BSDCan2008 - Final - we hope

BSDCan 2008
The Technical BSD Conference

John Pertalion
Oscar Knight
Day Talks - 1 (2008-05-16)
Room G
Start time 10:00
Duration 01:00
ID 71
Event type lecture
Track System Administration
Language en

An Open Source Enterprise VPN Solution with OpenVPN and OpenBSD

Solving the problem

At Appalachian State University, we utilize an open source VPN to allow faculty, staff and vendors secure access to Appalachian State University's internal network from any location that has an Internet connection. To implement our virtual private network project, we needed a secure VPN that is flexible enough to work with our existing network registration and LDAP authentication systems, has simple client installation, is redundant, allows multiple VPN server instances for special site-to-site tunnels and unique configurations, and can run on multiple platforms. Using OpenVPN running on OpenBSD, we met those requirements and added a distributed administration system that allows select users to allow VPN access to specific computers for external users and vendors without requiring intervention from our network or security personnel. Our presentation will start with a quick overview of OpenVPN and OpenBSD and then detail the specifics of our VPN implementation.

Dissatisfied with IPSec for road warrior VPN usage we went looking for a better solution. We had hopped that we could find a solution that would run on multiple platforms, was flexible and worked well. We found OpenVPN and have been pleased. Initially we ran it on RHEL. We migrated to OpenBSD for pf functionality and general security concerns. ...and because we like OpenBSD.

Our presentation will focus on the specifics of our VPN implementation. We will quickly cover the basics of OpenVPN and the most used features of OpenBSD. Moving along we will cover multiple authentication methods, redundancy, running multiple instances, integration with our netreg system, how pf has extended functionality, embedding in appliances, and client configuration. The system has proven helpful with providing vendor access where needed and we’ll cover this aspect as well. Time permitting we will cover current enhancement efforts and future plans.

OpenVPN has been called the "Swiss army knife" of VPN solutions. We hope our presentation leaves participants with that feeling.