Free openvpn software for linux

OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls (articles) (examples) (security overview) (non-english languages).
OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web proxy and does not operate through a web browser.
For a good conceptual introduction to OpenVPN, see the program notes for James Yonans talk at Linux Fest Northwest 2004 -- Understanding the User-Space VPN: History, Conceptual Foundations, and Practical Usage. See also OpenVPN and the SSL VPN Revolution by Charlie Hosner.
OpenVPN is an Open Source project and is licensed under the GPL. Commercial licenses are also available for firms who would like to redistribute OpenVPN with their own proprietary applications. Contact info@openvpn.net for more information.
Main features:
- tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port,
- configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients,
- use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet,
- use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
- choose between static-key based conventional encryption or certificate-based public key encryption,
- use static, pre-shared keys or TLS-based dynamic key exchange,
- use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization,
- tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients,
- tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
- tunnel networks over NAT,
- create secure ethernet bridges using virtual tap devices, and
- control OpenVPN using a GUI on Windows or Mac OS X.

OpenVPN Auth Passwd is a plugin that authenticates OpenVPN users using the local passwd or shadow files, using a privilege separation model.
OpenVPN Auth Passwds authentication method must be defined in the Makefile prior to the compilation of the plugin.
On shadowed systems it uses the functions provided in the shadow suite and, on other systems, the getpwnam(3) function to verify the username/password.
SYNOPSIS
The openvpn-auth-passwd module implements username/password authentication via the passwd files and, in the systems with shadow support, we use it. It is provided for systems that dont have PAM.
This module uses a split privilege execution model, the same used in the auth-pam and down-root plugins. That is, even if you drop the openvpn daemon privileges using the user, group, or chroot directives, the plugin still work.
BUILD
To build openvpn-auth-passwd on systems that use shadow, you will need to have the shadow suite and its devel headers installed.
On GNU systems build with the "make" command. In other systems you should install the GNU make, if you dont have it, and type "gmake". The module will be named openvpn-auth-passwd.so
USAGE
To use this plugin module, add to your OpenVPN config file:
plugin openvpn-auth-passwd.so
Run OpenVPN with --verb 7 or higher to get debugging output from this plugin.
CAVEATS
This module is supposed to work on any *nix system but, more testing should be done. Right now it works in the Linux and OpenBSD.
There is no portable way to check if you are using the shadow suite or not. And, as we are not using autoconf to do this, you must manually set the USE_SHADOW directive in the Makefile. We assume by default that you are using it (the majority of linux distributions and sun). If you arent (the majority of *bsd systems and others),
you should set it to 0.
Enhancements:
- Added a new funtion to check if the user belong to a given group or not.

OpenVPN authentication server is a project which allows you to add very flexible authentication for your OpenVPN server.
OpenVPN authentication server provides very flexible authentication (LDAP, Kerberos, Radius, PAM, SASL, File, SQL, IMAP, POP3) for your OpenVPN server. You can also retrieve per-client configuration in your LDAP server.
Main features:
- Very flexible authentication configuration
- Chainable authentication backends. You can mix several authentication backends
- Authentication server written in perl
- Authentication server can run completely in chroot (recommended)
- Authentication client written in C
- Authentication client can run completely in chroot if OpenVPN server is chrooted
- Supports almost all existing authentication backends.
- Supported authentication backends:
- LDAP
- Kerberos5 (works also with Microsoft AD)
- any SQL database supported by perl DBI driver
- IMAPv4 server
- POP3 server
- plain file
- SASL library
- PAM library
- Radius service
- custom certificate validation algorithm.

VPN is a project that contains scripts to setup a VPN connection between several Unix systems in a very flexible way: a system can be VPN server and VPN client at the same time and a VPN server can serve multiple VPN clients.
This VPN software uses PPP over SSH, which is of course an obsolete method. A good alternative is OpenVPN.
Enhancements:
- Removed IPchains from up and down scripts.
- SSH_VERSION in configuration file.
- Support for FireTable package.

KVpnc is a KDE frontend for various vpn clients. KVpnc project supports Cisco VPN (vpnc) and IPSec (FreeS/WAN, racoon).
vpnc is a replacement for the cisco VPN client and its used as client for the cisco3000 VPN Concentrator, FreeS/WAN (OpenS/WAN) is a IPSec client for Linux 2.4.x and racoon is a IPSec client for Linux 2.6.x and *BSD. It supports also PPTP (pptpclient) and OpenVPN.
You need vpnc >= 0.2-rm+zomb-pre9.
Note: translators still welcome. Kvpnc is currently translated to Bulgarian, Chinese, Dutch, German, Hungary, Italian, French, Portuguese Brazilian, Polish, Slovak and Spanish.
Main features:
- Easy to use KDE gui
- Docking in kicker
- Localized GUI:
Bulgarian
Chinese
Dutch
French
German
Hungarian
Italian
Slovak
Polish
Portuguese Brazilian
Spanish
- VPN connection to Cisco concentrator
- VPN connection to VPN servers by using IPsec
- FreeS/WAN (Linux 2.4.x) support
- racoon (Linux 2.6.x/BSD) support
- PPTP support (pptpclient)
- OpenVPN support
- Multiple profiles
- Preshared secret support
- X509 certificate support
- Cisco PCF file import
- PKCS12 certificate import
- Ping test
- Automaticlly setting of routes and firewall rules (iptables) (currently: freeswan/racoon)
- Automaticlly network device detection (can be overridden)
- Log file writing
- DCOP interface
- user notification for sucessful connect/disconnect
- NAT-T support (racoon/OpenVPN/vpnc)

udpeq is a program that balances UDP traffic over parallel routes. This is useful if you want to connect two endpoints through several slow or unreliable channels. For example, if you have 3 modem lines and a one-way satellite link, you might want to bond all of these together to form a faster, more reliable "virtual" connection.

udpeq by itself just shuttles UDP packets between two endpoints. You will almost certainly want to use a higher-level tunnel on top of udpeq to provide a "real" IP connection. CIPE or OPENVPN are perfect for this job.

Existing solutions of this nature (for example, multi-link ppp) tend to make simplistic assumptions about the bandwidth and availability of the channels. udpeq attempts to dynamically adjust to changing conditions, being as robust as possible while still being able to maximize throughput.

DenteAzul project is a J2ME application that allows a Blackberrys Internet connection to be transmitted over Bluetooth.
As Blackberry ( OS < 4.2 ) does not support Bluetooth modems, this tool will make the Blackberry act like a proxy/tunnel.
The Problem:
BlackBerrys OS version < 4.2, dont have a bluetooth modem capabilities, The only way you can connect to internet in your laptop is by using the USB cable, and you must use Microsoft Windows OS. Currently there is no USB driver for others OS.
The Solution:
With help of a VPN tool, a j2me application and a proxy server, is possible to use the blackberry as a tunnel. Allowing a network to be estabilished
Technical Detais:
The VPN will connect to the proxy server, this proxy server will relay data using bluetooth to your cellphone, your cellphone will relay the data over TCP to the other side of the VPN.and vice-sersa.
Speed:
Blackbeery OS was not made to this, it will require a lot of CPU and there is a lot of packet fragmentation and high latency.
My tests resulted in 64kbps. with a minimun latency of 900ms ( it may be my network carrier problem ).
Enhancements:
- This release only supports Linux.
- It works using vtun or openvpn.

Endian Firewall is a "turn-key" linux security distribution based on IPCop that turns every system into a full featured security appliance. Endian Firewall has been designed with "usability in mind" and is very easy to install, use and mange, without loosing its flexibility.
The features include a stateful packet inspection firewall, application-level proxies for variuos protocols (HTTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN). The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is commercially supported by Endian.
Main features:
Based Module:
- Firewall (statefull inspection)
- Outgoing Firewall
- IPSec Gateway to gateway VPN
- IPSec Remote client to gateway VPN (roadwarrior)
- NAT
- Multi-IP address support (aliases)
- Dynamic DNS
- DMZ support
- HTTPS Web Interface
- Detailed network traffic graphs
- View currently active connections
- Event log management
- Log redirection to external server
- Server DHCP
- Server NTP
- Traffic Shaping / QoS
- Transparent POP3 antivirus/antispam proxy
- Transparent HTTP proxy
- Web Proxy with local users, windows domain, samba, LDAP, radius server management
- Intrusion Detection System
- ADSL modem support
- Configuration backup and restore
- Remote update
Advanced Antivirus Module:
- HTTP Antivirus
- Endian Security Tools for Windows Desktop
- Transparent SMTP antivirus/antispam proxy
VPN Gateway Module:
- Gateway to gateway VPN with OpenVPN (http://openvpn.net/)
- Remote client to gateway VPN (roadwarrior) with OpenVPN (http://openvpn.net/)
- Bridged and Routed VPN mode
- Endian Client VPN ? Windows, Linux, MacOSX
Web Content Filter Module:
- URL filter
- Web content analysis/filter
- Whitelists and blacklists management
- Web surfing time limits
Enhancements:
- SATA support is now again working
- A wizard after installation asks to set the passwords (root, admin)
- Added possibility to restore a backup directly after installation
- Fix for blocking incoming connections coming in through the VPN [#210]