The Gluster Blog

Gluster blog stories provide high-level spotlights on our users all over the world

How to Deploy the OpenVPN Encryption Protocol to Your Network Using Gluster

Dan Fries
April 24, 2019

This is part of a new series on using Gluster!

OpenVPN is open source software that serves as the basis for a Virtual Private Network capable of supporting a point-to-point or site-to-site connection.

Along with the fact that it’s free to use, it also has the benefit of being one of the most secure (some fall well short of OpenVPN) VPN options available today. As software that can function on Windows or a Linux server, this is an option you want at your disposal.

 

 

Setting up the OpenVPN access server requires some preliminary work as well as following a series of instructions. While they vary slightly depending on what sort of operating system you’re using for the server and your network, the basic process is the same. Here is what you need to know to manage the set up.

 

Things to Do First

What’s your plan for using the VPN? That will impact how you prepare for setting up. When the goal is to use trusted segments on each of the servers, you will need to install preliminary software on each one.

The software you need is the most recent version of GlusterFS. You can download it directly from the Gluster website. If you are using Linux or a Linux-based operating system, entering a command and executing will get you started. Follow the usual process needed for installing software on your system and you’ll be set.

It’s strongly recommended that you go with trusted segments on servers at each end of the network. One of the primary reasons is security. If you are using an untrusted segment (i.e. the Internet,) there’s a greater risk of accidentally sharing proprietary data.

If your network structure means that you do plan on using the Internet, remember there are ways to layer encryption and increase the level of protection you have.

 

Turning Attention to the Servers

After you finish with the preliminary downloads, it’s time to prepare each server that will participate in the VPN. Keep in mind that you don’t have to prepare every server used at each site. Only the ones you want to have connected to the network need attention.

 

 

Assuming that the servers are already configured for general use, much of the process is out of the way. Since you are creating clusters, there must be a way to share data back and forth between nodes in those clusters.

 

This involves establishing subnets within the cluster. Remember that you cannot use the same subnet for all of the clusters. Depending on the limitations of your server setup, you may divide subnets and achieve the same result. Doing so ensures the routing occurs without any complications.

 

Using one server to house the primary function is the most practical approach. Create your groups and use the GlusterFS to peering your HA machines using the software. Remember to enter the command appropriate for your operating system, along with the IP address for each one of those machines.

 

Keep in mind the machine you are using at what could be considered the command server location does not have to be added. It’s only the HA machines at the other sites that need to be added to the group.

 

Checking What You’ve Done So Far

Now that you have your peers added, it’s time to double-check what you’ve completed up to this point. The goal is to make sure the connections are established and information can flow from one cluster and back again without any issues. You’ll want to set the network volume.

 

Sometimes referred to as storage volume, it can exist as a virtual unit or a physical one. The physical unit can be divided into several volumes, something you may want to consider depending on the number of sites you are including in the network.

 

Part of the testing that should be done before you consider taking the network live is starting and stopping. The goal is to ensure that the VPN activates properly and that all individuals and/or sites connected to the network are able to access, transmit, and receive data.

 

It’s only after you try some basic data sharing across the network and confirm everyone is connected that the process is considered complete.

 

A Word About Security

 

 

Whether you go online or prefer to keep things strictly point-to-point, security is something to consider carefully. You will find that Gluster has security solutions designed to work with VPNs, including OpenVPN. These can be used in addition to the firewalls and other precautions that you already use for your servers at all the connected locations.

 

While you may need to do some additional configuration to ensure they protect without preventing the flow of data from authorized users, the effort is worth it. Don’t forget that checking authentication and the use of strong passwords is key to your security effort.

Maintenance and Management of Your VPN

While some open source software doesn’t bring much value to the table, the fact that quite a few for-pay virtual private networks make use of the OpenVPN protocol as the default selection speaks volumes of its legitimacy in the industry.

Popular amongst consumers, both NordVPN and ExpressVPN allow their users to connect using the OpenVPN protocol with 256-bit AES encryption. A reputation for stability and reliability also helps.

Keep in mind that your new VPN is not like a firewall or a proxy server, in that you don’t want to set it up and then not give it any attention for months on end. Your best bet is to develop a maintenance schedule and follow it carefully.

The goal is not just to ensure the network is working. Check the speed of transmissions, note any irregularities that may occur when there is higher levels of traffic on the network, and ensure the software is updated as new releases become available.

 

Final Thoughts

Don’t rush when you set up your OpenVPN. Take your time and understand what commands you need to use based on whether your site has Windows or Linux. Test the functions at specific points in the process. If something’s not working, step back and resolve that issue before proceeding. While it may take a little time to structure the network to your liking, the results will serve you well for a long time.

BLOG

  • 26 Apr 2019
    Gluster Monthly Newsletter, April 2...

    Upcoming Community Happy Hour at Red Hat Summit! Tue, May 7, 2019, 6:30 PM – 7:30 PM EDT https://cephandglusterhappyhour_rhsummit.eventbrite.com has all the details. Gluster 7 Roadmap Discussion kicked off for our 7 roadmap on the mailing lists, see [Gluster-users] GlusterFS v7.0 (and v8.0) roadmap discussion https://lists.gluster.org/pipermail/gluster-users/2019-March/036139.html for more details. Community...

    Read more
  • 24 Apr 2019
    Community Survey Feedback, 2019

    In this year’s survey, we asked quite a few questions about how people are using Gluster, how much storage they’re managing, their primary use for Gluster, and what they’d like to see added. Here’s some of the highlights from this year!

    Read more
  • 24 Apr 2019
    How to Deploy the OpenVPN Encryptio...

    This is part of a new series on using Gluster! OpenVPN is open source software that serves as the basis for a Virtual Private Network capable of supporting a point-to-point or site-to-site connection. Along with the fact that it’s free to use, it also has the benefit of being one...

    Read more