Building Linux Virtual Private Networks
This page offers reviews of Building Linux Virtual Private Networks from various sources. If you know of a review that we don't know about, drop us a note at We will reprint or link to every review we know of, even if they think our book sucks.

Full length reviews available online:
The Internet Review Project
Slashdot (local copy)
Linux Journal (local copy) (local copy)
SecurityProNews (local copy) (local copy)

Inside Cover Quote:

"This is the VPN book I wish I'd written. It explains enough about the protocols and issues to clarify the difficulties for the novice, and supplies page after page of clearly-commented examples -- the only way to learn how to make a virtual private network work! Building Linux Private Networks will be top of my list when people ask what they should read about this complex networking topic."

-- Tina Bird, Security Architect, Counterpane Internet Security, Moderator of the VPN mailing list, and VPN FAQ Maintainer.

Other Online Quotes:

"This book so thoroughly covers its general field, in this case virtual private networks (VPNs), that it is useful to security people regardless of whether or not they use Linux. There are abundant practical considerations in this work that other volumes ignore.


I have not found, to date, a book that does a better job of explaining the concepts and operations of virtual private networks. This should become the classic text.

-- Robert M. Slade in his review for the Internet Review Project.

"I have had an interest in VPNs for quite some time; however, finding information on VPNs that is easily digestible is difficult. I have looked at several books on the subject and most of them are written in a manner that lends more to confusion than enlightenment (IMHO). Recently I bought a book regarding VPNs that was earning rave reviews: "Building Linux Virtual Private Networks (VPNs)" by Oleg Kolesnikov and Bri Hatch. You may recognize Bri Hatch from his book "Hacking Linux Exposed"-- another title I would recommend for those interested in security.

Don't let the title throw you off. The first few chapters of the book discuss VPNs in general terms so that you understand the basic functionality of them. Discussions about the OSI model and basic networking have been graciously omitted, as it is assumed the reader will already know these things. This is a very easy to read book that I would highly recommend to *anyone* considering implementing a VPN on their network, regardless of whether you intend to use Linux to do it or not. This book is that good."

--Jay Fougere, SecurityProNews, in his VPN 101 tutorial.

Step by step instructions that WORK!, 29-Jul-2003
Building Linux VPNs is the first book I've bought in the last three years that has the right balance between theory and practice. The first two chapters let you know everything you need to know about VPNs and network topologies and 'gotcha's (where should the DNS server go? How should I route?)

They get all this out of the way quickly. Many books that are dedicated to VPNs only talk about this part of the equation, and do so for hundreds of pages. Oleg and Brian get it all down so you can digest it in a sitting and have everything you need to know.

The remaining chapters cover specific VPN protocols. I needed to support PPTP for the majority of my windows clients, and IPSec for my remote offices and more recent laptops that suppported it. I literally built these VPNs by reading and copying in text (yes, I could have got the code off the web page, but nothing is better than doing it yourself) as I went along. Not a single problem, it was smoother than smooth.

I can't recommend this book enough. If you want a VPN on Linux (or other Unix for that matter) then this is the book for you.
Aaron Zajac, Oviedo, Florida United States.

Editorial Review
A virtual private network (VPN) enables computers to access remote resources--like the mail store on another office's mail server--from a geographically remote location. Rather than access the files over a private (and expensive) wide area network (WAN) link, however, a VPN makes its data transmissions across the open Internet. The magic is in making the communications secure, a critical job that requires a tunneling protocol that implements encryption. Building Linux Virtual Private Networks shows you how to set up VPNs without spending a lot of money, and without compromising ease of use or security. Oleg Kolesnikov and Bri Hatch emphasize network-to-network connectivity--fixed links between sites--rather than network-to-client connections. They show you how to use Linux to build a secure system of permanent--yet virtual--data links. There's coverage, for example, of the PoPToP daemon for handling Point-to- Point Tunneling Protocol (PPTP), but there's no coverage of non-Linux clients with which to connect it.

There's a nice balance of managerial information (useful for justifying a VPN, and a Linux one in particular, to your boss) and technical details in these pages. Each of the covered packages gets nice documentation, complete with listings of configuration files and explicit statements of console input and output.
David Wall.

2 Stars I am so disapointed, 15-April-2003
I don't know what is hapening with this people... I buy this book based in that reviews (all 5 stars) and when I open the book I am totaly disapointed. About the book: The examples is not complete and the text is confused. I do not recomend.
MAURICIO GOMES, Sao Paulo, Sao Paulo Brazil.
(As I said, we'd even post the ones that say it sucks.)

5 Stars A Must Have for your library, 4-Apr-2002
I've been struggling with PPTP and FreeS/WAN for years now and the hardest task I now have to deal with is teaching others the intricate nature of VPN's, tunneling, masq'ing connections and linking private LANs together. This book has been an excellent resource to intruct others on how to administer our tangle of connections and taught me a few nifty tricks in the process.
jtellis, Fishers, IN United States.

5 Stars Clear and concise, a very well written book on Linux VPNs, 4-Apr-2002
Building Linux Virtual Private Networks (VPNs) from New Rider is a must have book for anyone interested in the topic. Not only does it do a great job providing useful and current information for setting up common ssh/ppp, ssl/ppp, PPTP and IPSec configurations, it covers some more exotic VPN applications using VTun, cIPe and tinc. The book is very well organized and extremely readable for a person that is comfortable with networking and linux. The authors cover the design and implementations of the mentioned VPN technologies with ample diagrams and example configuration material. They, also, provide many pros and cons for each of the technologies. The authors did a great job of covering a large number of applications in a very clear and concise fashion.
Anthony Kolasny, Columbia, Maryland USA.

5 Stars If Linux VPNs are your problem, this book is the solution, 2002-Mar-23
"Building Linux VPNs" (BLVPN) succeeds on multiple levels. It's lively, wise, practical, and thorough. With a minor exception, BLVPN is an unqualified triumph.

One of the book's amazing features is its willingness to not rehash "common knowledge." In other words, BLVPN assumes people who read books on Linux VPNs know something about two subjects: (1) Linux and (2) networking. Therefore, BLVPN doesn't waste time teaching the reader how to use the command line, and it doesn't include yet another boring description of the OSI model. Instead, BLVPN launches straight into practical, operational instructions for creating virtual private networks. I would like to see other authors adopt this approach!

Some of the book's key strengths include troubleshooting hints, clear diagrams, directory listings for key files, complete sample configuration scripts, and discussions of advantages and disadvantages of various VPN solutions. Furthermore, the text is supported by a web site with copies of the scripts available for download.

Because each chapter is a self-contained unit for each VPN technology, readers can pick a solution and begin immediate implementation. No other VPN book delivers implementation-grade advice like this.

My only regret was a failure to mention interoperability with BSD-based IPSec implementations. I would have loved to see a chapter on matching FreeS/WAN for Linux with KAME/racoon for FreeBSD. The authors should also consider describing how to configure Windows 2000/XP in IPSec tunnel mode to interoperate with IPSec on Linux and/or FreeBSD. Additionally, I believe I found typos in the figures on pages 168-9. I expect the book's web site errata page to publish a correction, if necessary.

If you need to build host-host, host-network, or network-network VPNs using Linux (or really any open source platform), "Building Linux VPNs" is your book. I recommend "Virtual Private Networks" by Yuan and Strayer as a complementary volume for those needing additional material on VPN theory and protocol encapsulation.
Richard Bejtlich, Texas, USA.

5 Stars Really Great, 18-Mar-2002
I was trying to get an unsniffable connection so I couldn't be snooped on, but was having a devil of a time. I'd tried a combo of ssh portforward and other tunnels, but couldn't get the damn things to work right. Got this book and was able to set up an actual VPN between my machines, and am happily cryptoed from end to end. Was really simple if you follow the instructions here.
Howard Tang.

5 Stars The VPN book I wish I'd written, 27-Feb-2002
I moderate the Virtual Private Networks mailing list on SecurityFocus. There aren't very many good books on VPNs, and those that are reasonable tend to be more focused on protocols and specifications, and less on how to get the darn things up and running. Oleg and Brian lay out the different choices in terms of technical architectures, helping the readers pick which solution is best for their needs. They provide great info on getting things up and working -- lots of examples -- and hurrah, lots of tips for troubleshooting. If you have to deploy a VPN and you want to do it quickly, inexpensively and securely, BUY THIS BOOK.
A reader from Campbell, CA, United States.

5 Stars Finally someone wrote this book!, 25-Feb-2002
I am the main network IT guy for a small firm, and was told a year ago that we needed to get remote access ability for our employees when they're home, and get a VPN set up between our main office and the one downtown. I've been putting this off for about a year now because I never felt like I would be able to figure it all out on my own.

I've read pretty much every VPN book out there, and have been dissapointed at every turn. Even the one by O'Reilly, normally a really great publisher, didn't have actual implementation details that are necessary.

Building Linux Vpns gives you a great introduction in the first two chapters to get you up to speed, teaches you all the right terminology, possible network layouts, and stuff, and then dedicates the rest of the book to easy-to-follow step-by-step implementation details.

After reading the book it took 2 hours from start to finish for me to get our two offices connected via VPN (I went with IPSec / Freeswan), simply following the instructions. I'm in the middle of testing the PPTP setup for home access for those PC folks, and it is working exactly as promised.

If you actually need to understand vpn ideas and be able to build one, this is the book for you.
Clyde Sanston, Phoenix, AZ.

Barnes and Noble

5 Stars Excellent VPN reading, 28-Feb-2002
Have bought a lot of dissapointing VPN books in the past. Was given a copy of Building Linux VPNs at RSA 2002 in San Jose, and it did everything right.

If you need to get a SECURE vpn up and running, this is the book for you.

Also recommended: Recent picks have included Hacking Linux Exposed (same author), Writing Secure Software.
Nick Kennedy, a security freak.

5 Stars Excellent Book!, 27-Feb-2002
I met the author at the RSA conference in the USA this year, and bought his Hacking Linux Exposed book, and he gave me a gratis copy of Building Linux VPNs. I've started on the VPN book because it's more pressing right now.

So far I am amazed. It really has all the setup I needed to get 2 different VPN variants working between my three offices. Two use Linux firewalls, and one uses OpenBSD. I really recommend this book.
John Ritchie, London.

5 Stars Shows you the money, 2-Apr-2002
I hate to quote an overused and tired line, but this book really does exactly what no other VPN books manage: show you what to do. I'm tired of pages upon pages of descriptions of TCP vs UDP vs IP, physical layer vs application layer, and all that junk. What I need is a book that says "In order to set up FreeS/WAN, follow these steps: Step one: install software like this. Step two: create keys as follows. Step three: ..."

This book finally shows you exactly what you need to do to make VPNs work. So many authors out there should take this book home with them and learn how to write to their audience without needlessly filling their books with four chapters of repetative cruft. Kudos to Kolesnikov and Hatch.
Andrew Dornenburg, Silver Spring, MD.

5 Stars Really excellent VPN book., 28-Feb-2002
I administer a website with 25 Linux machines. When we were hacked a year back, I bought Hacking Linux Exposed to help secure things, and we haven't had problems since. (Whoops, time to update PHP today... Security is a process, not a product.)

When I saw on the hacking linux page that the author had another book coming out, I preordered it, and am glad I did. This book is equally readable, technically accurate, engaging, and instantly usable in the real world.

I've read up to chapter 8 so far, and it's written in a very consistant voice. Kolesnikov and Hatch did a great job of putting this book together. I look forward to any books they put out in the future.
Paula Berman, Cumberland, ME, USA..

Source Code
Sample Chapter
Suggested Reading

New Riders Publishing