7th European BSD Conference: Oct 18-19 2008, Strasbourg, France

UTORvpn: A BSD based VPN service for the masses

Russell Sutherland

Abstract
The University of Toronto is a large educational institutional with over 70,000 students and 10,000 staff and faculty. For the past three years, we have developed and implemented a ubiquitous VPN service, based up on OpenVPN and FreeBSD. The service has over 3000 active customers, with up to 35 simultaneous users. The system supports, Linux, Mac OS X and Windows XP/Vista/2000 clients. Tools have been developed to create a central CA which enables users to log in to a secure server and get their customized client, certificates and configuration. The NSIS installer is used to generate the customized windows installers. Similar packages are generated for the various Unix based clients. Additional WWW/PHP based tools, have been developed to monitor and log usage of the service, using standard graphs, alarms for excessive use and a certificate revocation mechanism. The system has been integrated into the local identity management system (Kerberos/LDAP) in order to authorize and authenticate users upon initiation and per session usage. All code is Open Source and freely available.