“The Internet is big. Really big.”
“You wouldn’t believe how humongously, hugely, expansively big ...”
The Earthling cried out.
“Isn't there something more important that you could be telling us?!”
Crackle. Pop. The book flipped to a different entry. Its electronic voice assumed a different tone.
“VPN. Also known as, Virtual Private Networks.”
“Theory.” Beep. “To collaborate, software developers need a development server. A development server provides a web server (e.g. Apache), a source code repository server (e.g. Subversion), an e-mail server (e.g. dovecot), a mail transfer agent server (e.g. exim4), a bug tracking server (e.g. Bugzilla), a file sharing server (e.g. Samba) and a wiki server (e.g. DokuWiki).”
“When the physical computer that contains these servers is placed on the Internet, such as when it is connected directly to a DSL line, each server must be password-protected and encrypt all its data to prevent fiddling by hackers and other annoying persons. For passwords, each server usually supports multiple password schemes and options. For encryption, most servers support SSL, although what configuration files you edit and what options there are, vary depending on the kind of server.”
“This, of course, is obvious.” Blank stare.
“Of course, this didn’t stop Randall Gurglemeister from making a small fortune on his trilogy of best-selling Internet blockbusters, ‘Internet Theory and Practice’, ‘Why The Internet Sucks’ and ‘What Is This Internet Thing, Anyway?’”
The book was excited.
“But, then came VPNs. And, here’s the clever bit: instead of setting passwords and encryption for each 
server individually and all that nonsense, you have one server, a VPN server, that each software developer connects to first. The VPN server checks passwords and creates an encrypted tunnel to an internal local network where the other servers are and the other servers run free and clear, without encryption, and with passwords only if they want to, except that they only run on the internal network, you see, not directly on the Internet. The clever bit is that the VPN puts the software developer safely on the internal network first and then everybody can pretend like the Internet isn’t in the way.”
The book was giddy.
“So, you see, instead of each software developer having a random IP address like 63.209.44.8, 101.23.14.81, 24.88.3.121 or, er, whatever, each physical server computer and each software developer has a similar IP address like 192.168.122.168, 192.168.122.170 or 192.168.122.172. So, services, such as file sharing, that require broadcasting work. While each software developer needs to connect to the VPN server over the Internet, making his way through home networks, firewalls, routers and other obstacles, the individual servers can pretend that those objects don't exist!”
“Please,” the man whined, “shut up and tell me something that I need to know.”
The man glanced at the only other Earthling, a female, whom, even in these circumstances where they were all a few minutes from electro-magnetic, sub-atomic death, he was still quite keen to get off with. She seemed singularly unimpressed with his whining.
“DON'T PANIC,” the book said crossly. Then, it resumed its original, professional demeanor, as it continued willy-nilly onto its next topic.
“Practice.” Beep. “In practice, one good, free VPN solution is OpenVPN.”
“Both the OpenVPN server and OpenVPN clients can run on both Windows and Linux and, most likely, Mac. However, a very common configuration is run the OpenVPN server on a physical server running Linux while software developers run Windows on their own machines.”
“In this case, the OpenVPN server is a regular Linux service. On installation, it creates an /etc/openvpn, as expected, and stores its configuration files in there. Its main binary is stored at /usr/sbin/openvpn. An init script, which wraps the binary and makes it more convenient to start and stop OpenVPN, is created at /etc/init.d/openvpn.”
“For encryption, OpenVPN relies on OpenSSL. OpenSSL is the commonly used and widely available SSL/TLS protocol implementation on Linux. Although OpenVPN can work in other modes, it is common to create SSL certificates to secure both the main server and every software developer that will be access the VPN. OpenSSL stores its configuration files in /etc/ssl.”
Click. Pause. Whirr. “The apocryphal application being that, if you stick the right certificate in your client, you can access anything at any time that is running on the VPN.”
“Oh, groovy,” said that alien from a planet somewhere out on the flipside of the Galaxy. “Teach the monkey to think.”
The Earthling yelped quietly at the insult. The book ignored it, of course, because books do not take their evolutionary lineage as seriously.
“In the typical case, the OpenVPN client, called OpenVPN GUI, is a regular Windows program.”
“OpenVPN GUI runs as a small icon with two tiny green monitors and a tiny blue-green planet in the Windows tray on the bottom right of the taskbar.” The tiny video screen on the book snapped to life.
“When right-clicked, a menu of options pops up.” The tiny fuzzy image changed and glowed.
“OpenVPN GUI relies on the user to edit configuration files in C:\Program Files\OpenVPN manually but the menu does supply quick access to these files as well as a few dialog boxes for manipulating and configuring the connection as well as showing status.”
The book paused before the next topic.
“Hyperlinks.” Beep. “Useful hyperlinks include:”
The man with two heads rolled his eyes, all four of them.
“The main OpenVPN page at: http://openvpn.net/.”
“The Wikipedia entry for OpenVPN at: http://en.wikipedia.org/wiki/OpenVPN.”
“The main OpenVPN GUI page at: http://openvpn.se/.”
The Earthling feverishly typed the hyperlinks into the main computer. On the viewscreen, the entire screen was consumed and blotted out by an angry, blinding radiation.
“Oh, no,” the robot moaned, “not again.”
E-mail Dan Howard about this article
