Linux Today: Linux News On Internet Time.

Networking with OpenVPN

Dec 31, 2009, 17:03 (0 Talkback[s])
(Other stories by Markus Feilner)

[ Thanks to Ramsai for this link. ]

"The modular structure of OpenVPN can not only be found in its security model, but also in the networking scheme. James Yonan chose the Universal TUN/TAP driver for the networking layer of OpenVPN.

"The TUN/TAP driver is an open source project that is included in all modern Linux/Unix distributions, as well as Windows, Solaris, and Mac OS X. Like SSL/TLS, it is used in many projects, and therefore it is steadily being improved, and new features are being added. Using the TUN/TAP devices takes away a lot of complexity from the structure of OpenVPN. Its simple structure brings increased security when compared to other VPN solutions. Complexity is always the main enemy of security. For example, IPsec has a complex structure with complex modifications in the kernel and the IP stack, thereby creating many possible security loopholes.

"The Universal TUN/TAP driver was developed to provide Linux kernel support for tunneling IP traffic. It is a virtual network interface, which appears as authentic to all applications and users. Only the name tunX or tapX distinguishes it from other devices. Every application that is capable of using a network interface can use the tunnel interface. Every technology that you are running in your network can be run on a TUN or TAP interface too."

Complete Story

Related Stories: