OpenVPN Guest Lecture OS3 System & Network Engineering Jan Just Keijser Nikhef 4 December 2019 J.J. Keijser Nikhef Amsterdam A few words about me Working as grid system engineer since 2005 Working in IT industry since 1995 “discovered” OpenVPN in 2004 Used and supported OpenVPN since then Author of the “OpenVPN 2 Cookbook” (2011), “Mastering OpenVPN” (2015, met Eric Crist) en “OpenVPN Cookbook - 2nd Edition” (2017) IT interests include open source, networking, VPNs, security, J.J. Keijser Nikhef openssl, socat, HPC/GPU computing Amsterdam What is a VPN? Your TROL (Typical Remote Office Layout) Client Internet / WAN NAT&Firewall Firewall&NAT Without the use of a VPN… J.J. Keijser Nikhef Amsterdam Server What is a VPN? VPN Setup Client NAT&Firewall Firewall&NAT Internet / WAN Using a VPN… J.J. Keijser Nikhef Amsterdam Server Types of VPNs Web based: Proxies, SOCKS Solutions based on SSH PPTP based: Microsoft PPTP VPN client IPSec based: OpenS/WAN, FreeS/WAN, StrongSwan, raccoon IPSec+L2TP based: Microsoft L2TP VPN client New kid: wireguard SSL based: OpenVPN J.J. Keijser Nikhef Amsterdam Virtual network adapter Most VPNs use the concept of a Virtual Network Adapter. This allows for: ◦ Separate IP address; ◦ Control over the routing and protocols allowed over the VPN. The Virtual Network Adapter is the interface between the VPN client (or server) software and the Operating System. 1 Ethernet VPN client J.J. Keijser 3 2 Nikhef Amsterdam Virtual Network Adapter Web-based VPNs Also known as “clientless VPNs” Work only with web-based applications Basically, a souped-up Secure Proxy server or SOCKS server The VPN never leaves the “sandbox” of the webbrowser: HTTPS encrypted traffic Ethernet 1 Web browser J.J. Keijser Nikhef VPN applet Amsterdam SSH-based solutions Not a true VPN – tunnelling of specific TCP ports only Client and server software available for nearly every platform OpenSSH includes SOCKS server support, allowing more flexible tunnels hostA:80 SSH Tunnel 127.0.0.1:8080 127.0.0.1:1200 hostB:23 J.J. Keijser 127.0.0.1 port 8080 hostA port 80 (http) Nikhef Amsterdam 127.0.0.1 port 1200 hostB port 23 (telnet) SSH-based solutions (2) Newer versions of OpenSSH include “tun” support Available only on Linux/*BSD Is a fully functional VPN, but does not scale well hostA SSH Tunnel tun0: 10.10.10.1 tun0: 10.10.10.2 J.J. Keijser hostB Nikhef Amsterdam Web&SSH Pro's and con's Pro’s: ◦ Cient software for nearly all platforms; ◦ Uses standard TCP traffic so no NAT’ting issues; ◦ Easy to configure. Con’s: ◦ Web-based (TCP, HTTPS) only; ◦ Not easy to share local data with remote site/server; J.J. Keijser ◦ Not a true VPN solution. Nikhef Amsterdam PPTP: the Microsoft solution Developed by Microsoft and Ascend (RFC2637) Authentication using username/password OR X.509 certificates (EAP-TLS) Runs over single TCP port and GRE tunnels (protocol 47) Frequently used for ADSL ethernet modems Interface to OS through PPTP adapter: GRE encrypted traffic 1 Ethernet VPN client J.J. Keijser 3 2 Nikhef Amsterdam PPTP adapter PPTP: Pro's and con's Pro’s: ◦ Client built into Microsoft platform; ◦ Other platforms supported for both client and server: Linux; FreeBSD/OpenBSD/NetBSD; Macintosh OS X. Con’s: ◦ PPTP considered fundamentally insecure; J.J. Keijser Nikhef ◦ Secure version (EAP-TLS) supported fully only on Windows; Amsterdam ◦ GRE tunnelling does not work well with NAT’ting devices. IPsec Official IEEE/IETF standard voor IP security (RFC2411) Operates at Level2/Level3 of IP stack Part of IPv6 specification Introduces the concept of Security Policies Uses Encapsulated Security Payload (ESP, IP protocol 50) for payload security, Hash-based Message Authentication Code (HMAC) for integrity Authentication using X.509 certificates or pre-shared keys Two modes supported: J.J. Keijser Nikhef Amsterdam ◦ Transport mode; ◦ Tunnelling mode; IPsec+L2TP Developed by Microsoft and Cisco Systems (RFC3193) Utilizes IPSec Transport mode Authentication using X.509 certificates or pre-shared keys, in combination with a username/password Uses both UDP ports 500 and 4500 as well as ESP (protocol 50) Interface to OS through L2TP adapter: IPsec encrypted traffic IPSec 1 Ethernet L2TP client J.J. Keijser 3 2 Nikhef Amsterdam L2TP adapter IPsec: Pro's and con's Pro’s: ◦ Industry standard; ◦ Good platform support, including ADSL and Wifi routers; ◦ Security policies allow for a very modular approach. Con’s: ◦ Configuration and troubleshooting can be difficult; ◦ Notoriously difficult to configure, especially in combination with NAT-Traversal (NAT-T); ◦ Server-side cannot be NAT’ted, often forcing the use of a DMZ; J.J. Keijser Nikhef ◦ IPSec and NAT’ting devices do not go well together. Amsterdam Wireguard: new kid on the block New protocol: no TLS, no SSL, no IPSec, no X.509 “WireGuard uses state-of-the-art cryptography, like the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and secure trusted constructions. “ Currently implemented as a Linux kernel module Platform support for Windows, MacOS, Android, iOS, Linux Userspace programs still severely lacking Works over UDP only: makes it harder to operate in a “hostile” environment J.J. Keijser Nikhef Amsterdam OpenVPN: an SSL based VPN Uses TLS/SSL for payload security, HMAC for integrity Authentication using X.509 certificates or pre-shared keys UDP, TCP and SOCKS/HTTP Proxy support Supports tunnelling (TCP/IP) and bridging (Ethernet) mode Interface to OS through tun/tap device or TAP-Win32 adapter: UDP/TCP encrypted traffic 1 Ethernet OpenVPN J.J. Keijser 3 Nikhef 2 Amsterdam tun/tap device What is OpenVPN? With OpenVPN, you can: ◦ tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port, ◦ configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients, ◦ use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet, ◦ use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library, ◦ choose between static-key based conventional encryption or certificate-based public key encryption, ◦ use static, pre-shared keys or TLS-based dynamic key exchange, ◦ use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization, ◦ tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients, ◦ tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules, ◦ tunnel networks over NAT, J.J. Keijser ◦ create secure ethernet bridges using virtual tap devices, and Nikhef Amsterdam ◦ control OpenVPN using a GUI on Windows or Mac OS X. (from http://openvpn.net/index.php/open-source/333-what-is-openvpn.html) OpenVPN: some history Started in 2002 by James Yonan First version only supported preshared keys and site-to-site connectivity 2004: OpenVPN 2.0 which supported X509 certificates, and client/server mode 2009: OpenVPN 2.1 which added PKCS#11 and Windows Vista/7 support 2011: OpenVPN 2.2 released: first community-built version 2013: OpenVPN 2.3 released: IPv6 support, PolarSSL/mbedTLS 2017: OpenVPN 2.4 released: AEAD (AES-GCM) support, TLS-Crypt, Windows 10 J.J. Keijser st Nikhef Latest release: Oct 31 2019: version 2.4.8 Amsterdam OpenVPN protocol In SSL/TLS mode two channels are used: ◦ A reliable control channel for exchanging SSL/TLS information and keys ◦ A data channel for transporting actual payload. In UDP mode this channel is not reliable Each encrypted packet is formatted as follows: ◦ HMAC(explicit IV, encrypted envelope) ◦ Explicit IV ◦ Encrypted Envelope The content of the encrypted envelope is formatted as follows: J.J. Keijser Nikhef ◦ 64 bit seQuence number Amsterdam ◦ payload data, i.e. IP packet or Ethernet frame Modes of operation OpenVPN supports several modes of operation: Preshared static keys AuthN using X509 certificates AuthN using username+password Tunnelling mode (point-to-point, aka 'tun') Ethernet mode (aka 'tap') J.J. Keijser Ethernet bridging Nikhef Amsterdam Basic static key example First, generate a static key: $ openvpn --genkey --secret secret.key Transfer the key to the remote end using a secure channel (e.g. scp) Start the server/listener: $ openvpn --ifconfig 10.200.0.1 10.200.0.2 \ --dev tun --secret secret.key And connect to it using the client: J.J. Keijser $ openvpn --ifconfig 10.200.0.2 10.200.0.1 \ Nikhef Amsterdam --dev tun --secret secret.key \ --remote openvpnserver.example.com Setting up a PKI OpenVPN supplies 'easy-rsa' scripts, which are wrappers around 'openssl ca' commands Other PKI solutions can also be used, provided they can supply PEM-encoded certificates and keys or PKCS#12 formatted files Example usage of 'easy-rsa': $ <edit vars file> $ . ./vars $ ./clean-all $ ./build-ca J.J. Keijser Nikhef $ ./build-key-server <servername> Amsterdam $ ./build-key <clientname> Basic X509 example (server) proto udp port 1194 dev tun server 10.8.0.0 255.255.255.0 ca ca.crt cert server.crt key server.key dh dh1024.pem tls-auth ta.key 0 persist-key persist-tun J.J. Keijser keepalive 10 60 Nikhef Amsterdam user nobody group nobody Basic X509 example (client) client proto udp remote openvpnserver.example.com port 1194 dev tun nobind ca ca.crt cert client.crt key client.key tls-auth ta.key 1 J.J. Keijser Nikhef Amsterdam Network topologies OpenVPN 2.1 introduced a new keyword topology subnet Previously, each client was assigned a miniature /30 network: ◦ Server uses 10.8.0.0-10.8.0.3 ◦ First client is assigned 10.8.0.4-10.8.0.7 ◦ Second client is assigned 10.8.0.8-10.8.0.11, etc.