© sTan, fotolia.com

© sTan, fotolia.com

OpenVPN with e-tokens in large-scale environments

No Magic Needed

Article from ADMIN 05/2011
By , By
Simple VPNs might not provide enough security alone; instead, try a carefully crafted mix of OpenVPN and Aladdin e-tokens.

As the story goes, Aladdin was good-for-nothing, idle, and mischievous and had no respect for his parents. Would you put your enterprise security into the hands of a rascal like that? Fortunately, with the help of some magic, the magician and the genie in the lamp finally made a sultan out of the boy [1].

OpenVPN and Aladdin

Luckily, you don't need magic to use Aladdin e-tokens with Linux and OpenVPN. The free SSL virtual private network (VPN) joined the mainstream with release 2.1, and it is useful for large-scale setups. Aladdin [2] dominates the market for USB stick-based cryptographic access control with its e-tokens – one reason they were acquired by SafeNet. However, e-token is e-token, whether labeled Aladdin or SafeNet. At a price of around US$ 100, an e-token is basically a USB device containing a user certificate. However, integrating USB stick-based authentication with password management and PIN input is not a trivial task.

In this article, we show how an organization can configure and secure a large-scale infrastructure and discuss the integration of Linux and Windows clients. We also look at customized client configurations for the VPN and a matching start script to handle PIN entry on Linux.

Tokens and Certificates

Of course, the VPN dial-up no longer uses a simple pre-shared key (PSK) but, instead, uses secure, centrally manageable X.509 certificates [3] that automatically expire. You can also use OpenVPN in combination with simpler, public key certificates, a technique that Strato employs for its HiDrive network storage [4]. However, this means that you need to create the certificate as

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © fckncg, 123RF.com
    VPN clients for Android and iOS
    Smartphones and tablets using hotspots and mobile data connections are susceptible to spying. iOS and Android each supply a tunneled VPN connection out of the box. We take a look at their apps, as well as third-party apps to see if they offer more.
    more »
  • Lead Image © Orlando Rosu, 123rf.com
    Manage OpenVPN keys with Easy-RSA
    The Easy-RSA tool that comes with OpenVPN provides trouble-free open source PKI management.
    more »
  • © maigi, 123rf.com
    Secure remote access and web applications with two-factor authentication
    Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases.
    more »
  • Two-Factor Authentication

    Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases.

    more »
  • Photo by Marc Sendra Martorell on Unsplash
    SoftEther VPN software
    SoftEther is lean VPN software that outpaces the current king of the hill, OpenVPN, in terms of technology and performance.
    more »
comments powered by Disqus