Recently I decided to implement a client access VPN solution that I had been meaning to do for a long time.
I had looked at other solutions like the Windows 7 built in PPTP VPN and pfSense and finally settled on OpenVPN.
The main reason behind my selection of OpenVPN is it's multiple platform support. The server is available for pretty much any modern OS that one would use, as is the client. It is also integrated into many open source router and firewall distributions.
There are two versions of OpenVPN available. The community edition and the commercial edition. The community edition is available via most repositories for popular Linux distributions and is also available for Windows. The commercial version is available via OpenVPN's website in many different flavours, including a virtual appliance.
The main differences between the community and commercial editions are that the community edition offers no support while the commercial does, and the commercial edition is easily configured via a web GUI while the community is generally configured via configuration files. Furthermore, the commercial edition requires a license per user to connect to the server, however it does come with two free licenses for testing purposes.
I elected to go with the commercial version due to it's ease of setup. The setup simply involved downloading the Debian Linux based virtual appliance and importing it on to my ESXi 5.1 server. After going through the simple setup, the server was up and running and I was connected.
OpenVPN utilizes SSL for it's encryption but is not a "true" SSL VPN. It runs it's own propitiatory client and server. The client can be downloaded from the server itself but logging in as a registered user and downloading the client for your chosen OS.
Many VPN modes are support including Layer 2 VPN, routed VPN and a NAT VPN where hosts on the private subnet are automatically NAT'd so that hosts on the OpenVPN subnet can access them.
My setup simply involved me port forwarding ports 443 and 1194 to the OpenVPN VM and connecting. I elected to configure it so that only traffic that needs to access my private network is routed over the VPN and not all Internet traffic.
I plan on looking into the open source version to see what it has to offer, but the commercial version is a great way to get started if you have a small setup.
Update:
In order to get the Layer 2 VPN to work when using ESXi you have to set the vswitch that the OpenVPN server is associated with to accept promiscious mode packets. More details can be found here : http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/. Be advised that the Layer 2 VPN is only supported on Windows clients as of now.
I had looked at other solutions like the Windows 7 built in PPTP VPN and pfSense and finally settled on OpenVPN.
The main reason behind my selection of OpenVPN is it's multiple platform support. The server is available for pretty much any modern OS that one would use, as is the client. It is also integrated into many open source router and firewall distributions.
There are two versions of OpenVPN available. The community edition and the commercial edition. The community edition is available via most repositories for popular Linux distributions and is also available for Windows. The commercial version is available via OpenVPN's website in many different flavours, including a virtual appliance.
The main differences between the community and commercial editions are that the community edition offers no support while the commercial does, and the commercial edition is easily configured via a web GUI while the community is generally configured via configuration files. Furthermore, the commercial edition requires a license per user to connect to the server, however it does come with two free licenses for testing purposes.
I elected to go with the commercial version due to it's ease of setup. The setup simply involved downloading the Debian Linux based virtual appliance and importing it on to my ESXi 5.1 server. After going through the simple setup, the server was up and running and I was connected.
OpenVPN utilizes SSL for it's encryption but is not a "true" SSL VPN. It runs it's own propitiatory client and server. The client can be downloaded from the server itself but logging in as a registered user and downloading the client for your chosen OS.
Many VPN modes are support including Layer 2 VPN, routed VPN and a NAT VPN where hosts on the private subnet are automatically NAT'd so that hosts on the OpenVPN subnet can access them.
My setup simply involved me port forwarding ports 443 and 1194 to the OpenVPN VM and connecting. I elected to configure it so that only traffic that needs to access my private network is routed over the VPN and not all Internet traffic.
I plan on looking into the open source version to see what it has to offer, but the commercial version is a great way to get started if you have a small setup.
Update:
In order to get the Layer 2 VPN to work when using ESXi you have to set the vswitch that the OpenVPN server is associated with to accept promiscious mode packets. More details can be found here : http://www.jeremycole.com/blog/2010/03/11/openvpn-bridge-under-vmware-esxi/. Be advised that the Layer 2 VPN is only supported on Windows clients as of now.
