Openswan: Building and Integrating Virtual Private Networks: Learn from the developers of Openswan how to build industry standard, military grade VPNs ... with Windows, MacOSX, and other VPN vendors (Paperback)

~ Paul Wouters (Author), Ken Bantoft (Author)

Editorial Reviews

Product Description

Learn from the developers of Openswan how to build industry standard, military grade VPNs and connect them with Windows, MacOSX, and other VPN vendors

• Learn everything you need to know about Openswan from its core developers
• Build VPNs that interoperate with Windows, MacOS, and other network vendors
• Build your own secure hotspots

In Detail

With the widespread use of wireless and the integration of VPN capabilities in most modern laptops, PDA's and mobile phones, there is a growing desire for encrypting more and more communications to prevent eavesdropping. Can you trust the coffee shop's wireless network? Is your neighbor watching your wireless? Or are your competitors perhaps engaged in industrial espionage? Do you need to send information back to your office while on the road or on board a ship? Or do you just want to securely access your MP3's at home? IPsec is the industry standard for encrypted communication, and Openswan is the de-facto implementation of IPsec for Linux.

Whether you are just connecting your home DSL connection with your laptop when you're on the road to access your files at home, or you are building an industry size, military strength VPN infrastructure for a medium to very large organization, this book will assist you in setting up Openswan to suit those needs.

The topics discussed range from designing, to building, to configuring Openswan as the VPN gateway to deploy IPsec using Openswan. It not only for Linux clients, but also the more commonly used Operating Systems such as Microsoft Windows and MacOSX. Furthermore it discusses common interoperability examples for third party vendors, such as Cisco, Checkpoint, Netscreen and other common IPsec vendors.

The authors bring you first hand information, as they are the official developers of the Openswan code. They have included the latest developments and upcoming issues. With experience in answering questions on a daily basis on the mailing lists since the creation of Openswan, the authors are by far the most experienced in a wide range of successful and not so successful uses of Openswan by people worldwide.

What you will learn from this book?

Chapter 1 presents some historical context of IPsec and Openswan, and discusses the legal aspects about using and selling cryptography such as Openswan, and discusses some of the aspects of weighing encryption privacy and law enforcement.

Chapter 2 explains in non-mathematical terms how the IPsec protocols work. It is written especially with the system administrator in mind, and should appeal to both experts and beginners in the world of cryptography.

Chapter 3 contains all you need to know to install Openswan on your Linux distribution. It covers installing available binary packages, as well as how to build Openswan from source. It also guides you through the options your kernel needs to support, and helps you choose between the two IPsec stacks that are currently available - KLIPS and NETKEY.

Chapter 4 is a step by step tutorial on how to configure the most common type of VPN connections using Openswan. These include net-to-net, host-to-net, roaming users and head office to branch offices. In other words, all the possible Openswan-to-Openswan connections. It also discusses commonly deployed third party scenarios, including Cisco implementations using Aggressive Mode and XAUTH with Openswan as the IPsec client.

Chapter 5 introduces X.509 certificate based authentication for IPsec. It explains how X.509 certificates work, how to generate them for Linux, Windows and MacOSX clients, and how to run your own Certificate Agency.

Chapter 6 explains the Openswan feature called Opportunistic Encryption ("OE"). This method of allows one to automate host-to-host encryption for machines without any specific configuration by the end-user. Using OE, anyone can use IPsec protected connections to your servers without even realizing they are using IPsec. The goal of OE is to make IPsec the de-facto standard for all communication on the internet.

Chapter 7 goes right down to the packet level and discusses common problems that you might face on your IPsec gateway. These include special firewalling rules, handling broken IPsec implementations and the various MTU related issues that can come up.

Chapter 8 discusses IPsec from the two most popular end-user Operating Systems: Microsoft Windows and Apple MacOSX. It helps you decide on whether you would prefer X.509 certificate based IPsec, or the less complex L2TP/IPsec. It has a step by step guide on how to setup L2TP on your Openswan VPN server. It also explains how to configure X.509 or L2TP on your Microsoft Windows or Apple MacOSX clients, and includes all the screenshots to guide your way. It closes with a description on how to configure commonly used third-party software packages for Openswan.

Chapter 9 deals with getting Openswan to properly interoperate with third party IPsec VPN servers such as Cisco, Checkpoint, Netscreen, Watchguard and various DSL based modem/router appliances commonly used by end-users.

Chapter 10 explores how to use IPsec to encrypt all traffic between local machines. It specifically focuses on 802.11 type wireless connections, but it applies in general to all LAN based computers. It discusses the Xelerance designed IPsec deployment scenario called WaveSEC: the implementation used at IETF, BlackHat and DefCon to encrypt their wireless networks.

Chapter 11 discusses the advanced use of Openswan. It discusses how to setup a proper fail-over VPN server with Openswan, and discusses large enterprise deployments bottlenecks, as well as how to deal with BGP and OSPF using IPsec and Openswan.

Chapter 12 is the culmination of two years of end-user support on the public mailing lists. It discusses the common mistakes and issues that people who are not working with IPsec on a daily basis tend to run into. Unless you are doing something extremely specific to your particular setup, your problem will be shown in this chapter, along with the explanation of what went wrong and how to remedy your situation.

Appendix A is our last minute update to the current events of Openswan. It discusses bleeding edge Linux kernel issues, the latest security vulnerabilities and upcoming features for end-users and developers that did not exist when the authors were writing the bulk of this book. It also discusses known but unsolved bugs existing at the time this book went to the printer.

Who this book is written for?

Network administrators and any one who is interested in building secure VPNs using Openswan. It presumes basic knowledge of Linux, but no knowledge of VPNs is required.

About the Author

Ken Bantoft

Ken Bantoft started programming in 1988, and successfully avoided doing it as a full time job until 2002. He opted instead to focus on Unix, Networking, and Linux integration.

Beginning at OLS2002, he started working alongside the FreeS/WAN project, integrating various patches into his own fork of their code - Super FreeS/WAN, which is now known as Openswan.

He currently lives in Oakville, ON, Canada, with his wife Van, two cats and too many computers.

Ken started working for Xelerance in 2003 where he works mostly on IPsec, BGP/OSPF, Asterisk, LDAP and Radius.

Paul Wouters

Paul Wouters has been involved with Linux networking and security since he co-founded the Dutch ISP 'Xtended Internet' back in 1996, where he started working with FreeS/WAN IPsec in 1999 and with DNSSEC for the .nl domain in 2001.

He has been writing since 1997, when his first article about network security was published in LinuxJournal in 1997. Since then, he has written mostly for the Dutch spin-off of the German 'c't magazine', focusing on Linux, networking and the impact of the digital world on society.

He has presented papers at SANS, OSA, CCC, HAL, Blackhat and Defcon, and several other smaller conferences.

He started working for Xelerance in 2003, focusing on IPsec, DNSSEC, Radius and delivering trainings.

Product Details

• Paperback: 360 pages
• Publisher: Packt Publishing (February 13, 2006)
• Language: English
• ISBN-10: 1904811256
• ISBN-13: 978-1904811251
• Product Dimensions: 9.1 x 7.5 x 1.2 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 3.3 out of 5 stars  See all reviews (3 customer reviews)
• Amazon.com Sales Rank: #608,780 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

8 of 8 people found the following review helpful:

5.0 out of 5 stars Complete Guide for Installing and Configuring Openswan, March 31, 2006

By	Charles Rutledge (Atlanta GA) - See all my reviews (REAL NAME)

I bought this book to setup Openswan IPSec on Linux server that would connect to a Watchguard Firebox. Since the Linux distro was Slackware, I got to go through the entire build and setup procedure (which, dispite the author's distain for Slackware, was not as bad as seems). The book covers theory and operation of IPSec in general as well as the details of installing (from binary distributions and source tar balls) and configuring Openswan IPSec and overcoming the bumbs encountered getting it all running.

Included are details and problems of making Openswan work with other IPSec devices, such as Watchguard (in my case), Cisco and Microsoft's IPSec implementation. And when dealing with connecting to Microsoft, they deal with the problems you will encounter and how to work through them.

If you are planning to setup IPSec on a Linux server using Openswan, you'll want this book at your side to help guide you through the entire process.

2 of 2 people found the following review helpful:

3.0 out of 5 stars Okay book, but lots of gaps, March 8, 2007

By	Chris Stark "Linux Admin" (Honolulu, HI, US) - See all my reviews (REAL NAME)

After researching OpenSWAN on the Internet for several weeks, I kept running into this particular title. I figured it would be nice to have a desk reference for this software, as it is not exactly user-friendly, and the few web sites I was frequenting seemed to endorse the book. When the book arrived, my first impression was that it was a lot thinner than I would have expected. And for a good reason: there are not nearly enough configuration examples, and it seemed like an awful lot of steps were assumed as common knowledge. It's not that the book is a terrible book -- far from it. I would certainly recommend it to anyone wanting to attempt OpenSWAN. However, I would caution that it's not going to hold your hand through the setup, and you'll almost certainly need to supplement the book with examples and guides from the Web. Also, it's a bit on the pricey side considering the content (or lack thereof) -- for example, the monstrous "Official Samba HOWTO and Reference Guide" is comprehensive, enormous, and costs less -- it would have been nice if the Openswan book were a little more like that.

2.0 out of 5 stars Cryptic, February 14, 2008

By	S Kim (CA USA) - See all my reviews

Cryptic is the word to describe this book. When describing the protocols, the author couldn't decide how in-depth he should go. As a result, what you have is a very unbalanced treatment. Without more details, all the chapters on protocols are totally useless -- unless the reader is already very familiar with them. The author should have written in more detail or omitted the chapters on protocols totally.

Very wordy. No illustration. But this seems to be only book on Openswan. What a shame.