OpenVPN is a prime example of open source software offering businesses a real advantage over proprietary alternatives. OpenVPN is cross platform software – both the client and server run on Linux, Mac OS X, and Microsoft Windows. For creating enterprise-level Virtual Private Networks, it's license cost is attractive: none. It provides network communications between two or more computers or networks with mature encryption technologies and standard network protocols. This month, I describe two of many ways in which your business can gain capabilities at a very low cost with OpenVPN.

The Road Warrior

Most VPNs cater for the "Road Warrior" scenario: individual employees, like sales representatives or telecommuting employees, who already have a laptop or workstation and want access to office network resources while outside the office.

The server end of the connection can be a dedicated OpenVPN server - a retired workstation running Linux is the low cost, low maintenance choice - or it can be an additional service installed on an existing office server (running any of the previously mentioned operating systems) – because of OpenVPN's efficiency, your server won't notice the extra load. OpenVPN takes only a few consultant hours to set up, and more users can be fitted out quickly and easily as desired. The Road Warrior doesn't even need to learn how to start OpenVPN - it automatically establishes a secure connection whenever the computer is on the internet!

Some of the benefits of OpenVPN for the Road Warrior scenario:

• Any internet access – the airport lounge, cafe or hotel wireless, broadband-equipped home office - allows secure access to the company office network without user intervention.
• Access email, address books, calendars, files, databases on the company network as if you were there - limited only by your connection speed.
• No reconfiguring network settings or changing SMTP servers every time the Road Warrior wants to work outside the office.
• No software license costs for additional Road Warriors.

The WAN

Another common VPN scenario is the Wide Area Network: securely linking geographically separate office Local Area Networks using commodity internet access – with huge costs savings over dedicated leased lines.

Simply placing an OpenVPN server at each end allows the two or more separate LANs to function transparently as a WAN, allowing for better access to company data, and requiring less duplication of hardware and software resources among offices. You can achieve fine-grain control over access - like blocking access to certain parts of the network from other parts or providing simultaneous access to the VPN and the internet - easily thanks to OpenVPN's use of standard networking protocols like TCP and UDP.

OpenVPN servers can provide both WAN and Road Warrior services simultaneously.

Benefits of OpenVPN:

• Scales extremely well - suitable for organisations with 2 workstations or 2000.
• Initial cost is a few hours of consultant time.
• Low ongoing costs: no per-machine license costs.
• Low hardware requirements.
• Flexible and versatile like many open source projects:
  • connections can be initiated using pre-shared keys (passwords) or X.509 certificates,
  • choice of protocols: UDP (faster) and TCP (connect through firewalls and proxies),
  • can protect wireless networks,
  • enterprise scale load balancing.
• Access centrally managed by granting and revoking certificates.
• Manage routing within the VPN and to the internet with standard firewall rules.
• Proven and robust secure transport: uses mature SSH (Secure SHell).
• Bridging mode as well as routing – bridging more appropriate for some network configurations.

New Zealand is a land dominated by tiny businesses, a market often ignored by enterprise IT service providers. OpenVPN is being used to offer these small businesses access to enterprise-level facilities - without an enterprise price tag. With the glimmer on the horizon of widespread, cost effective, symmetrical broadband, a new business models is emerging: geographically distributed groups of specialised professionals working collaboratively - consultants, engineers, artists, educators - without a central office, suddenly able to afford all the benefits industrial strength business IT resources thanks to open source technologies.

We have implemented "Virtual Office Servers" as a service to support these organisations – providing enterprise level infrastructure without capital investment – and because their servers are “in the cloud”, there's no need for a central office. Agile, distributed virtual businesses are taking root and thriving in the emerging broadband ecosystem - thanks to free enterprise tools like OpenVPN.

This article, written by Dave Lane, appeared in the March 2007 issue of The Channel Magazine. Reprinted here with permission. Article reprint available for download below.