OpenVPN in VirtualBox

Send to Kindle

There are a number of reasons why you might want to run a VPN on your laptop. The most obvious is that you have to, in order to access files back at the office. Two other likely reasons are security (you are in a public place, and want to encrypt all traffic) and unfettered access (your provider is blocking certain ports or services).

I’ve been interested in implementing a VPN for a while now, but haven’t had any real need, nor tons of copious free time. On Friday, I was informed that one of my portfolio companies had installed OpenVPN and I was welcome to install a client and test it.

I am running Windows Vista Ultimate x64 (the x64 sometimes being problematic with certain software). It turns out that the latest release candidate for OpenVPN has full Windows x64 support, so that wasn’t going to be an issue.

I installed the software, edited the configuration files that the office sent me, fired it up, and it worked the first time. Cool. I tested a few things, including accessing hosts that I wouldn’t be able to see unless I was in the office, and it all seemed to work correctly.

Then I hit a small snag. I tried to fire up my fat-client brokerage application. It behaved as if I didn’t have a network connection, or more accurately, like it couldn’t find the server it wanted to home to. I suspect that this could be something as simple as whether the office itself is set up to route out this type of app/port/protocol through the VPN (I know for a fact that this specific app works when I am in the office).

I also suspect that other fat clients, like a Poker app, might have similar troubles. That got me thinking about the additional use cases beyond just needing access to files/apps/machines in the office.

I fired up VirtualBox, specifically with my new favorite Sidux distribution. I tried to install openvpn from the repo, but it wasn’t found. A Google search said that openvpn is included in Debian itself (which Sidux is based on), so I was temporarily puzzled. I had the following line in my sources:

deb http://ftp.us.debian.org/debian/ sid main

I added another line, identical to the one above, substituting de for us. Presto, openvpn was found, and installed smoothly.

I copied over the same config files from my Windows directory, fired up OpenVPN, and was connected to the office again. This time though, in a pretty cool configuration. Everything in Linux (Sidux), was routed through the VPN. Everything in Windows, was routed normally though my FiOS connection.

If I wanted access to something on the corporate lan, use the browser in Sidux. The brokerage app just worked as normal, as it was unaware of the VPN. On a number of levels, this is the best of both worlds.

Of course, I already summarized situations when you may want/need the full VPN, for the entire machine, or when this use case might be better. If you’re in a public hotspot, and want everything encrypted, even your personal surfing, the Windows-level VPN makes sense.

If you’re in a client’s office, and can’t connect to an odd port on your home server (e.g., you have an application running at http://www.mycompany.com:8765/) which is blocked by your client’s firewall, then you fire up the VPN in the VM, and use that browser, while not disturbing the rest of the applications on your desktop.

This also gave me the idea that since putting Linux on a USB stick is so trivial (see this post about multi-boot USB), it would be simple to have a bootable USB stick, with the OpenVPN client on it (password-protected, of course), that would allow you to boot off any PC/laptop as if you’re in the office, or without leaving any trace on the host PC, whenever the situation called for it. Friends wouldn’t need to feel that you were seeing their browsing history, etc.

Just for yucks, I also installed OpenVPN on my server, for the secondary scenarios mentioned above (security and unfettered access). While I don’t anticipate needing them frequently, knowing that it’s available, on a second’s notice, is a comfort.

Another trick added to my bag. 🙂