7th European BSD Conference: Oct 18-19 2008, Strasbourg, France
UTORvpn: A BSD based VPN service for the masses
Russell Sutherland
Abstract
The University of Toronto is a large educational institutional
with over 70,000 students and 10,000 staff and faculty. For the
past three years, we have developed and implemented a ubiquitous
VPN service, based up on OpenVPN and FreeBSD. The service has over
3000 active customers, with up to 35 simultaneous users. The
system supports, Linux, Mac OS X and Windows XP/Vista/2000 clients.
Tools have been developed to create a central CA which enables
users to log in to a secure server and get their customized client,
certificates and configuration. The NSIS installer is used to
generate the customized windows installers. Similar packages are generated for
the various Unix based clients. Additional WWW/PHP based tools, have
been developed to monitor and log usage of the service, using standard graphs,
alarms for excessive use and a certificate revocation mechanism. The system
has been integrated into the local identity management system
(Kerberos/LDAP) in order to authorize and authenticate users upon initiation and per
session usage. All code is Open Source and freely available.