27,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
OpenVPN, the most widely used open source VPN package, allows you to create a secure network across systems, keeping your private data secure. Connectivity and other issues are a pain to deal with, especially if they are impacting your business. This book will help you resolve the issues faced by OpenVPN users and teach the techniques on how to troubleshoot it like a true expert. This book is a one stop solution for troubleshooting any issue related to OpenVPN.
We will start by introducing you to troubleshooting techniques such as Packet Sniffing, Log Parsing, and OpenSSL. You will see how to overcome operating system specific errors. Later on, you will get to know about network and routing errors by exploring the concepts of IPv4 and IPv6 networking issues. You will discover how to overcome these issues to improve the performance of your OpenVPN deployment.
By the end of the book, you will know the best practices, tips, and tricks to ensure the smooth running of your OpenVPN.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 168
Veröffentlichungsjahr: 2017
Ähnliche
Table of Contents
Troubleshooting OpenVPN
Troubleshooting OpenVPN
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: March 2017
Production reference: 1150317
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78646-196-4
www.packtpub.com
Credits
Author
Eric F Crist
Copy Editor
Dipti Mankame
Reviewer
Krzee King
Project Coordinator
Judie Jose
Commissioning Editor
Pratik Shah
Proofreader
Safis Editing
Acquisition Editor
Divya Poojari
Indexer
Pratik Shirodkar
Content Development Editor
Abhishek Jadhav
Graphics
Kirk D'Penha
Technical Editor
Gaurav Suri
Production Coordinator
Shantanu N. Zagade
About the Author
Eric F Crist hails from Cottage Grove, Minnesota, and he works as a product and systems engineer for Abbott. He has a relatively wide range of professional and life experience starting from physical security and access control as a low-voltage technician into software development, system administration, and software development.
Eric has been a core member of the OpenVPN community since 2008 and helps manage the open source online resources. He also wrote ssl-admin, and he is a lead for Easy-RSA, both of which help manage Certificate Authorities and chains.
Eric collaborated with Jan Just Keisjer for the book, Mastering OpenVPN, in 2015, also for Packt.
I would like to sincerely thank my wife, DeeDee, for encouraging me to write this book. Without your prompting, encouragement, and motivation, I would have had a tremendous amount of additional free time and sanity.
About the Reviewer
Krzee King is a self taught BSD/Linux user. He began helping in the OpenVPN community in 2007, when he and the author Eric took control of the IRC channel, and later founded the web forum with Eric and dougy. He believes very strongly in the importance of encryption, and the need for strong encryption to be usable by all. He also had the pleasure of reviewing OpenVPN 2 Cookbook by Jan Just Keijser.
Thanks to my lovely wife and my parents, for their endless support. I love you guys.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/178646196X.
If you'd like to join our team of regular reviewers, you can e-mail us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Preface
OpenVPN is arguably the best cross-platform secure networking technology currently available. The development community is large and active every day of the year, with new developers popping up regularly with patches and feature requests. It is not only used by hobbyists, but also by for-pay VPN providers strewn about the Internet.
In Troubleshooting OpenVPN, we identify the most common problems and pitfalls in the deployment of OpenVPN. We demonstrate where and how to use an assortment of diagnostic and investigative tools, both common and lesser known.
By the end of this book, you should be able to understand and identify where a problem resides, both within your VPN infrastructure and also from external causes. The log file is fully detailed and you will be able to leverage the varying logging levels to suit your troubleshooting efforts.
What this book covers
Chapter 1, Troubleshooting Basics, helps the reader break down problems into digestible portions with related components. Some of the concepts discussed include generic techniques useful in more than just OpenVPN problem solving.
Chapter 2, Common Problems, will identify the issues seen most frequently by both novice administrators and experienced administrators alike.
Chapter 3, Installing OpenVPN, covers compilation and installation of OpenVPN on a variety of platforms. Virtual network adapters, alternative client packages, and software dependencies will be identified.
Chapter 4, The Log File, focuses heavily on the OpenVPN log file and how to adjust and decipher the verbosity of the available messages. This is an extremely valuable resource when identifying and correcting problems.
Chapter 5, Client and Server Startup, discusses software and system dependencies necessary for process startup. Items like file permissions, scripting, and basic networking all contribute to successfully running OpenVPN.
Chapter 6, Certificates and Authentication, illustrates the varying authentication paths and where breakage can occur. System time, authentication backends and scripting are all addressed.
Chapter 7, Network and Routing, shows where network topology and routing bring complexity to the OpenVPN architecture. Conflicting routes, address inconsistency, and subnetting will all be covered.
Chapter 8, Performance, was written to help you identify performance bottlenecks and places where efficiencies can be improved.
Chapter 9, External Problems, covers where and when problems can exist outside your OpenVPN infrastructure, and even entirely outside your network or control.
What you need for this book
This book was written with the VPN administrator in mind. Many of the examples within leverage both the server and client sides of a connection, and lack of control at the server end will prove frustrating. I am assuming you either have access to a server, or have the means to create a functioning server, with your operating system of choice.
Examples within this book are focused primarily on Linux or BSD command-line tools, but there are a number of Windows examples interspersed within the content. To make the most of your time, try to have the following available:
Who this book is for
An OpenVPN server administrator is most likely to use this book to its potential. Enterprising VPN users may also be able to use the techniques and applications described within to their own benefit, however. Much of this title covers basic troubleshooting skills that can be leveraged in nearly any situation, not just with OpenVPN.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The --auth-user-pass-verify script is the last in a long chain of scripts that are run."
Any command-line input or output is written as follows:
author@example:~-> sudo openssl s_server -key key.pem –cert cert.pem -WWW -accept 443New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "By going to Preferences | Protocols | SSL, Wireshark provides a way to import the TLS key we created earlier."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at [email protected] with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.
Chapter 1. Troubleshooting Basics
Troubleshooting a failed server or client deployment can be a daunting task, particularly for a novice user. A vast number of users do not fall into the typical system administration role, and they are either hobbyists or just venturing into virtual networking and cryptography. By the end of this chapter, the tools' key to identifying and correcting problems will be illustrated, and their utility will be demonstrated.
The general concepts of troubleshooting apply not only to fixing a problematic OpenVPN client or server process but also to nearly everything encountered in day-to-day work. At its most basic level, the idea of divide and conquer is the phrase of the day. Separating components that are functional from those that are broken will quickly absolve the administrator from needless work and investigation.
The book is structured progressively, and it aims to help you find solutions quickly. This book will cover the following key topics surrounding fixing, identifying, and resolving OpenVPN problems:
A recommended toolkit
There are a number of common utilities needed to investigate network and public key infrastructure (PKI) issues. The samples within this book will be from a variety of operating systems. The server will be on FreeBSD 10.2, and we will show macOS X and Windows 7 and 10.
The majority of diagnostics will be done at the server side of the connection, but there are useful things to glean from client-side utilities. The tools listed here will be demonstrated, but this book isn't a manual for their use. For full documentation, refer to the documentation links provided.
Note
Both the FreeBSD project and GNU have web interfaces for browsing man pages. The main page for these can be found at the following paths:
Log search and filtering
Detailed logging is available from OpenVPN on both the client and server sides, which allows configuration issues to be identified quickly. Having the ability to search these logs for the pertinent information is vital to successfully correcting problems and verifying a functional service. The utilities identified here will aid in these search tasks.
grep
The grep utility is likely to be one of the first utilities learned by an aspiring Unix user. Finding strings or keywords within a file or a set of files quickly is the first step in tracking down entries in a log file or a configuration directive. grep allows you to search and highlight specific lines, context around those lines, filenames, line numbers, and more. In addition to finding lines of text, grep can also omit lines you do not want to see.
The #openvpn support channel on Freenode (irc.freenode.net) IRC as well as on the OpenVPN forum (http://forums.openvpn.net), for example, request that users seeking support omit comments and empty lines with the following command:
grep -vE '^#|^;|^$' server.confTake a sample config file:
ecrist@meow:~-> cat foo.conf# this is a comment; this is also a comment # the line above is empty config argument ; another commentIf we pipe that through our grep filter:
ecrist@meow:~-> grep -vE '^#|^;|^$' foo.confconfig argumentless, more, and most
Paging applications are a common feature of Unix and Unix-like operating systems. These tools allow the user to view a large amount of content, typically text, to be viewed one page at a time. In general, there are three such common tools, less, more, and most.
The more utility is the most ubiquitous of the three, being installed by default on every Unix, Linux, or other similar system I have used for the past 20 years. Being the first paging utility, the more utility's general functionality is limited. When output from a file or pipe contained more content than what could be displayed on a single screen, the content would be paged.
Scrolling down through the content was possible either a line at a time, using a down arrow key press, or a full page/window at a time with a press of the spacebar. Scrolling back up was not supported:
In 1983, Mark Nudelman authored the less utility specifically for backward scroll capability. It was released in May, 1985, via the newsgroup net.sources. Many features have been added to less, including pattern match highlighting and vi-like movement through the stream. To date, there have been over 450 released updates.
Modern Unix and Linux systems typically ship just the less utility now, with more being a hard-link to the less binary. When executed this way, less operates in a compatibility mode similar to more. This behavior can also be evoked by setting the environment variable LESS_IS_MORE.
The final pager of note is most, which operates similar to less, but adds the capability for multiple windows within a single terminal session. The most pager also appears to support color escape sequences better than less. The following screenshot shows most displaying two windows, one with the less man page and the other with the most man page:
There are packages for most available for FreeBSD, macOS X, and Linux, but the latest release of most was in 2007, and the development seems to have stalled entirely. The windowed features can be replaced with other tools such as tmux and screen, which fall outside the scope of this book.
Note
Project pages for the less and most utilities can be found at the following paths:
Regular expressions
Regular expression (regex) is a syntax that can be leveraged with string or pattern matching. There are already troves of other books and online guides about constructing quality regular expressions, but some basic syntax here will get you started in your troubleshooting endeavors.
This book will primarily use regular expressions in conjunction with the grep utility described earlier. Coupling regex with grep
