OpenVPN Lezing NLUUG Voorjaarsconferentie 2014 Jan Just...
Transcript of OpenVPN Lezing NLUUG Voorjaarsconferentie 2014 Jan Just...
J.J. KeijserNikhefAmsterdam
OpenVPN LezingNLUUG Voorjaarsconferentie 2014
Jan Just KeijserNikhef
15 Mei 2014
J.J. KeijserNikhefAmsterdam
Werkzaam als 'grid system engineer' sinds 2005
Werkzaam in de ICT sinds 1995“Ontdekte” OpenVPN in 2004Sindsdien OpenVPN gebruikt en ondersteuning
voor verleend IT interesses: open source, netwerken, VPNs,
beveiliging, openssl, socat, manycore/multicore programmeren
Over mezelf
J.J. KeijserNikhefAmsterdam
OpenVPN 2 Cookbook, 2011
J.J. KeijserNikhefAmsterdam
What is a VPN? Types of VPNs What is OpenVPN? OpenVPN protocol Modes of operation: preshared keys, certificates,
'tun' vs 'tap', bridging Routing Smart card support Scripting and plugins Other features Weaknesses Future work Summary
Outline
J.J. KeijserNikhefAmsterdam
What is a VPN?
Internet / WAN
NAT&Firewall Firewall&NAT
Without the use of a VPN…
Server
Your TROL (Typical Remote Office Layout)
Client
J.J. KeijserNikhefAmsterdam
What is a VPN?
Internet / WAN
NAT&Firewall Firewall&NAT
Using a VPN…
Server
VPN Setup
Client
J.J. KeijserNikhefAmsterdam
Types of VPNsWeb based: Proxies, SOCKSSolutions based on SSHPPTP based: Microsoft PPTP VPN client IPSec based: OpenS/WAN, raccoon IPSec+L2TP based: Microsoft L2TP VPN clientSSL based: OpenVPN
J.J. KeijserNikhefAmsterdam
Virtual network adapterMost VPNs use the concept of a Virtual Network
Adapter. This allows for:◦ Separate IP address;
◦ Control over the routing and protocols allowed over the VPN.
The Virtual Network Adapter is the interface between the VPN client (or server) software and the Operating System.
Virtual Network Adapter
Ethernet1
23
VPN client
J.J. KeijserNikhefAmsterdam
Web-based VPNsAlso known as “clientless VPNs”
Work only with web-based applications
Basically, a souped-up Secure Proxy server or SOCKS server
The VPN never leaves the “sandbox” of the webbrowser:
HTTPSencrypted traffic
Ethernet 1 Web browser
VPN applet
J.J. KeijserNikhefAmsterdam
SSH-based solutions Not a true VPN – tunnelling of specific TCP ports only
Client and server software available for nearly every platform
OpenSSH includes SOCKS server support, allowing more flexible tunnels
SSH Tunnel
hostA:80
hostB:23127.0.0.1:8080127.0.0.1:1200
127.0.0.1 port 8080
127.0.0.1 port 1200
hostA port 80 (http)
hostB port 23 (telnet)
J.J. KeijserNikhefAmsterdam
Web&SSH Pro's and con'sPro’s:
◦ Client software for nearly all platforms;
◦ Uses standard TCP traffic so no NAT’ting issues;
◦ Easy to configure.
Con’s:
◦ Web-based (TCP, HTTPS) only;
◦ Not easy to share local data with remote site/server;
◦ Not a true VPN solution.
J.J. KeijserNikhefAmsterdam
PPTP: the Microsoft solution
PPTP adapter
Ethernet1
23
VPN client
GREencrypted traffic
Developed by Microsoft and Ascend (RFC2637) Authentication using username/password
OR X.509 certificates (EAP-TLS) Runs over single TCP port and GRE tunnels (protocol 47) Frequently used for ADSL ethernet modems Interface to OS through PPTP adapter:
J.J. KeijserNikhefAmsterdam
PPTP: Pro's and con'sPro’s:
◦ Client built into Microsoft platform;
◦ Other platforms supported for both client and server: Linux; FreeBSD/OpenBSD/NetBSD;
Macintosh OS X.
Con’s:
◦ PPTP considered fundamentally insecure;
◦ Secure version (EAP-TLS with X.509 certificates) supported fully only on Windows;
◦ GRE tunnelling does not work well with NAT’ting devices.
J.J. KeijserNikhefAmsterdam
IPsec Official IEEE/IETF standard voor IP security (RFC2411)
Operates at Level2/Level3 of IP stack
Part of IPv6 specification
Introduces the concept of Security Policies
Uses Encapsulated Security Payload (ESP, IP protocol 50) for payload security, Hash-based Message Authentication Code (HMAC) for integrity
Authentication using X.509 certificates or pre-shared keys
Two modes supported:
◦ Transport mode;
◦ Tunnelling mode;
J.J. KeijserNikhefAmsterdam
IPsec+L2TP Developed by Microsoft and Cisco Systems (RFC3193) Utilizes IPSec Transport mode Authentication using X.509 certificates or pre-shared
keys, in combination with a username/password Uses both UDP ports 500 and 4500 as well as ESP
(protocol 50) Interface to OS through L2TP adapter:
L2TP adapter
3
L2TP clientIPSec
Ethernet
IPsecencrypted traffic
2
1
J.J. KeijserNikhefAmsterdam
IPsec: Pro's and con'sPro’s:
◦ Industry standard;
◦ Good platform support, including ADSL and Wifi routers;
◦ Security policies allow for a very modular approach.
Con’s:
◦ Configuration and troubleshooting can be difficult;
◦ Notoriously difficult to configure, especially in combination with NAT-Traversal (NAT-T);
◦ Server-side cannot be NAT’ted, often forcing the use of a DMZ;
◦ IPSec and NAT’ting devices do not go well together.
J.J. KeijserNikhefAmsterdam
OpenVPN: an SSL based VPN
tun/tap device
Ethernet1
23
OpenVPN
Uses TLS/SSL for payload security, HMAC for integrity
Authentication using X.509 certificates or pre-shared keys
UDP, TCP and SOCKS/HTTP Proxy support
Supports tunnelling (TCP/IP) and bridging (Ethernet) mode
Interface to OS through tun/tap device or TAP-Windows adapter:
UDP/TCPencrypted traffic
J.J. KeijserNikhefAmsterdam
OpenVPN: an SSL based VPN
Client/Server:◦ Linux
◦ FreeBSD/OpenBSD/NetBSD
◦ Solaris
◦ (AIX port in the works)
◦ Windows XP/Vista/7/8/8.1 32bit and 64bit
◦ MacOS X
Client only:◦ Android 4.0+
◦ iOS (not fully open source)
J.J. KeijserNikhefAmsterdam
What is OpenVPN?With OpenVPN, you can:◦ tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port,
◦ configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients,
◦ use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet,
◦ use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
◦ choose between static-key based conventional encryption or certificate-based public key encryption,
◦ use static, pre-shared keys or TLS-based dynamic key exchange,
◦ use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization,
◦ tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients,
◦ tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
◦ tunnel networks over NAT,
◦ create secure ethernet bridges using virtual tap devices, and
◦ control OpenVPN using a GUI on Windows or Mac OS X.
(from http://openvpn.net/index.php/open-source/333-what-is-openvpn.html)
J.J. KeijserNikhefAmsterdam
OpenVPN: some history Started in 2002 by James Yonan
First version only supported preshared keys and site-to-site connectivity
2004: OpenVPN 2.0
◦ X.509 certificates
◦ Multiple clients to same server 2009: OpenVPN 2.1
◦ PKCS#11 support (smartcards and hardware tokens)
◦ Windows Vista/7 support 2011: OpenVPN 2.2
◦ First community-built version 2014: OpenVPN 2.3.4
◦ IPv6 support, TLSv1.2 support
J.J. KeijserNikhefAmsterdam
OpenVPN protocol In SSL/TLS mode two channels are used:◦ A reliable control channel for exchanging SSL/TLS
information and keys
◦ A data channel for transporting actual payload. In UDP mode this channel is secure, but not reliable
Each encrypted packet is formatted as follows:◦ HMAC(explicit IV, encrypted envelope)
◦ Explicit IV
◦ Encrypted Envelope
The content of the encrypted envelope is formatted as follows:◦ 64 bit sequence number
◦ payload data, i.e. IP packet or Ethernet frame
J.J. KeijserNikhefAmsterdam
Modes of operation
OpenVPN supports several modes of operation: Preshared static keys
Authentication using X509 certificates
Authentication using username+password
Tunnelling mode (point-to-point, aka 'tun')
Ethernet mode (aka 'tap')
Ethernet bridging
J.J. KeijserNikhefAmsterdam
Basic static key exampleFirst, generate a static key:$ openvpn --genkey --secret secret.key
Transfer the key to the remote end using a secure channel (e.g. scp)
Start the server/listener:$ openvpn --ifconfig 10.200.0.1 10.200.0.2 \
--dev tun --secret secret.key
And connect to it using the client:$ openvpn --ifconfig 10.200.0.2 10.200.0.1 \
--dev tun --secret secret.key \
--remote openvpnserver.example.com
J.J. KeijserNikhefAmsterdam
Setting up a PKIPKI: Public Key Infrastructure◦ Use public/private keypairs for cryptography
OpenVPN supplies 'easy-rsa' scripts, which are wrappers around 'openssl ca' commands
Other PKI solutions can also be used, provided they can supply PEM-encoded certificates and keys or PKCS#12 formatted files
Example usage of 'easy-rsa':
$ <edit vars file>
$ . ./vars
$ ./clean-all
$ ./build-ca
$ ./build-key-server <servername>
$ ./build-key <clientname>
J.J. KeijserNikhefAmsterdam
Basic X.509 example (server)proto udp
port 1194
dev tun
server 10.8.0.0 255.255.255.0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
persist-key
persist-tun
keepalive 10 60
user nobody
group nobody
J.J. KeijserNikhefAmsterdam
Basic X.509 example (client)client
proto udp
remote openvpnserver.example.com
port 1194
dev tun
nobind
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
J.J. KeijserNikhefAmsterdam
X.509 example (server, ipv6)proto udp6
Port 1194
dev tun
server-ipv6 2001:db8:123::/64
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-auth ta.key 0
persist-key
persist-tun
keepalive 10 60
user nobody
group nobody
J.J. KeijserNikhefAmsterdam
Network topologiesOpenVPN 2.1 introduced a new keyword topology subnet
Previously, each client was assigned a miniature /30 network:◦ Server uses 10.8.0.0-10.8.0.3
◦ First client is assigned 10.8.0.4-10.8.0.7
◦ Second client is assigned 10.8.0.8-10.8.0.11, etc. 10.8.0.4 /30 network address
10.8.0.5 remote endpoint (virtual)
10.8.0.6 actual client VPN IP
10.8.0.7 /30 broadcast address
With 'topology subnet' each client is assigned only a single IP address: 10.8.0.2, 10.8.0.3, etc.
J.J. KeijserNikhefAmsterdam
'tun' versus 'tap'OpenVPN supports two transport modes:◦ 'tun' mode:
Create a mini point-to-point connection to each client
The headers of each incoming packet are stripped and new headers are added
Can support IP protocols only (TCP, UDP, ICMP, IPsec, GRE)
◦ 'tap' mode: Pass full ethernet frames between client and server Great for supporting non-IP protocols Slightly higher overhead Server and clients form a single broadcast domain
J.J. KeijserNikhefAmsterdam
Bridging 'tap' mode allows the creation of a full Ethernet
bridge:◦ A regular network interface and a 'tap' interface are
bridged
◦ All traffic which enters on one interface is copied out to the other interface
◦ Result: the LAN and the VPN form a single broadcast domain - great for multi-player gaming!
◦ A second advantage is that the VPN clients can be incorporated almost fully into the server-side LAN (e.g. can use the same DHCP server)
◦ Downside: performance! Even the throughput speed of the LAN interface is affected, as all incoming traffic is ALWAYS copied over to the 'tap' interface
J.J. KeijserNikhefAmsterdam
Bridging example (server)proto udp
port 1194
dev tap0
server-bridge 10.8.0.100 255.255.255.0 10.8.0.101 \
10.8.0.140
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
persist-key
persist-tun
keepalive 10 60
user nobody
J.J. KeijserNikhefAmsterdam
Routing and masquerading A VPN is one thing, routing traffic over it is another 80+ % of all OpenVPN support questions are about routing Most commonly used trick (on Linux servers)
$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ iptables -i FORWARD -i tun+ -j ACCEPT
$ iptables -i FORWARD -o tun+ -j ACCEPT
$ iptables -t nat -I POSTROUTING -o eth0 \
-j MASQUERADE
J.J. KeijserNikhefAmsterdam
Smart card support
What is a smartcard?
Card or USB token with miniature Operating System The Smartcard contains the private key, which can never be
copied off the card All keying information necessary for establishing a secure
connection is generated on the card
J.J. KeijserNikhefAmsterdam
Smart card support Two factor authentication: you can connect to my
system based on something you KNOW (a password) and something you HAVE (hardware token or smart card)
OpenVPN supports the PKCS#11 interface Any smart card or hardware security device with a PKCS#11
interface can be used (in theory...) However: PKCS#11 support on Linux (and MacOS) is far from
perfect Known to work:
◦ Aladdin eToken PRO (now SafeNet)
◦ Feitian ePass
J.J. KeijserNikhefAmsterdam
PKCS#11 example (client)client
proto udp
remote openvpnserver.example.com
port 1194
dev tun
nobind
ca ca.crt
pkcs11-providers etpkcs11.dll
pkcs11-id "Aladdin\\x20Ltd\\x2E/eToken/001a0ab6/Jan\\x20Just\\x20Keijser/39453945373335312D333545442D343031612D384637302D3238463636393036363042303A30"
tls-auth ta.key 1
J.J. KeijserNikhefAmsterdam
Scripting (1)OpenVPN offers several ways to influcence what
happens when a client connects or disconnects, both on the server side and on the client side
On the client side the following scripts are run when the client connects:◦ 'up' : when the virtual interface is brought up
◦ 'route-up': when routes need to be added to the local routing tables
Similarly, when the client disconnects:◦ 'down' : when the virtual interface is taken down
J.J. KeijserNikhefAmsterdam
Scripting (2)On the server side the following scripts are run when
a client connects:◦ 'client-connect' : allows you to write out configuration
statements which are pushed out to the client
◦ 'learn-address add'
◦ 'tls-verify': verify the entire certificate chain of the client
◦ 'auth-user-pass-verify': allows for authentication using username and password
Similarly, when the client disconnects:◦ 'learn-address delete'
◦ 'client-disconnect'
J.J. KeijserNikhefAmsterdam
Scripting example (server)...
script-security 2
# run when server starts and shuts down
up sample-script.sh
route-up sample-script.sh
down sample-script.sh
# run when a client connects or disconnects
client-connect sample-script.sh
client-disconnect sample-script.sh
learn-address sample-script.sh
tls-verify sample-script.sh
auth-user-pass-verify sample-script.sh via-env
J.J. KeijserNikhefAmsterdam
PluginsNext to scripts, OpenVPN can also be extended
using pluginsPlugins can be inserted at almost all points where
scripts are runMost common plugins are◦ auth-pam: for authentication users using PAM;
◦ down-root: for running a command as root when openvpn shuts down.
Why would you use a plugin?◦ Speed: plugins are run in a separate thread
◦ Security: it's easy to make a mistake in a script which can be exploited.
J.J. KeijserNikhefAmsterdam
Other featuresDifferent cipher algorithms for encryptionDifferent signing algorithms for HMAC signingOn-the-fly compression using 'lzo'Connect via a SOCKS proxyConnect via an HTTP proxyShare a VPN server with an HTTPS server on the
same IP and portManagement interface (on both client and server):◦ View connected clients;
◦ View statistics;
◦ Disconnect clients.
J.J. KeijserNikhefAmsterdam
WeaknessesMonolithic design: both a strength and a weakness,
but does affect scalabilityThroughput over gigabit+ links
J.J. KeijserNikhefAmsterdam
What's wrong @ Gigabit speed?
J.J. KeijserNikhefAmsterdam
Future developmentsA grand, completely modular redesign is being
worked on (OpenVPN 3.0) Improve negotiation capabilities between client and
server; make client configuration as minimal as possible
Add ability to 'mimick' HTTPS traffic for ducking firewalls
New transport protocols next to UDP and TCP:◦ sctp
◦ ICMP
J.J. KeijserNikhefAmsterdam