPN Specific drivers for Linux, Windows, and Mac exist for this purpose. Firewalls affect the tunneling mechanism. Thus, the influence of the built in proprietary Windows firewall is detailed. Administrators need to manage file copying potentially via the mechanism of SCP to enable key sharing for symmetrical.

The book also mentions quickly, accurately supporting open source tools such as Webmin and XCA, and debugging network related tools such as nmap or iptraf. Therefore, the book by the environment it seeks to detail has a predominant emphasis on Open Source with a mild taint of proprietarily OS specific details.

Pros

This book describes deployment of OpenVPN in detail for a number of Linux flavors and Windows and Macs. This mix of OS’s or a subset therein is enough to define most organizations server and client populations.

Further, the book mentions supporting tools such as packet sniffers, firewalls, open source certificate authorities, allowing you to build up the required VPN related internal infrastructure.

Cons

If you want to know the gruesome details of the difference between TLS and SSL2 or wish for pretty org diagrams with potential workflows then you will find the theoretical content somewhat on the light side.

Title OpenVPN: Building and Integrating Virtual Private Networks
Author Markus Feilner
Publisher PACKT
ISBN 190481185X
Year 2006
Pages 258
CD included No
FS Oriented 9
Over all score 8

In short

Category: 
License: 

Comments

Rom Feria's picture
Submitted by Rom Feria on

This book is just perfect for us in the third world who are trying to employ every bit of technology at minimum cost. An OpenVPN solution would surely beat the cheapest Cisco concentrator or even the cheapest Linux-based appliance out there. Right now, our VPN solution runs on PPTP and it surely sucks!

I just hope that I get to win this book so that we can add to our expertise and in return, help those small SMEs and NGOs improve their network services.

HackItLinux, One of the Linux Pit stops for News

Author information

Alan Berg's picture

Biography

Alan Berg Bsc. MSc. PGCE, has been a lead developer at the Central Computer Services at the University of Amsterdam since 1998. In his spare time, he writes articles, book reviews and has authored three books. He has a degree, two masters and a teaching qualification. In previous incarnations, he was a technical writer, an Internet/Linux course writer, and a science teacher. He likes to get his hands dirty with the building and gluing of systems. He remains agile by playing computer games with his sons who (sadly) consistently beat him physically, mentally and morally at least twice in any given day.

You may contact him at reply.to.berg At chello.nl