Internet Windows Android
Expand
home

Openvpn technology. TAP-Windows Adapter V9 what is it and how to remove it? Deploying OpenVPN on Mikrotik



Lately everyone has been wondering about setting up a VPN. If previously system administrators, programmers and advanced users knew about the existence of VPN (Virtual Privat Network), now this abbreviation is on everyone’s lips. Everyone wants to set it up and use it to access blocked services or social networks. And some are simply curious what kind of animal this is. What exactly is this mysterious VPN? In a nutshell, using a VPN, a section of the network is created that only you can access. All information passes through the provider or some other third access point, but in encrypted form via a specially created virtual channel between the server and your computer. Then the server begins to surf the Internet on behalf of the user.

Thus, a “tunnel” is created between the computer and the server, in which all information is encrypted, and the provider does not understand which site the user is going to. Hackers won't be able to steal your data even when connected to public Wi-Fi, and your browsing history will only be available to you.

What is it needed forVPN

First of all, it is necessary for anonymous actions on the Internet, to hide your real IP address. For example, I don’t like the fact that any system administrator of my provider can, if desired, find out which sites I visit, what I buy, and most importantly, how and with what I pay. Also, everyone is concerned about the security and privacy of files. VPN protocols use several encryption protocols (MD5-HMAC, RSA) and 2048-bit keys allow paranoid encryption of all data.

VPN services can be used to bypass blocking by a provider or system administrator on various websites and social networks. Some services restrict access in your country or provide discounts/privileges/bonuses only in specific countries. A VPN connection will help you become a resident of this country and use the service for your pleasure. But what makes me most happy is the possibility of effective traffic compression, which allows us to compensate for losses and sometimes even speed up the connection.

Why did I choose OpenVPN?

When the question arose that I needed a paid VPN connection protocol, I decided to read a little about such a service, went around websites and forums, asked friends, acquaintances, and system administrators. Most of them praised OpenVPN.

After almost 2 years of use, I was convinced that they were right. The VPN connection protocol works smoothly, stable and secure. An important advantage is the availability of mobile client applications for Android, iOS, Windows 10 Mobile. There is even an option to use it without installing a client, using the standard VPN settings in Windows 10. The most important thing is that my files are encrypted. OpenVPN has never let me down yet. And if you have a home server, this is one of the main advantages when choosing a VPN client. And the price is quite reasonable. High quality technical support.

Setting up an OpenVPN client for Windows 10

We will need the client installation file, which is easy to find at .

It is important to choose an installer that matches your system bit size.

Once your PC downloads the installer, launch it and follow the simple instructions. The installation itself is very simple and straightforward. Basic knowledge of English is sufficient.

A program shortcut will appear on the desktop of your device. Right-click on it and go to the Properties section. And there click on the Advanced option. We need to allow the client to run as administrator. A couple of manipulations and you're done.

Now you need to go to Explorer. Having walked the path C:\ProgramFiles\OpenVPN open the folder config and extract files with the extension from the archive received by email when purchasing a subscription, or from the archive downloaded from your personal account .ovpn

Now all that remains is to launch the OpenVPN client again and connect to the desired server. A few seconds and you will have a VPN connection, for example, to a location in Luxembourg.

As you can see, nothing complicated. But many probably asked themselves questions: “Where can I get the files? How to buy them? Isn’t that expensive?”

To do this, you need to register on the site, which is very easy and simple.

Then you should go to the My licenses section

and make a purchase. True, you can buy at least 10 OPenVPN clients, which will cost you only $150 per year. Agree, it’s not that expensive.

It is worth noting that there is also a free version of OpenVPN. Visit the link freeopenvpn.org/.

Select the VPN server you like from the list, download it in the format .ovpn. Launch the OpenVPN client and connect to the server of your choice. Just be prepared for the fact that the free VPN server is advertising, insecure, and there is no encryption.

What are the alternatives to OpenVPN?

Lately there have been a lot of VPN solutions on the market, both paid and free. Before OpenVPN, I used Hotspot Shield, which also has a free version and an extension for the Google Chrome browser. I didn’t like the free version because it always pestered me with messages that they have an Elite version, which is supposedly the best in the world, etc. Although from personal experience I will say that this VPN service often slowed down in operation, there was very little protection and poor encryption. The base of available IP addresses is small.

You should also pay attention to NordVPN. It has quite high speed and safety. NordVPN operates in the jurisdiction of Panama, its network includes 559 servers located in 49 countries. The servers support a range of settings for encryption and special uses - such as file sharing or streaming media content. The service supports up to 6 simultaneous connections, so you can connect all your devices at once.

Quite popular among advanced users is the Zenmate VPN service, which is of German origin. Quite high quality, fast in the paid version, convenient protection and encryption. There is a free extension for browsers, but there are only 5 free channels. Therefore, it is inconvenient to use. Plus, it requires registration, and then pesters you with newsletters with advertising and offers to buy the commercial version.

Many people have probably heard and read in recent days about the TunnelBear VPN service with the logo of a cool bear cub. It also has a free version, although with limited traffic of only 500 MB per month. Very easy to operate, easy to turn on and off with one click. But a friend has a paid version of TunnelBear and he always complains that the connection speed drops significantly, sometimes by 5 times or more. I contacted the support center, where they replied that this was due to the protection they provide.

Bottom line

As you can see, there are quite a few VPN services on the market. If you need to somehow hide your IP address in order to use services that are prohibited or have limited access to us, then feel free to buy a VPN protocol. It all depends on your desire and financial capabilities. When it comes to free VPNs, remember that you have to pay for everything. As one of my friends says: “Free doesn’t mean nothing.”

The more states try to control the Internet and establish their own censorship there, the more popular various bypass services are gaining. One of the free solutions for organizing private virtual systems is OpenVPN. You can use one of the servers already deployed on the network or deploy the software on your own system.

In one of the previous articles we looked at. In this article, we will dwell in more detail on setting up a connection to the server using various programs in Linux and Android, and also try to understand how this service works.

You already know that the program organizes a virtual network between computers and all data on this network is encrypted and inaccessible to users outside it. To achieve this goal, the program creates a virtual device tun0 in the system. This is the same interface as eth0 or wlan0, it has its own IP address. All traffic that is transmitted to this interface is encrypted and transferred to the virtual network.

Therefore, to transmit traffic through OpenVPN, it will be enough to add several rules that will force traffic to go through the tun0 interface.

How to use OpenVPN on Linux

First, let's look at how to connect to OpenVPN from Ubuntu or any other Linux distribution through the terminal. Let's say you downloaded the .ovpn server configuration file and want to connect to this network. To do this you need to install the openvpn client:

sudo openvpn ~/Downloads/config.ovpn

After this, the terminal window cannot be closed, and if the OpenVPN server was configured correctly, then it has already transferred the correct routes to the machine and your traffic goes through the virtual network. Let's see the routes:

There are two lines worth paying attention to here:

0.0.0.0/1 via 192.168.243.1 dev tun0
169.254.0.0/16 dev enp2s0 scope link metric 1000

The first directs all system traffic to the tun0 interface, and the second is more interesting, it deploys IP network traffic 169.254.0.0 to the real interface. If it is not there, then all traffic will go to tun0, including traffic from the OpenVPN program, which has already passed through this interface and the result will be a loop. To terminate the connection in this option, just press Ctrl+C in the terminal where you launched openvpn.

The second way to use OpenVPN on Linux is to install the openvpn plugin for NetworkManager and connect using it. To install this package on Ubuntu, run the following command:

sudo apt-get install network-manager-openvpn

Now open the Network Manager applet, expand "VPN connection" and select "Set up connection":

In the window that opens, click the button "+" :

Then select the caption "VPN".

Look at the routing table again:

In general, NetworkManager creates different rules, but they work the same. Setting up the openvpn client on ubuntu is complete.

Using OpenVPN on Android

You can use OpenVPN on any platform, including Android. The official OpenVPN Connect app has been released for devices. With it, you can connect to the network, as in the previous option, using an ovpn file. You can install this application from Google Play:

Open the app, tap the menu button, then select "Import" -> "Import profile from SDCard":

Select the desired file and click "Select":

Then all you have to do is click "Connect" to connect to the network:

Setting up the openvpn client only involves importing the configuration file, nothing else is needed. Next, your traffic will be routed through the VPN; here you can also view the routing table if a terminal emulator is installed:

True, here we will not see the same situation as in Linux; routing to VPN in Android is carried out a little differently.

How to use OpenVPN on Windows

It was impossible not to tell in this article how to use OpenVPN GUI in Windows, especially since it is not much more complicated than in Android. We need to install the OpenVPN client. You can download it from the official website:

After downloading, run the program as an administrator and go through all the steps of the wizard:





In essence, Open vpn is a very interesting program that works under a point-to-point Virtual Private Network, and you do not need to change the FireWall settings to use it. This program comes to the rescue when you need to connect to a private virtual network, for example, to join a home network or office VPN.

This program often acts as a universal client, which makes it possible to easily disguise your presence on the Internet by establishing a connection with a third-party server “bypassing” your provider in no time. This is what makes open vpn popular among anonymous VPN services.

What are the basic advantages of such a model?

  • Traffic savings: everything is efficiently compressed by lzo.
  • Easy to set up: everything takes less than an hour, and even a beginner or a person without special knowledge can figure it out.
  • Impressive security: all traffic is encrypted, without exception, while each client is isolated.
  • The client does not need to install additional equipment.
  • Finally, stability and fairly decent speed.

What’s noteworthy is that the program comes completely free, i.e. its source code is open to everyone. Want to know more? Come here and you will find comprehensive information.

What is an open VPN connection?

In order to guarantee complete security of the connection and your data, the OpenSSL library is used. This gives the program maximum access to the encryption algorithms available in the assembly. Additionally, HMAC can be used - this provides enhanced data encryption at the moment when information is processed or transmitted.

  • On which operating systems can the OpenVPN client be used? In all major operating systems, which include Windows, MAC OS, FreeBSD.
  • Through which ports does OpenVPN perform all network operations and movements? UDP or TCP; moreover, it can work via HTTP, NAT, etc.

So, if you are going to purchase access to a VPN server, I think open VPN technology will definitely interest you. Dozens of studies and attempts to scrupulously compare OpenVPN and PPTP have built a clear picture: improved data encryption algorithms make the client many times more effective in security matters. Ease of maintenance adds extra points in its favor. Good luck with your work!

OpenVPN is a technology that allows, based on open source code, to build a VPN network between client and server, site and site, on top of the Internet itself. Created by James Yonan on April 10, 2002, OpenVPN is still widely used by users to encrypt traffic and securely use the World Wide Web. Moreover, the popularity of technology is growing from year to year.

Working through TCP/UDP ports and SSL/TLS protocols, OpenVPN is extremely easy to configure and install. Cross-platform makes it possible to install the client on any version of Windows (including 2000 and XP), Linux, Mac OS, Solaris, Open, Net and FreeBSD without fundamental changes in configuration and architecture.

How OpenVPN works:

  • Using a client/server architecture, where OpenVPN is installed on each virtual private network node, provided that one of the nodes is a server and the rest are clients
  • Encryption of traffic that passes through a tunnel created using one of the TCP or UDP ports
  • Three types of authentication – static keys, certification, login/password

The first option is quite simple to configure, but it implies that a single key will encrypt and decrypt traffic. This means that if the key is lost, an attacker can easily decrypt the data. In the case of certification and login/password, SSL technology built into OpenVPN is used to protect information. More difficult to set up and a little slower to operate, because... the server waits for confirmation when transmitting packets, but it is extremely reliable.

Using a VPN for private users is facilitated by a special OpenVPN GUI client. What is OpenVPN GUI? This is a graphical interface that allows you to work with VPN on a personal device. The GUI client is a small installable program with which the user can select a server to connect to, establish a connection to a virtual private network, see the connection log, etc. During operation, the GUI hides in the tray and does not load the system at all.

A little more about OpenVPN, SSL and IPSec

Before the advent of SSL, IPSec was the only means by which data could be encrypted in site-to-site and client-server networks. Fortunately, in the 90s the monopoly disappeared, because... Netscape campaign presented the first version of the SSL protocol, the modern version of which is more often called TLS. With its help, users had the opportunity to encrypt data using the above-mentioned public keys (authentication or login\password). And today we can say for sure that thanks to the relative simplicity of OpenVPN, the SSL protocol is used not only to protect data over HTTP, but also to build a client-server VPN.


What is a VPN in a nutshell? This is a virtual private network, which is a tunnel between two devices (client-server or point-to-point) and running on top of another network (for example, the Internet). The determining factors for a secure VPN are confidentiality and encryption, the integrity of transmitted information, as well as authentication - objects must be sure of each other's authenticity before transmitting traffic. The IPSec and SSL libraries are responsible for encryption and authentication. However, despite similar tasks, protocols have fundamentally different ways of solving problems.

  • On operating systems, OpenVPN and SSL behave like standard applications, making setup easier. IPSec requires updating the OS kernel, which leads to obvious difficulties - to work with the protocol, it is necessary to modify the operating systems on each device used
  • Since IPSec is closely related to the kernel, a malfunction or software hack can lead to dire consequences. The system may receive critical damage, and the hacker may receive administrator rights. This is not possible with OpenVPN, because... the client works in user space and does not affect the operating system
  • SSL is much easier to work with in terms of FireWall. IPSec requires changes to filtering rules and solutions to many other problems
  • OpenVPN is easy to move - in many cases, simple copying is enough, which cannot be said about complicated IPSec

All this has long led to the fact that in the segment of client-server VPN services, OpenVPN has finally supplanted the IPSec protocol. We can say that IPSec is one of the stages in the development of VPN technologies and is currently an order of magnitude inferior to the more secure, modern and convenient OpenVPN. The bottom line is that IPSec currently has no significant advantages over OpenVPN. Setting up an OpenVPN client takes no more than a minute, and creating connections takes just a few seconds - you just need to download the client configs and place them in the appropriate program folder. In addition, when using OpenVPN, you do not need to configure anti-virus programs and firewalls for stable traffic exchange with the VPN server, which cannot be said about IPSec. All users concerned about the confidentiality of their data should understand this and give preference to more reliable solutions.

And a little more about OpenVPN and PPTP

Next to OpenVPN is the technology developed by Microsoft in 1999 - PPTP, which translates as “Point-to-Point Tunneling Protocol”. This is another type of VPN connection available today. However, it is immediately worth noting that the technology is considered vulnerable and more unstable compared to OpenVPN:

  • PPTP has a 128-bit key, and OpenVPN from 1024 to 2048
  • PPTP requires support for the GRE47 protocol, and OpenVPN works with any Internet connection
  • PPTP, like IPSec, requires the configuration of firewalls, antiviruses and firewalls for stable operation.
  • PPTP over GRE does not work correctly under NAT, but OpenVPN works flawlessly

Many are attracted by the fact that PPTP in a Windows environment does not require additional software, but in fact, due to working through a GRE connection, connection stability is much lower than in the case of OpenVPN. The reason for this is NAT. GRE is a network layer protocol, which is why firewalls block most connections, forcing the use of gadgets such as PPTP Passthrough through the so-called Port Forwarding, or port forwarding. As mentioned above, PPTP is an outdated technology and was not originally designed for use under NAT, while in OpenVPN these nuances are taken into account and no problems arise. As a result, the user may need to configure the router and ultimately take more time than installing the OpenVPN client.

Considering the above, it is obvious that OpenVPN is many times superior to “competing” VPN solutions, since it is developed not by companies, but by people for people through OpenSource, and therefore deserves special attention from users. What bothered you in other cases has probably already been resolved here.

Let's take as a basis that our server is located in a remote data center. Those. We will access it via the Internet.

After establishing an encrypted tunnel between the client and the server, the server will NAT all our packets to the Internet. Also, the server will serve DNS and act as a firewall for the virtual local network.

External IP of our server (the one that will be openVPN): 212.212.212.212
Internal server IP (visible from the tunnel): 10.10.0.1
openVPN internal address pool: 10.10.0.2 - 10.10.0.128
Our network name: vpnet
Server name: vpsrv
Client name: vpclient

I think it’s clear why you need an external IP. Internal IP is needed to connect to the server after raising the tunnel. An address pool is the addresses that the server issues to connected clients.
The network name is the names of the conf. files and server name in these conf. files. Client and server names = key file names.

The server has Gentoo Linux 2008.0 installed, updated to the latest versions. Kernel - 2.6.29. All setup will be done via SSH.

Kernel setup.

Let me note right away that at this stage you need to be extremely careful and attentive. In case anyone forgot.

The kernel should contain the options below on the server. On the client, only TUN and ipv4 are needed.

In the kernel we will need the following functionality, here is an excerpt from the config:

CONFIG_NF_NAT=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NETFILTER=y
CONFIG_TUN=m

And of course support for ipv4, network card and other hardware. We assemble and install the kernel. You can use genkernel. Let's reboot.

Server Tuning.

Software installation.
If :) the server has returned from reboot, let's move on to installing the software.

Emerge --sync
emerge openvpn bind bind-tools iptables

We wait, sometimes for a long time. After installation, go to /etc/init.d/ and execute:

Ln -s openvpn openvpn.vpnet
rc-update add openvpn.vpnet default
rc-update add named default
rc-update iptables default
./iptables save

By creating a symlink to ourselves, we told openvpn to use the configuration vpnet. In the future we will launch it only like this:

/etc/init.d/openvpn.vpnet start

There is no need to launch it now, because there is nothing to launch yet. :)
In addition, we have added iptables, named and openvpn to startup.

Let's create the necessary directories and files:

Mkdir /etc/openvpn/vpnet/
mkdir /etc/openvpn/vpnet/keys
touch /var/log/openvpn.log
touch /etc/openvpn/vpnet.conf

Key generation.

Let's go to /usr/share/openvpn/easy-rsa/. Let's open the file vars and enter the settings:

Export EASY_RSA="/usr/share/openvpn/easy-rsa/" #Path to easy-rsa.
export KEY_CONFIG="$EASY_RSA/openssl.cnf" #OpenSSL Config
export KEY_DIR="/etc/openvpn/vpnet/keys" #Directory where we will keep the keys.
export KEY_SIZE=1024 # Key size
export CA_EXPIRE=3650 # CA expiration date
export KEY_EXPIRE=3650 # Key expiration date
export KEY_COUNTRY="RU" # Two-letter country code
export KEY_PROVINCE="XX" # Province, not relevant
export KEY_CITY="Town" # City
export KEY_ORG="Companyname" # Company
export KEY_EMAIL=" [email protected]"#Email

Naturally, the values ​​(company, path to keys and easy-rsa, email) need to be changed to those that suit you.

Let's import variables: source ./vars

Now let's create the keys.

./clean-all # Kill old keys, if there were any.
openvpn --genkey --secret ta.key # TLS-auth key
./build-dh #Diffie-Hellman key.
./pkitool --initca # Certificate Authority for the server.
./pkitool --server vpsrv # Server certificate.
./pkitool vpclient # Client certificate.

And move the rest to the right place:

Mv ./ta.key /etc/openvpn/vpnet/keys

That's it, the keys are ready.

Server Tuning.

Let's go to /etc/openvpn/, open vpnet.conf and write there:

Mode server
tls-server
proto tcp-server
dev tap
port 5555 # Port
daemon
tls-auth /etc/openvpn/vpnet/keys/ta.key 0
ca /etc/openvpn/vpnet/keys/ca.crt
cert /etc/openvpn/vpnet/keys/vpsrv.crt
key /etc/openvpn/vpnet/keys/vpsrv.key
dh /etc/openvpn/vpnet/keys/dh1024.pem
ifconfig 10.10.0.1 255.255.255.0 # Internal server IP
ifconfig-pool 10.10.0.2 10.10.0.128 # Address pool.
push "redirect-gateway def1" # Redirect default gateway to the VPN server. If not necessary, comment out.
push "route-gateway 10.10.0.1"
duplicate-cn
verb 3
cipher DES-EDE3-CBC # Cipher type.
persist-key
log-append /var/log/openvpn.log # Log file.
persist-tun
comp-lzo

All options are, in principle, clear. I noted the particularly important ones with comments. Paths and names, addresses - you need to adjust them to suit you.

Now the server can be started with the command /etc/init.d/openvpn.vpnet start
If problems arise, you can read the log file for details.

In order for the server to release our packets to the external network, we need to configure NAT. It's simple.

Prepare and launch iptables:

/etc/init.d/iptables save
/etc/init.d/iptables start

Enable IP forwarding support:

Sysctl net.ipv4.ip_forward=1
echo "sysctl net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

Add a firewall rule:

Iptables -v -t nat -A POSTROUTING -o EXTERNAL_IF -s VPN_NET/24 -j SNAT --to-source SERVER_IP

EXTERNAL_IF, VPN_NET and SERVER_IP are replaced with the external interface, VPN network and external (!) IP of the server, respectively.

Let's do it again /etc/init.d/iptables save so that the rule is applied when the system boots.

That's it, you can work.

Client setup.

Install the software, create paths:

Emerge openvpn
cd /etc/init.d/
ln -s openvpn openvpn.vpnet-client
rc-update add openvpn.vpnet-client default

Mkdir /etc/openvpn/vpnet
mkdir /etc/openvpn/vpnet/client_keys
touch /etc/openvpn/vpnet-client.conf

We take files from the server:

ca.crt
vpclient.crt
vpclient.key
ta.key

And we throw them in /etc/openvpn/vpnet/client_keys/ on the client.

Editing /etc/openvpn/vpnet-client.conf:

Tls-client
proto tcp-client
remote 212.212.212.212
dev tap
port 5555
cd /etc/openvpn/vpnet
pull
tls-auth /etc/openvpn/vpnet/client_keys/ta.key 1
ca /etc/openvpn/vpnet/client_keys/ca.crt
cert /etc/openvpn/vpnet/client_keys/vpclient.crt
key /etc/openvpn/vpnet/client_keys/vpclient.key
cipher DES-EDE3-CBC
log-append /var/log/openvpn.log
comp-lzo

Encryption and compression options on client and server must match.

Let's launch the client. A connection to the server will be automatically established, a tunnel will be created, default gateway is the VPN server. If everything is done correctly, then you can go online.

The setup is complete.

I can answer questions in the comments.

Did not find an answer to your question? Look at here
TAP-Windows Adapter V9 what is it and how to remove it?TAP-Windows Adapter V9 what is it and how to remove it?
Windows password reset programsWindows password reset programs
How to Make Visual Bookmarks in FirefoxHow to Make Visual Bookmarks in Firefox