Troubleshooting OpenVPN
By Eric F Crist
()
About this ebook
- This is the first book on the market that resolves your issues related to troubleshooting OpenVPN
- Ensure your organization's private network is protected 24x7 by resolving OpenVPN issues instantly
- Save time and costs by troubleshooting to reduce the impact on your business
The book is for system administrators who are experienced and well versed with OpenVPN. You should possess intermediate to master level proficiency with OpenVPN. All OpenVPN users can leverage this book.
Eric F Crist
Eric F Crist is an IT professional with experience in hardware and software systems integration. With a few others, he has had a key role in building the OpenVPN community to what it is today. He works in research and development as a principal computer system specialist for St. Jude Medical. His role involves system engineering, configuration management, and cyber security analysis for products related to the Cardiovascular Ablation Technology division. You can find him online at the Freenode and EFNet IRC networks as ecrist. He calls the Twin Cities, Minnesota, his home and lives with his wife, DeeDee, his son, Lance, and his daughter, Taylor.
Related to Troubleshooting OpenVPN
Related ebooks
Mastering Ubuntu Server Rating: 5 out of 5 stars5/5Nmap Essentials Rating: 4 out of 5 stars4/5Mastering Linux Shell Scripting Rating: 4 out of 5 stars4/5Kali Linux Network Scanning Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsCentOS System Administration Essentials Rating: 0 out of 5 stars0 ratingsLearning Puppet for Windows Server Rating: 0 out of 5 stars0 ratingsNmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsInstant Java Password and Authentication Security Rating: 0 out of 5 stars0 ratingsMastering OpenVPN Rating: 5 out of 5 stars5/5MariaDB High Performance Rating: 0 out of 5 stars0 ratingsCentOS High Availability Rating: 5 out of 5 stars5/5Practical Linux Security Cookbook Rating: 0 out of 5 stars0 ratingsCentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 Systems Rating: 0 out of 5 stars0 ratingsOpenVPN Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsSELinux System Administration - Second Edition Rating: 0 out of 5 stars0 ratingsNginx HTTP Server - Third Edition Rating: 0 out of 5 stars0 ratingsSELinux System Administration Rating: 0 out of 5 stars0 ratingsCentOS High Performance Rating: 0 out of 5 stars0 ratingsWindows Security Monitoring: Scenarios and Patterns Rating: 0 out of 5 stars0 ratingsUbuntu Server Cookbook Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 4 out of 5 stars4/5OpenStack Orchestration Rating: 5 out of 5 stars5/5Troubleshooting Ubuntu Server Rating: 0 out of 5 stars0 ratingsAsynchronous Android Rating: 4 out of 5 stars4/5Linux Networking Cookbook Rating: 0 out of 5 stars0 ratingsInstant Debian - Build a Web Server Rating: 0 out of 5 stars0 ratingsWindows Server A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsLinux Essentials Rating: 4 out of 5 stars4/5
Networking For You
Networking For Dummies Rating: 5 out of 5 stars5/5Emergency Preparedness and Off-Grid Communication Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Networking All-in-One For Dummies Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5The Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5A Beginner's Guide to Ham Radio Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 0 out of 5 stars0 ratingsMicrosoft Certified Azure Fundamentals Study Guide: Exam AZ-900 Rating: 0 out of 5 stars0 ratingsCCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsAWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam Rating: 5 out of 5 stars5/5Quantum Computing For Dummies Rating: 0 out of 5 stars0 ratingsConcise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5Programming Arduino: Getting Started with Sketches Rating: 4 out of 5 stars4/5Home Networking Do-It-Yourself For Dummies Rating: 4 out of 5 stars4/5The Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5Microsoft Azure For Dummies Rating: 0 out of 5 stars0 ratingsNetworking Fundamentals: Develop the networking skills required to pass the Microsoft MTA Networking Fundamentals Exam 98-366 Rating: 0 out of 5 stars0 ratingsOSINT 101 Handbook: Expert-Level Intelligence Gathering: Advanced Reconnaissance, Threat Assessment, And Counterintelligence Rating: 0 out of 5 stars0 ratingsComputer Networking: An introductory guide for complete beginners: Computer Networking, #1 Rating: 5 out of 5 stars5/5Malware Reverse Engineering: Cracking The Code Rating: 0 out of 5 stars0 ratingsSharePoint For Dummies Rating: 0 out of 5 stars0 ratingsRaspberry Pi Electronics Projects for the Evil Genius Rating: 3 out of 5 stars3/5Nmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsTCP / IP For Dummies Rating: 5 out of 5 stars5/5Group Policy: Fundamentals, Security, and the Managed Desktop Rating: 0 out of 5 stars0 ratingsWindows Command Line Administration Instant Reference Rating: 0 out of 5 stars0 ratings
Reviews for Troubleshooting OpenVPN
0 ratings0 reviews
Book preview
Troubleshooting OpenVPN - Eric F Crist
Table of Contents
Troubleshooting OpenVPN
Credits
About the Author
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Troubleshooting Basics
A recommended toolkit
Log search and filtering
grep
less, more, and most
Regular expressions
Network sniffing and analysis
tcpdump
traceroute
mtr
ping
Wireshark
X.509 verification and inspection
OpenSSL
Wireshark
Troubleshooting basics
Summary
2. Common Problems
Narrowing the focus
Sample scenarios
Scenario 1--unable to access VPN
Scenario 2--cannot access external web when on VPN
Suspecting recent changes
Supported operating systems
Embedded devices
Semi-embedded systems
Virtual servers
IP addresses
Firewalls
Duplicate client certificates
Overcomplication
Summary
3. Installing OpenVPN
Common installation problems
Compiling OpenVPN
Packages and installers
The advantages of precompiled installers
Driver installation
Alternative clients
Summary
4. The Log File
Logging options
Logging levels
Verbosity 0
Verbosity 1
Verbosity 4
Verbosity 7
Common log messages
Startup messages
Version and compile string
Option warnings
Configuration parameters
Operational messages
Certificate messages
Summary
5. Client and Server Startup
File and process permissions
Privilege de-escalation
Networking privileges
Port assignment and use
Multiple daemons
Adapter and routing table changes
Chroot
Scripting
Up and down scripts
Connect and disconnect scripts
UDP troubleshooting
UDP and firewalls
Summary
6. Certificates and Authentication
File permissions
Pre-shared keys
Certificate authentication
Certificate chain overview
The Certificate Revocation List
System date and time
Authentication and plugins
Usernames and passwords
--ccd-exclusive
Summary
7. Network and Routing
Connectivity
Inbound connection--server
Publicly addressed server
Privately addressed server with port forwarding
Outbound connection--client
Firewall filters and inspection
TLS authentication
Routing
Internal routing
External routing
Pushing routes
Routes behind clients
Kernel versus process routing
Route conflicts
Redirect gateway
General network concerns
Path MTU and MSS
Summary
8. Performance
Networking
Rate limiting
Cryptographic performance
Library differences
Cipher and AES-NI
Result summary
Single thread
Summary
9. External Problems
Inspection and filtering
Obfuscation
Encryption
Geographic and source address exclusions
What can be done
Source IP address
DNS settings
Routing path performance
Summary
Useful links
Manual or man pages
Release notes
Support channels
Troubleshooting OpenVPN
Troubleshooting OpenVPN
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: March 2017
Production reference: 1150317
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78646-196-4
www.packtpub.com
Credits
About the Author
Eric F Crist hails from Cottage Grove, Minnesota, and he works as a product and systems engineer for Abbott. He has a relatively wide range of professional and life experience starting from physical security and access control as a low-voltage technician into software development, system administration, and software development.
Eric has been a core member of the OpenVPN community since 2008 and helps manage the open source online resources. He also wrote ssl-admin, and he is a lead for Easy-RSA, both of which help manage Certificate Authorities and chains.
Eric collaborated with Jan Just Keisjer for the book, Mastering OpenVPN, in 2015, also for Packt.
I would like to sincerely thank my wife, DeeDee, for encouraging me to write this book. Without your prompting, encouragement, and motivation, I would have had a tremendous amount of additional free time and sanity.
About the Reviewer
Krzee King is a self taught BSD/Linux user. He began helping in the OpenVPN community in 2007, when he and the author Eric took control of the IRC channel, and later founded the web forum with Eric and dougy. He believes very strongly in the importance of encryption, and the need for strong encryption to be usable by all. He also had the pleasure of reviewing OpenVPN 2 Cookbook by Jan Just Keijser.
Thanks to my lovely wife and my parents, for their endless support. I love you guys.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/178646196X.
If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Preface
OpenVPN is arguably the best cross-platform secure networking technology currently available. The development community is large and active every day of the year, with new developers popping up regularly with patches and feature requests. It is not only used by hobbyists, but also by for-pay VPN providers strewn about the Internet.
In Troubleshooting OpenVPN, we identify the most common problems and pitfalls in the deployment of OpenVPN. We demonstrate where and how to use an assortment of diagnostic and investigative tools, both common and lesser known.
By the end of this book, you should be able to understand and identify where a problem resides, both within your VPN infrastructure and also from external causes. The log file is fully detailed and you will be able to leverage the varying logging levels to suit your troubleshooting efforts.
What this book covers
Chapter 1, Troubleshooting Basics, helps the reader break down problems into digestible portions with related components. Some of the concepts discussed include generic techniques useful in more than just OpenVPN problem solving.
Chapter 2, Common Problems, will identify the issues seen most frequently by both novice administrators and experienced administrators alike.
Chapter 3, Installing OpenVPN, covers compilation and installation of OpenVPN on a variety of platforms. Virtual network adapters, alternative client packages, and software dependencies will be identified.
Chapter 4, The Log File, focuses heavily on the OpenVPN log file and how to adjust and decipher the verbosity of the available messages. This is an extremely valuable resource when identifying and correcting problems.
Chapter 5, Client and Server Startup, discusses software and system dependencies necessary for process startup. Items like file permissions, scripting, and basic networking all contribute to successfully running OpenVPN.
Chapter 6, Certificates and Authentication, illustrates the varying authentication paths and where breakage can occur. System time, authentication backends and scripting are all addressed.
Chapter 7, Network and Routing, shows where network topology and routing bring complexity to the OpenVPN architecture. Conflicting routes, address inconsistency, and subnetting will all be covered.
Chapter 8, Performance, was written to help you identify performance bottlenecks and places where efficiencies can be improved.
Chapter 9, External Problems, covers where and when problems can exist outside your OpenVPN infrastructure, and even entirely outside your network or control.
What you need for this book
This book was written with the VPN administrator in mind. Many of the examples within leverage both the server and client sides of a connection, and lack of control at the server end will prove frustrating. I am assuming you either have access to a server, or have the means to create a functioning server, with your operating system of choice.
Examples within this book are focused primarily on Linux or BSD command-line tools, but there are a number of Windows examples interspersed within the content. To make the most of your time, try to have the following available:
An OpenVPN server, ideally running on Linux or FreeBSD
An OpenVPN client, running any operating system you choose
The ability to install software on and connect to the OpenVPN server without OpenVPN running
Who this book is for
An OpenVPN server administrator is most likely to use this book to its potential. Enterprising VPN users may also be able to use the techniques and applications described within to their own benefit, however. Much of this title covers basic troubleshooting skills that can be leveraged in nearly any situation, not just with OpenVPN.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: The --auth-user-pass-verify script is the last in a long chain of scripts that are run.
Any command-line input or output is written as