Problem solve Get help with specific problems with your technologies, process and projects.

Secure OpenVPN config with PAM

Network security expert Anand Sastry explains the relationship between OpenVPN and TLS, and points out where to learn about using OpenVPN and PAM.

I was told that OpenVPN is actually an implementation of TLS VPN. Is this true? Also, could you guide me to any reference materials for using PAM (Plug-able Authentication Module) with TLS VPN (OpenVPN)?

You are correct. OpenVPN is a SSL/TLS implementation that supports site-to-site VPNs in user space (i.e. a product...

not requiring integration with the OS kernel, also known as "ring 0 space"). TLS is an SSLv3 implementation with some enhancements and fixes. The aim of TLS was to consolidate different SSL implementations. SSL/TLS VPN implementation in OpenVPN supports encryption of link traffic exactly like IPSEC VPNs. It is actively being developed and is a secure alternative to the more traditional appliance-based products.

PAM, or pluggable authentication module, is a flexible mechanism for authenticating users that provides a way to develop programs independent of the authentication scheme. A good place to start with OpenVPN config using PAM would be the readme for the auth-pam module. I have included the SVN link for v2.0.

This was last published in June 2010

Dig Deeper on VPN security