IT: OpenVPN

VPN

VPN stands for “virtual private network.”

VPN protocols:

IKEv2 - the fast favorite on mobile OS.
OpenVPN - a reliable open-source classic.
Shadowsocks - top choice in restrictive countries.
WireGuard® - modern and secure solution.

Pros

Hide from prying eyes on the internet

Avoid ISP throttling.
Get the best deals for online shopping.
Access blocked content (websites and apps).

Browse the internet securely

Stay safe on public wifi.
Safely share and download files.

An IPsec

IPsec is a collection of protocols. Internet Protocol Security.

IPsec protocols are usually grouped by the tasks they do:

Authentication Headers
Encapsulating Security Payloads (ESP)
Security Associations (SA)

And IKEv2 (Internet Key Exchange version 2)

An IPsec VPN is one that uses the IPsec protocol to establish a VPN connection.

IPsec: transport mode vs. tunnel mode

TLS

HTTPS is an implementation of TLS encryption on top of the HTTP protocol, which is used by all websites as well as some other web services. Any website that uses HTTPS is therefore employing TLS encryption.

What does TLS do?

Encryption: hides the data being transferred from third parties.
Authentication: ensures that the parties exchanging information are who they claim to be.
Integrity: verifies that the data has not been forged or tampered with.

Certificate Authority (CA)

PKI (public key infrastructure). The PKI consists of:

a separate certificate (also known as a public key) and private key for the server and each client, and
a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.

https://openvpn.net/community-resources/setting-up-your-own-certificate-authority-ca/

https://openvpn.net/community-resources/hardening-openvpn-security/

Compression

By default, OpenVPN doesn't enable compression. This script provides support for LZ0 and LZ4 (v1/v2) algorithms, the latter being more efficient.

However, it is discouraged to use compression since the VORACLE attack makes use of it.

TLS version

OpenVPN accepts TLS 1.0 by default, which is nearly 20 years old.

With tls-version-min 1.2 we enforce TLS 1.2, which the best protocol available currently for OpenVPN.

TLS 1.2 is supported since OpenVPN 2.3.3.

Openvpn

openvpn install script:

https://github.com/angristan/openvpn-install/blob/master/openvpn-install.sh

$ root@debian:~# cat /etc/debian_version

9.8

# List of connected users

$ tail /var/log/openvpn/status.log
$ tail -f -n 15 /var/log/openvpn/status.log
$ watch -d tail /var/log/openvpn/status.log

# Telnet 25 port test

$ telnet mx-a.delfi.lt 25
Exiting Ctrl+]
Telnet > close

iptables

# Statusas apie Userius:

tail /var/log/openvpn/status.log
watch -d tail /var/log/openvpn/status.log

ngix

sudo apt install nginx -y
sudo apt-get install php-fpm

# Change ngix config

nano /etc/nginx/sites-available/default

# Test configurations

nginx -t

php

https://github.com/Outpox/OpenVPN-Log-Watcher/blob/master/parser.php

# Restarting service

$ systemctl restart php7.0-fpm.service

# Configure php

$ nano /etc/php/7.0/fpm/php.ini

<html>
<title>VPN</title>
<body>
<?php include_once '/var/www/html/vpn-parser.php';
$file="vpn_status.log";
$users = parseLog($file);

foreach($users['users'] as $user) {
echo $user['name'];
echo " ";
echo $user['ip'];
echo '<br>';
}
?>
</body>
</html>

2020 m. gruodžio 17 d., ketvirtadienis

OpenVPN

VPN