====== VPN ======
------------------------------------------------------------------------------------------------------------------------------------------------\\
====== VPN Command for Linux ======
openvpn --verb 9 --dev tun0 --config /etc/openvpn/client.conf
====== VPN Information and Setup ======
[[http://openvpn.net/index.php/open-source.html|OpenVPN Community]]
[[http://en.opensuse.org/Yet_another_OpenVPN_bridged_mode_setup_howto|OpenVpn Bridged]]
[[http://www.jacco2.dds.nl/networking/freeswan-panther.html|OpenSwan and Mac]] and
[[http://www.jacco2.dds.nl/networking/freeswan-l2tp.html]]
[[http://lists.openswan.org/pipermail/users/2009-July/017098.html|Connection Drops]]
[[http://akutz.wordpress.com/2007/12/09/connecting-to-openswan-with-os-x-leopard-1051/|Connecting discussion]]
[[http://articles.techrepublic.com.com/2415-1035_11-163244.html|Microsoft provides Mac users with a free Remote Desktop Connection Client For Mac application]]
[[http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=225753&messageID=2253813&tag=content;leftCol|OpenVPN and the Tunnelblick]]
[[http://lists.openswan.org/pipermail/users/2008-April/014479.html|[Openswan Users] Mac OS X can't connect to Openswan server (Linux Kernel 2.6)]]
[[http://wiki.openswan.org/index.php/Interop/InteroperatingMac|Interoperating: Mac OS X]]
====== Ciphers ======
[[http://people.mandriva.com/%7Eybourhis/openvpn/index.html|http://people.mandriva.com/ybourhis/openvpn/index.html]]
The following ciphers and cipher modes are available
for use with OpenVPN. Each cipher shown below may be
used as a parameter to the --cipher option. The default
key size is shown as well as whether or not it can be
changed with the --keysize directive. Using a CBC mode
is recommended.
DES-CBC 64 bit default key (fixed)
IDEA-CBC 128 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
RC5-CBC 128 bit default key (variable)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-192-CBC 192 bit default key (fixed)
AES-256-CBC 256 bit default key (fixed)
====== openVPN ======
* Throughput/Performance
* VPNs require encryption/decryption of traffic and that takes CPU cycles.
* One of the important measures of a VPN is its throughput or the amount of data is can pass before it is unable to keep up with the decrypt/encrypt activities. With hardware VPNs this is an easy number to find, but with software products like OpenVPN, your throughput will depend a lot on your hardware.
* For this document, OpenVPN was tested with a **Pentium III 1Ghz machine with 512K** RAM running Gentoo Linux.
* The other end of the tunnel was a Pentium IV 2.7 GHz machine running Windows XP.
* The link between these two machines max's out at **3 Mbps** and OpenVPN was able to keep up with this load without any degradation in throughput.
* The processor loads on both sides were miniscule and while one should not expect OpenVPN to scale linearly, it should handle enough throughput to service most small to medium-sized implementations, and with load balancing or more serious hardware, it could handle many larger implementations as well.
* Additionally, there is the very real possibility that OpenVPN can benefit from the myriad of hardware SSL accelerator cards out there as it is using the standard SSL/TLS functions. (Check the OpenVPN user mailing list for more information).
* OpenVPN does not have a hard limit to the number of tunnels it can sustain.