Openvpn Overview; Openvpn Security Mechanisms; Preshared Secret; Tls - Brocade Communications Systems 5600 Reference Manual

Openvpn

Hide thumbs Also See for 5600:

Configuration manual (187 pages)

Reference manual (96 pages)

Quick start manual (48 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

OpenVPN Overview

●

OpenVPN security mechanisms..................................................................................... 13

●

OpenVPN modes of operation........................................................................................ 14

OpenVPN security mechanisms

This section provides an introduction to the security mechanisms and modes of operation for OpenVPN

on the Brocade vRouter.

• Preshared secret

• TLS

The security requirements for a virtual private network include authentication, confidentiality, and

integrity. OpenVPN offers a choice of two different security mechanisms: preshared secret and

Transport Security Layer (TLS).

NOTE

Secure Sockets Layer (SSL) is the predecessor of TLS, and most current references to SSL are, in fact,

references to TLS. Therefore, these terms are used interchangeably in this document.

Preshared secret

When preshared secret is used for security, OpenVPN works as follows:

1. The administrator uses the generate vpn openvpn-key command to generate a file that contains a

certain number of random data bytes, that is, the secret to be used to provide security.

2. The administrator transfers the secret file to each of the two tunnel endpoints by using pre-

established secure channels. For example, the file can be generated on one of the endpoints and

then transferred to the other endpoint by using a secure file transfer protocol, such as SCP.

3. When the two endpoints need to establish the VPN tunnel, the OpenVPN process on the one

endpoint authenticates the other endpoint. Authentication is based on the assumption that the

preshared secret is known only to the other endpoint; that is, authentication is based on the

assumption that if any host knows the shared secret, that host must be the other endpoint.

4. After the endpoints are authenticated, the OpenVPN process on each side derives a set of keys from

the preshared secret. These keys are used for two purposes.

• Some keys are used in an encryption algorithm to encrypt the tunnel data. This encryption

• The others are used in a message authentication code (MAC) that uses a hash algorithm with the

TLS

Transport Layer Security (TLS) is a cryptographic protocol that uses public key cryptography and does

not require the two endpoints to have a preshared secret. OpenVPN uses TLS with X.509 certificates

Brocade 5600 vRouter OpenVPN Reference Guide

53-1003719-03

provides data confidentiality.

keys on the tunnel data. This code provides data integrity.

Table of Contents

Openvpn Overview; Openvpn Security Mechanisms; Preshared Secret; Tls - Brocade Communications Systems 5600 Reference Manual

OpenVPN Overview

OpenVPN security mechanisms..................................................................................... 13

• Preshared secret

• TLS

Related Manuals for Brocade Communications Systems 5600

Related Content for Brocade Communications Systems 5600

Table of Contents