上QQ阅读APP看书,第一时间看更新
In this chapter, we will cover:
- Shortest setup possible
- OpenVPN secret keys
- Multiple secret keys
- Plaintext tunnel
- Routing
- Configuration files versus the command-line
- IP-less configurations
- Complete site-to-site setup
- 3-way routing
The recipes in this chapter will provide an introduction into configuring OpenVPN. The recipes are based on a point-to-point style network, meaning that only a single client can connect at a time.
A point-to-point style network is very useful when connecting to a small number of sites or clients. It is easier to set up, as no certificates or Public Key Infrastructure (PKI) is required. Also, routing is slightly easier to configure, as no client-specific configuration files containing --iroute statements are required.
The drawbacks of a point-to-point style network are:
- The lack of perfect forward secrecy— a key compromise may result in a total disclosure of previous sessions
- The secret key must exist in plaintext form on each VPN peer