My name is Jan Just Keijser — otherwise known as JJK in OpenVPN circles. I am an IT professional with about 25 years of experience, and I’ve been using OpenVPN for nearly 16 years now. I currently work as a Software Engineer at Nikhef, a physics research lab in Amsterdam. I work on high performance and high throughput computing. I have also written two books on OpenVPN: “OpenVPN 2 Cookbook” (2011, second edition 2017) and “Mastering OpenVPN” (2015, together with Eric F. Crist), and I am available for freelance (Open)VPN consulting work.
In 2004, I was a project manager for an ICT company in the Netherlands. Our customers had offices all around the city, and we needed a reliable remote access solution. At first, I set up a system using two SSH hops.This solution worked, but was not very reliable. Note that cool OpenSSH features like “ProxyJump” did not exist at the time. As the server, I had installed a RedHat Linux 9 system at the client premises. On the team’s laptops, we were using Windows 2000 or Windows XP. I then started toying with a “PPP-over-SSH” tunnel configuration, which looked very promising when using a Linux client, but was not practical for users with Windows 2000 or Windows XP on their laptops.
I found OpenVPN by searching on the internet for open source VPN software that offered clients for both Linux and Windows. I downloaded the source code and compiled it on my RedHat server at the remote office. Then I set up the certificates and private keys and installed the OpenVPN 2.0beta6 client software on Windows 2000, and with a little bit of tinkering, it worked! My teammates were enthusiastic about it as well, and the entire team switched to OpenVPN very soon after.
In 2005 I was asked by a technical sales lead within the same ICT company to help out with a bid for an open source VPN solution for a government project. We made a comparison between OpenVPN, PPTP, and IPSec. Our recommendation was to use OpenVPN, as it was the only VPN solution that could run over a TCP port, easing deployment. However, the client considered OpenVPN too outlandish and experimental and decided to opt for an open source IPsec solution. Six months later, the client returned to us, seeing that deployment of a UDP-based solution in their ill-managed network was much harder than anticipated. Later that year, I switched jobs to Nikhef, my current employer. There, I introduced OpenVPN (version 2.0.9), and shortly after, I started helping the system administrators work from home and access our IT-management network remotely.
During that time, I became active on the OpenVPN mailing list and user forum, answering user questions and troubleshooting various setups. I found that helping others use a piece of software is the best way to learn the ins and outs of that software yourself, as others always manage to come up with unique configurations and setups. For work-related reasons, I started experimenting with hardware tokens (or Hardware Secure Modules, aka HSMs). With such a token, we can provide very secure two-factor authentication for scientists that need to access data. These same tokens can also be used for two-factor authentication in OpenVPN using the PKCS#11 interface. I can safely say that I did most of the debugging on the PKCS#11 support in the first version of OpenVPN to support this.
Doing More With OpenVPN
Because of all the OpenVPN questions I helped answer, I was asked to write a book on OpenVPN in 2010. The book, the OpenVPN 2 Cookbook, came out in 2011 as my first publication ever. Not long after, I attended my first OpenVPN meeting by traveling to the FOSDEM conference in Brussels, Belgium. There I met the OpenVPN developers, including James Yonan. Since then, I have tried to attend the yearly OpenVPN Hackathons whenever I can: Brussels in 2011 and 2012, Munich in 2013 and 2014, Delft in 2015, and Karlsruhe in 2017. My last attempt to attend a hackathon, Trento 2019, was stranded due to an airline personnel strike.
The OpenVPN hackathons have always been very useful to me, because I am able to focus my attention solely on OpenVPN for a few days in a row. I have found that is one of the best ways to make progress in troubleshooting bugs and developing new features. I have also always found my interactions with the hard-core developers to be very stimulating.
In 2018, I joined the eduVPN project, which I will discuss more in the future. The eduVPN project aims to provide European researchers with safe access to the internet and their home institutions while traveling. During the 2020 COVID-19 pandemic, while many researchers and scientists are forced to work from home, it offers a straightforward method to access their institution’s computing resources in a secure and straightforward manner.
Keep an eye out for more articles by JJK!