How to set up a simple routed VPN

This brief how-to explains how one can set up a routed virtual private network (VPN) using openvpn in no time. In particular we deal with routed VP networks.

VPN in brief

Virtual Private Networks (VPNs, read more on Wikipedia) offer the following facilities to their users:

  1. Access web services and applications securely from anywhere in the world
  2. Access the Internet and browse securely and anonymously from any place
  3. Provides a secure tunnel for web applications to exchange information
  4. Securely access your local network at work or at home over the network
  5. Encrypted client-to-client communication

A VPN is a local network that is built over a larger network or the Internet. The main feature VPN users benefit from is protection from eavesdropping since all information exchanged between the nodes of the VPN is encrypted using highly secure algorithms. VPN is considered to be one of the most secure infrastructures one can have over a public network. In the following figure eavesdropping is illustrated (also read Internet Eavesdropping: A Brave New World of Wiretapping) .

Secure VPN protocols include a series of cryptographic protocol providing confidentiality and prevent man-in-the-middle attacks, identity spoofing and most of well known web attacks. All your data travel encrypted over the network and all sensitive information is cloaked!

A VPN consists of a VPN server and a number of VPN clients connecting to it (and eventually to each other). The establishment of such a private network assigns to each machine that participates to it a private IP address (e.g. 10.X.X.X or 192.168.X.X - see this article for details).

Bridged vs Routed Networks

This article on the openvpn web site explains the main advantages and disadvantages of each option. In this tutorial we focus on bridged VP networks. Quite reveling of the underlying mechanisms and their differences is the article one can read at (click here for the whole article) a part of which we quote here:

Routing refers to the interconnection of separate and independent "sub-networks" (subnets) which have non-overlapping ranges of IP addresses. Upon receiving a packet sent to it, a network "router" examines the destination IP address to determine which of several connected networks should receive it, after which that packet is forwarded to the proper network.

Bridging, by comparison, is much simpler. A network "bridge" is simply an electrical interconnection between separate physical networks that are all carrying the same ranges of IP addresses. Standard dumb network "hubs" and "switches" are examples of network bridges. With a hub, packets arriving at any port are "bridged" and sent out to every other port. A switch is a bit smarter, since it is able to adaptively learn which network interface cards (NICs) are attached to which ports. But a switch is still interconnecting network segments carrying the same ranges of IP addresses.