Feilner's OpenVPN a Good Read - With One Caveat

Posted by dcparris on Dec 15, 2006 7:44 AM EDT
LXer Reviews; By D.C. Parris
Mail this story
Print this story

LXer Feature: 15-Dec-2006

Markus Feilner's book, OpenVPN is an excellent book for experienced administrators. While newbie admins will learn plenty, there is one important caveat.

In taking the opportunity to review OpenVPN, from Packt Publishing, I decided to venture into the land of the serious networking gurus for the first time. I have done the basics with Apache, MySQL, PostgreSQL, and SSH. But I have never gotten into all the security certificates, or tried out things like Virtual Private Networking. However, I run a 10-box LAN, and decided to make good use of that computing power by implementing the OpenVPN solution. What better way to review a book?



The criteria for judging the book is whether I can understand and follow the instructions. If a book says, "that steps 1, 2, & 3 will produce a given result, then that's what I expect to see happen. If it doesn't, I may or may not be lost, depending on my experience to that point. In this case, I have no real experience with either SSL or OpenVPN, or other VPN solutions. I did, once upon a time, take a class that covered IPSec/PPTP, but that's been a while, and the job that was supposed to follow the class never materialised. I think in hacker's terms, it would read something to the effect of un-used == forgotten.

Presentation

Feilner's presentation of the information is fairly sensible, for the most part. Feilner moves logically from a brief, yet thorough background behind the development of VPN solutions to installing and configuring a test VPN setup. He moves through a certificate-based, client-server configuration to using OpenVPN on the command-line. He then moves on to discussing security issues and advanced certificate management. He even includes a chapter on troubleshooting and monitoring your OpenVPN solution.



The book is aimed at administrators who working in a mixed-OS environment. He covers BSD, GNU/Linux, Mac, and Windows, with a focus on Debian GNU/Linux and Windows. He also discusses installing OpenVPN on Fedora Core and SUSE, and covers how to compile from source, when all else fails. Once OpenVPN is installed, it's pretty much the same across *NIX systems. Most chapters cover the Windows portions first, then move onto the Linux/Mac aspects. Again, very sensible for admins in a mixed-OS environment.



Troubleshooting and Syntax

I do have two gripes about the book. In the chapter covering installation, Feilner offers a section on troubleshooting and advanced installation methods. Instead of real troubleshooting, he offers plenty of advanced installation methods. Why not just call it advanced installation methods? Similarly, the chapter on troubleshooting and monitoring focuses on the monitoring. When I think of troubleshooting, I think of, "well this symptom might be caused by that problem". Perhaps the problem lies in the translation, as Feilner is German.

My other gripe has to do with what is probably an oversight on the command used to build the client certificates on page 124. Feilner has already walked us through building the server certificate with the command './build-key-server openvpn-server'. He then uses the same command in the example for building the client certificates. Let me tell you, with little or no experience using SSL certificates, I spent two days on a wild goose chase over something that one wrong command.



The only response to my question about the error messages on the OpenVPN mailing list asked where I was creating the certificates. While the response was on-target, I dismissed it since I had created all certificates on the server. Since the other guy couldn't possibly have realized I had used the wrong command to create the certificate, I was left to figure it out for myself. I found one of those famous web tutorials that people say you can't get anything out of, and saw the correct command syntax for creating the client certificates (./build-key client1). In a mere two seconds, my problem was solved.



Still, It's a Good Bbook

Despite my experience with the SSL certificate routine, it's a great book overall. More experienced administrators would have spotted the oversight immediately (or even overlooked it themselves), and known the correct command and syntax to use. And that's my point. This book is fantastic for experienced administrators. I actually learned an awful lot from this book, and look forward to taking my new-found skill to the next level. So, newbies shouldn't shy away, especially now that they know the one caveat. Meanwhile, I'm keen on reviewing books on OpenLDAP. Any takers?

  Nav
» Read more about: Story Type: LXer Features, Reviews; Groups: Community, Linux

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.