OpenVPN can run over User Datagram Agreement (UDP) or Transmission Control Agreement (TCP) transports, multiplexing created IPsec ESP tunnels on a individual TCP/UDP portcitation needed (RFC 3948 for UDP).6 It has the adeptness to plan through a lot of proxy servers (including HTTP) and is acceptable at alive through Arrangement abode adaptation (NAT) and accepting out through firewalls. The server agreement has the adeptness to "push" assertive arrangement agreement options to the clients. These cover IP addresses, acquisition commands, and a few affiliation options. OpenVPN offers two types of interfaces for networking via the Universal TUN/TAP driver. It can actualize either a layer-3 based IP adit (TUN), or a layer-2 based Ethernet TAP that can backpack any blazon of Ethernet traffic. OpenVPN can optionally use the LZO compression library to abbreviate the abstracts stream. Anchorage 1194 is the official IANA assigned anchorage amount for OpenVPN. Newer versions of the affairs now absence to that port. A affection in the 2.0 adaptation allows for one action to administer several accompanying tunnels, as adjoin to the aboriginal "one adit per process" brake on the 1.x series.
OpenVPN's use of accepted arrangement protocols (TCP and UDP) makes it a adorable another to IPsec in situations area an ISP may block specific VPN protocols in adjustment to force users to subscribe to a higher-priced, "business grade," account tier.
edit Security
OpenVPN offers several centralized aegis features. It runs in userspace, instead of acute IP assemblage (and accordingly kernel) operation. OpenVPN has the adeptness to bead basis privileges, use mlockall to anticipate swapping acute abstracts to disk, access a chroot bastille afterwards initialization and administer a SELinux ambience afterwards initialization.
OpenVPN runs a custom aegis agreement based on SSL and TLS2. OpenVPN offers abutment of acute cards via PKCS#11 based cryptographic tokens.
edit Extensibility
OpenVPN can be continued with third-party plug-ins or scripts which can be alleged at authentic access points.78 The purpose of this is generally to extend OpenVPN with added avant-garde logging, added affidavit with username and passwords, activating firewall updates, RADIUS affiliation and so on. The plug-ins are dynamically loadable modules, usually accounting in C, while the scripts interface can assassinate any scripts or binaries accessible to OpenVPN. In the OpenVPN antecedent cipher 9 there are some examples of such plug-ins, including a PAM affidavit plug-in. There aswell exists several third affair plug-ins to accredit adjoin LDAP or SQL databases such as SQLite and MySQL. There is an overview over abounding of these extensions in the accompanying activity wiki page for the OpenVPN community.
OpenVPN's use of accepted arrangement protocols (TCP and UDP) makes it a adorable another to IPsec in situations area an ISP may block specific VPN protocols in adjustment to force users to subscribe to a higher-priced, "business grade," account tier.
edit Security
OpenVPN offers several centralized aegis features. It runs in userspace, instead of acute IP assemblage (and accordingly kernel) operation. OpenVPN has the adeptness to bead basis privileges, use mlockall to anticipate swapping acute abstracts to disk, access a chroot bastille afterwards initialization and administer a SELinux ambience afterwards initialization.
OpenVPN runs a custom aegis agreement based on SSL and TLS2. OpenVPN offers abutment of acute cards via PKCS#11 based cryptographic tokens.
edit Extensibility
OpenVPN can be continued with third-party plug-ins or scripts which can be alleged at authentic access points.78 The purpose of this is generally to extend OpenVPN with added avant-garde logging, added affidavit with username and passwords, activating firewall updates, RADIUS affiliation and so on. The plug-ins are dynamically loadable modules, usually accounting in C, while the scripts interface can assassinate any scripts or binaries accessible to OpenVPN. In the OpenVPN antecedent cipher 9 there are some examples of such plug-ins, including a PAM affidavit plug-in. There aswell exists several third affair plug-ins to accredit adjoin LDAP or SQL databases such as SQLite and MySQL. There is an overview over abounding of these extensions in the accompanying activity wiki page for the OpenVPN community.
No comments:
Post a Comment