OpenVPN is a project that reminds me why I love open source software. I first read abut OpenVPN on the intertubes after looking for a secure, remote access solution for my church. The current setup there involves lots of Microsoft and all of the crappy and costly "solutions" that go along with it. The previous method of connecting to the church network entailed an RDP session to one windows computer. Only one user was allowed since the license level of the windows machine restricted the remote connections. Lovely. Insecure AND overpriced; what a combination.
Eager to displace any windows installation, I dove into looking for an open-source solution. I installed Ubuntu 6.0.6 LTS server onto an aging Dell machine and a couple of hours later, I had a working OpenVPN installation which bridged remote traffic onto the church network. This was fantastic. With the bridging option, that meant that things like Windows sharing and other broadcast programs would 'Just Work (tm)'.
I leaned heavily on OpenVPN's existing documentation along with a few fantastic tutorials for generating all of the keys. To simplify deployment, I wrote a script that automatically generates a new users keys and config files based on a template from the config samples.
Now, the goodies don't stop there. As I mentioned above, Windows is clearly in the picture at my organization and I knew I was going to need to have some way to provide access to the VPN for the windows users out there. As usual, someone in the open-source community had already done my work for me. Not only does OpenVPN work for windows, someone has created a solid GUI-based version _AND_ get this; they provide a method for generating custom OpenVPN installers which one can embed keys and configurations. This allowed me to bundle a version of OpenVPN and pre-configure the install to put the right config and keys where they need to be on the users system.
After deploying OpenVPN, we've gone from a single-user, windows-only remote access to supporting multiple connections from multiple platforms.
No comments:
Post a Comment