SlideShare a Scribd company logo

Openvpn Cookbook Second Edition 2nd Revised Edition Keijser

L
lenicikeally

Openvpn Cookbook Second Edition 2nd Revised Edition Keijser Openvpn Cookbook Second Edition 2nd Revised Edition Keijser Openvpn Cookbook Second Edition 2nd Revised Edition Keijser

Education
1 of 80
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
Openvpn Cookbook Second Edition 2nd Revised Edition Keijser download https://ebookbell.com/product/openvpn-cookbook-second- edition-2nd-revised-edition-keijser-50195128 Explore and download more ebooks at ebookbell.com
Here are some recommended products that we believe you will be interested in. You can click the link to download. Openvpn 2 Cookbook Jan Just Keijser https://ebookbell.com/product/openvpn-2-cookbook-jan-just- keijser-2118390 Openvpn Building And Integrating Virtual Private Networks Markus Feilner https://ebookbell.com/product/openvpn-building-and-integrating- virtual-private-networks-markus-feilner-921368 Beginning Openvpn 209 Norbert Graf https://ebookbell.com/product/beginning-openvpn-209-norbert- graf-2313848 Mastering Openvpn Master Building And Integrating Secure Private Networks Using Openvpn Eric F Crist https://ebookbell.com/product/mastering-openvpn-master-building-and- integrating-secure-private-networks-using-openvpn-eric-f- crist-50195242
Troubleshooting Openvpn 1st Edition Eric F Crist https://ebookbell.com/product/troubleshooting-openvpn-1st-edition- eric-f-crist-6823330 Mastering Openvpn 1st Edition Eric F Crist Jan Just Keijser https://ebookbell.com/product/mastering-openvpn-1st-edition-eric-f- crist-jan-just-keijser-48647812
Openvpn Cookbook Second Edition 2nd Revised Edition Keijser
OpenVPN Cookbook - Second Edition
Table of Contents OpenVPN Cookbook - Second Edition Credits About the Author About the Reviewer www.PacktPub.com Why subscribe? Customer Feedback Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Errata Piracy Questions 1. Point-to-Point Networks Introduction The shortest setup possible Getting ready How to do it... How it works... There's more... Using the TCP protocol Forwarding non-IP traffic over the tunnel OpenVPN secret keys Getting ready How to do it... How it works... There's more... See also
Multiple secret keys Getting ready How to do it... How it works... There's more... See also Plaintext tunnel Getting ready How to do it... How it works... There's more... Routing Getting ready How to do it... How it works... There's more... Routing issues Automating the setup See also Configuration files versus the command line Getting ready How to do it... How it works... There's more... Exceptions to the rule Complete site-to-site setup Getting ready How to do it... How it works... There's more... See also Three-way routing Getting ready How to do it... How it works... There's more... Scalability
Routing protocols See also Using IPv6 Getting ready How to do it... How it works... There's more... Log file errors IPv6-only tunnel See also 2. Client-server IP-only Networks Introduction Setting up the public and private keys Getting ready How to do it... How it works... There's more... Using the easy-rsa scripts on Windows Some notes on the different variables See also A simple configuration Getting ready How to do it... How it works... There's more... Server-side routing Getting ready How to do it... How it works... There's more... Linear addresses Using the TCP protocol Server certificates and ns-cert-type server Masquerading Adding IPv6 support Getting ready How to do it...
How it works... There's more... IPv6 endpoints IPv6-only setup Using client-config-dir files Getting ready How to do it... How it works... There's more... The default configuration file Troubleshooting Options allowed in a client-config-dir file Routing - subnets on both sides Getting ready How to do it... How it works... There's more... Masquerading Client-to-client subnet routing No route statements in a CCD file See also Redirecting the default gateway Getting ready How to do it... How it works... There's more... Redirect-gateway parameters The redirect-private option Split tunneling See also Redirecting the IPv6 default gateway Getting ready How to do it... How it works... There's more... Using an ifconfig-pool block Getting ready
How to do it... How it works... There's more.. Configuration files on Windows Client-to-client access Using the TCP protocol Using the status file Getting ready How to do it... How it works... There's more... Status parameters Disconnecting clients Explicit-exit-notify The management interface Getting ready How to do it... How it works... There's more... See Also Proxy ARP Getting ready How to do it... How it works... There's more... TAP-style networks User nobody Broadcast traffic might not always work See also 3. Client-server Ethernet-style Networks Introduction Simple configuration - non-bridged Getting ready How to do it... How it works... There's more... Differences between TUN and TAP
Using the TCP protocol Making IP forwarding permanent See also Enabling client-to-client traffic Getting ready How to do it... How it works... There's more... Broadcast traffic may affect scalability Filtering traffic TUN-style networks Bridging - Linux Getting ready How to do it... How it works... There's more... Fixed addresses and the default gateway Name resolution See also Bridging-Windows Getting ready How to do it... How it works... See also Checking broadcast and non-IP traffic Getting ready How to do it... How it works... An external DHCP server Getting ready How to do it... How it works... There's more... DHCP server configuration DHCP relay Tweaking etcsysconfig/network-scripts Using the status file
Getting ready How to do it... How it works... There's more... Difference with TUN-style networks Disconnecting clients See also The management interface Getting ready How to do it... How it works... There's more... See also Integrating IPv6 into TAP-style networks Getting ready How to do it... How it works... There's more... See also 4. PKI, Certificates, and OpenSSL Introduction Certificate generation Getting ready How to do it... How it works... There's more... See also OpenSSL tricks - x509, pkcs12, verify output Getting ready How to do it... How it works... Revoking certificates Getting ready How to do it... How it works... There's more... What is needed to revoke a certificate
See also The use of CRLs Getting ready How to do it... How it works... There's more... See also Checking expired/revoked certificates Getting ready How to do it... How it works... There's more... Intermediary CAs Getting ready How to do it... How it works... There's more... Multiple CAs - stacking, using the capath directive Getting ready How to do it... How it works... There's more... Using the -capath directive Determining the crypto library to be used Getting ready How to do it... How it works... There's more... See also Crypto features of OpenSSL and PolarSSL Getting ready How to do it... How it works... There's more... AEAD Ciphers Encryption speed Pushing ciphers
Getting ready How to do it... How it works... There's more... Future enhancements Elliptic curve support Getting ready How to do it... How it works... There's more... Elliptic curve support 5. Scripting and Plugins Introduction Using a client-side up/down script Getting ready How to do it... How it works... There's more... Environment variables Calling the down script before the connection terminates Advanced - verify the remote hostname Using a client-connect script Getting ready How to do it... How it works... There's more... Pitfall in using ifconfig-push The client-disconnect scripts Environment variables Absolute paths Using a learn-address script Getting ready How to do it... How it works... There's more... User nobody The update action
Using a tls-verify script Getting ready How to do it... How it works... There's more... Using an auth-user-pass-verify script Getting ready How to do it... How it works... There's more... Specifying the username and password in a file on the client Passing the password via environment variables Script order Getting ready How to do it... How it works... There's more... Script security and logging Getting ready How to do it... How it works... There's more... Scripting and IPv6 Getting ready How to do it... How it works... There's more... Using the down-root plugin Getting ready How to do it... How it works... There's more... See also Using the PAM authentication plugin Getting ready How to do it... How it works...
There's more... See also 6. Troubleshooting OpenVPN - Configurations Introduction Cipher mismatches Getting ready How to do it... How it works... There's more... Pushable ciphers TUN versus TAP mismatches Getting ready How to do it... How it works... Compression mismatches Getting ready How to do it... How it works... Key mismatches Getting ready How to do it... How it works... See also Troubleshooting MTU and tun-mtu issues Getting ready How to do it... How it works... There's more... See also Troubleshooting network connectivity Getting ready How to do it... How it works... There's more... Troubleshooting client-config-dir issues Getting ready How to do it...
How it works... There's more... More verbose logging Other frequent client-config-dir mistakes See also Troubleshooting multiple remote issues Getting ready How to do it... How it works... There's more... See also Troubleshooting bridging issues Getting ready How to do it... How it works... See also How to read the OpenVPN log files Getting ready How to do it... How it works... There's more... 7. Troubleshooting OpenVPN - Routing Introduction The missing return route Getting ready How to do it... How it works... There's more... Masquerading Adding routes on the LAN hosts See also Missing return routes when iroute is used Getting ready How to do it... How it works... There's more... See also
All clients function except the OpenVPN endpoints Getting ready How to do it... How it works... There's more... See also Source routing Getting ready How to do it... How it works... There's more... Routing and permissions on Windows Getting ready How to do it... How it works... There's more... Unable to change Windows network location Getting ready How to do it... How it works... There's more... Troubleshooting client-to-client traffic routing Getting ready How to do it... How it works... There's more... See also Understanding the MULTI: bad source warnings Getting ready How to do it... How it works... There's more... Other occurrences of the MULTI: bad source message See also Failure when redirecting the default gateway Getting ready How to do it...
How it works... There's more... See also 8. Performance Tuning Introduction Optimizing performance using ping Getting ready How to do it... How it works... There's more... See also Optimizing performance using iperf Getting ready How to do it... How it works... There's more... Client versus server iperf results Network latency Gigabit networks See also Comparing IPv4 and IPv6 speed Getting ready How to do it... How it works... There's more... Client versus server iperf results OpenSSL cipher speed Getting ready How to do it... How it works... There's more... See also OpenVPN in Gigabit networks Getting ready How to do it... How it works... There's more...
Plaintext tunnel Windows performance Compression tests Getting ready How to do it... How it works... There's more... Traffic shaping Getting ready How to do it... How it works... Tuning UDP-based connections Getting ready How to do it... How it works... There's more... See also Tuning TCP-based connections Getting ready How to do it... How it works... There's more... Analyzing performance using tcpdump Getting ready How to do it... How it works... See also 9. OS Integration Introduction Linux - using NetworkManager Getting ready How to do it... How it works... There's more... Setting up routes using NetworkManager DNS settings Scripting
Linux - using pull-resolv-conf Getting ready How to do it... How it works... There's more... Windows - elevated privileges Getting ready How to do it... How it works... Windows - using the CryptoAPI store Getting ready How to do it... How it works... There's more... The CA certificate file Certificate fingerprint Windows - updating the DNS cache Getting ready How to do it... How it works... See also Windows - running OpenVPN as a service Getting ready How to do it... How it works... There's more... Automatic service startup OpenVPN user name See also Windows - public versus private network adapters Getting ready How to do it... How it works... See also Windows - routing methods Getting ready How to do it...
How it works... There's more... Windows 8+ - ensuring DNS lookups are secure Getting ready How to do it... How it works... There's more... Android - using the OpenVPN for Android clients Getting ready How to do it... How it works... There's more... See also Push-peer-info - pushing options to Android clients Getting ready How to do it... How it works... There's more... 10. Advanced Configuration Introduction Including configuration files in config files Getting ready How to do it... How it works... Multiple remotes and remote-random Getting ready How to do it... How it works... There's more... Mixing TCP and UDP-based setups Advantage of using TCP-based connections Automatically reverting to the first OpenVPN server See also Inline certificates Getting ready How to do it... How it works...
There's more... Connection blocks Getting ready How to do it... How it works... There's more... Allowed directives inside connection blocks Pitfalls when mixing TCP and UDP-based setups See also Details of ifconfig-pool-persist Getting ready How to do it... How it works... There's more... Specifying the update interval Caveat - the duplicate-cn option When topology net30 is used Connecting using a SOCKS proxy Getting ready How to do it... How it works... There's more... Performance SOCKS proxies via SSH SOCKS proxies using plain-text authentication See also Connecting via an HTTP proxy Getting ready How to do it... How it works... There's more... http-proxy options Dodging firewalls Performance Using the OpenVPN GUI See also Connecting via an HTTP proxy with authentication
Getting ready How to do it... How it works... There's more... NTLM proxy authorization Authentication methods OpenVPN GUI limitations See also IP-less setups - ifconfig-noexec Getting ready How to do it... How it works... There's more... Point-to-point and TUN-style networks Routing and firewalling Port sharing with an HTTPS server Getting ready How to do it... How it works... There's more... Alternatives Routing features - redirect-private, allow-pull-fqdn Getting ready How to do it... How it works... There's more... The route-nopull directive The max-routes directive See also Filtering out pushed options Getting ready How to do it... How it works... Handing out the public IPs Getting ready How to do it... How it works...
There's more... See also
OpenVPN Cookbook - Second Edition
OpenVPN Cookbook - Second Edition Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: February 2011 Second edition: February 2017 Production reference: 1100217 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78646-312-8 www.packtpub.com
Credits Author Jan Just Keijser Copy Editor Pranjali Chury Reviewer Ralf Hildebrandt Project Coordinator Izzat Contractor Commissioning Editor Pratik Shah Proofreader Safis Editing Acquisition Editor Rahul Nair Indexer Tejal Soni Content Development Editor Zeeyan Pinheiro Production Coordinator Melwyn D'sa Technical Editor Vivek Pala
About the Author Jan Just Keijser is an open source professional from Utrecht, the Netherlands. He has a wide range of experience in IT, ranging from providing user support, system administration, and systems programming to network programming. He has worked for various IT companies since 1989. He was an active USENET contributor in the early 1990s and has been working mainly on Unix/Linux platforms since 1995. Currently, he is employed as a senior scientific programmer in Amsterdam, the Netherlands, at Nikhef, the institute for subatomic physics from the Dutch Foundation for Fundamental Research on Matter (FOM). He works on multi- core and many-core computing systems and grid computing as well as smartcard applications. His open source interests include all types of virtual private networking, including IPSec, PPTP, and, of course, OpenVPN. In 2004, he discovered OpenVPN and has been using it ever since. His first book was OpenVPN 2 Cookbook by Packt Publishing in 2011, followed by Mastering OpenVPN, also by Packt Publishing, in 2015.
About the Reviewer Ralf Hildebrandt is an active and well-known figure in the Postfix community. He’s currently employed at Charite, Europe’s largest university hospital. OpenVPN has successfully been used at Charite for over 10 years now on a multitude of client operating systems. Together with Patrick Koetter, he has written the Book of Postfix.
www.PacktPub.com For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. https://www.packtpub.com/mapt Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career. Why subscribe? Fully searchable across every book published by Packt Copy and paste, print, and bookmark content On demand and accessible via a web browser
Customer Feedback Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://goo.gl/A3V0ND. If you'd like to join our team of regular reviewers, you can e-mail us at customerreviews@packtpub.com. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Preface OpenVPN is one of the world's most popular packages for setting up a Virtual Private Network (VPN). OpenVPN provides an extensible VPN framework that has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients or supporting alternative authentication methods via OpenVPN's plugin module interface. It is widely used by many individuals and companies, and some service providers even offer OpenVPN access as a service to users in remote, unsecured environments. This book provides you with many different recipes for setting up, monitoring, and troubleshooting an OpenVPN network. The author's experience in troubleshooting OpenVPN and networking configurations enables him to share his insights and solutions to help you get the most out of your OpenVPN setup.
What this book covers Chapter 1, Point-to-Point Networks, gives an introduction to configuring OpenVPN. The recipes are based on a point-to-point-style network, meaning that only a single client can connect at a time. Chapter 2, Client-Server IP-Only Networks, introduces the reader to the most commonly-used deployment model for OpenVPN: a single server with multiple remote clients capable of routing IP traffic. This chapter provides the foundation for many of the recipes found in the other chapters. Chapter 3, Client-Server Ethernet-Style Networks, covers another popular deployment model for OpenVPN: a single server with multiple clients, capable of routing Ethernet traffic. This includes non-IP traffic as well as bridging. You will also learn about the use of an external DHCP server and the use of the OpenVPN status file. Chapter 4, PKI, Certificates, and OpenSSL, introduces you to the public key infrastructure (PKI) and X.509 certificates, which are used in OpenVPN. You will learn how to generate, manage, manipulate, and view certificates, and you will also learn about the interactions between OpenVPN and the OpenSSL libraries that it depends upon. Chapter 5, Scripting and Plugins, covers the powerful scripting and plugin capabilities that OpenVPN offers. You will learn to use client-side scripting, which can be used to tail the connection process to the site-specific needs. You will also learn about server-side scripting and the use of OpenVPN plugins. Chapter 6, Troubleshooting OpenVPN - Configurations, is all about troubleshooting OpenVPN misconfigurations. Some of the configuration directives used in this chapter have not been demonstrated before, so even if your setup is functioning properly, this chapter will still be insightful. Chapter 7, Troubleshooting OpenVPN - Routing, gives an insight into troubleshooting routing problems when setting up a VPN using OpenVPN. You will learn how to detect, diagnose, and repair common routing issues.
Chapter 8, Performance Tuning, explains how you can optimize the performance of your OpenVPN setup. You will learn how to diagnose performance issues and how to tune OpenVPN's settings to speed up your VPN. Chapter 9, OS Integration, covers the intricacies of integrating OpenVPN with the operating system it is run on. You will learn how to use OpenVPN on the most commonly used client operating systems: Linux, Mac OS X, and Windows. Chapter 10, Advanced Configuration, goes deeper into the configuration options that OpenVPN has to offer. The recipes will cover both advanced server configurations, such as the use of a dynamic DNS, as well as the advanced client configuration, such as using a proxy server to connect to an OpenVPN server.
What you need for this book In order to get the most from this book, there are some expectations of prior knowledge and experience. It is assumed that the reader has a fair understanding of the system administration as well as knowledge of TCP/IP networking. Some knowledge on installing OpenVPN is required as well, for which you can refer to the book Beginning OpenVPN 2.0.9.
Who this book is for This book is for system administrators who have basic knowledge of OpenVPN and are eagerly waiting to build, secure, and manage VPNs using the latest version. This book assumes some prior knowledge of TCP/IP networking and OpenVPN. And to get the most out of this book, you must have network administration skills.
Conventions In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning. Code words in text are shown as follows: "Copy over the tls-auth secret key file from the etcopenvpn/cookbook/keys directory." A block of code is set as follows: user nobody group nobody persist-tun persist-key keepalive 10 60 ping-timer-rem When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold: secret secret.key 1 ifconfig 10.200.0.2 10.200.0.1 route 172.31.32.0 255.255.255.0 tun-ipv6 ifconfig-ipv6 2001:db8:100::2 2001:db8:100::1 Any command-line input or output is written as follows: [root@server]# openvpn --genkey --secret secret.key New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Go to the Network and Sharing Center and observe that the TAP adapter is in the section Public Network and that it is not possible to change this." Note
Warnings or important notes appear in a box like this. Tip Tips and tricks appear like this.
Reader feedback Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase. Downloading the example code You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you. You can download the code files by following these steps: 1. Log in or register to our website using your e-mail address and password. 2. Hover the mouse pointer on the SUPPORT tab at the top. 3. Click on Code Downloads & Errata. 4. Enter the name of the book in the Search box. 5. Select the book for which you're looking to download the code files. 6. Choose from the drop-down menu where you purchased this book from. 7. Click on Code Download. You can also download the code files by clicking on the Code Files button on the book's webpage at the Packt Publishing website. This page can be accessed by entering the book's name in the Search box. Please note that you need to be logged in to your Packt account. Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of: WinRAR / 7-Zip for Windows Zipeg / iZip / UnRarX for Mac 7-Zip / PeaZip for Linux The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/openvpncookbook. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Errata Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section. Piracy Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at copyright@packtpub.com with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content. Questions If you have a problem with any aspect of this book, you can contact us at questions@packtpub.com, and we will do our best to address the problem.
Chapter 1. Point-to-Point Networks In this chapter, we will cover the following: The shortest setup possible OpenVPN secret keys Multiple secret keys Plaintext tunnel Routing Configuration files versus the command line IP-less configurations Complete site-to-site setup Three-way routing Using IPv6 Introduction The recipes in this chapter will provide an introduction to configuring OpenVPN. They are based on a point-to-point type of network, meaning that only a single client can connect at a given time. A point-to-point network is very useful when connecting to a small number of sites or clients. It is easier to set up, as no certificates or public key infrastructure (PKI) is required. Also, routing is slightly easier to configure as no client-specific configuration files containing --iroute statements are required. The drawbacks of a point-to-point network are as follows: The lack of having perfect forward secrecy-a key compromise may result in a total disclosure of previous sessions The secret key must exist in plaintext form on each VPN peer
The shortest setup possible This recipe will explain the shortest setup possible when using OpenVPN. For this setup, you require two computers that are connected over a network (LAN or Internet). We will use both a TUN-style network and a TAP-style network and will focus on the differences between them. A TUN device is used mostly for VPN tunnels where only IP traffic is used. A TAP device allows all the Ethernet frames to be passed over the OpenVPN tunnel, hence providing support for non-IP based protocols, such as IPX and AppleTalk. While this may seem useless at first glance, it can be very useful to quickly test whether OpenVPN can connect to a remote system. Getting ready Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 Pro 64bit and OpenVPN 2.3.10. How to do it... Here are the steps that you need to follow: 1. Launch the server-side (listening) OpenVPN process for the TUN-style network: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun Note The preceding command should be entered as a single line. The character is used to denote the fact that the command continues on the next line. 2. Then, launch the client-side OpenVPN process: [WinClient] C:>"Program FilesOpenVPNbinopenvpn.exe"
--ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote openvpnserver.example.com The following screenshot shows how a connection is established: As soon as the connection is established, we can ping the other end of the tunnel. 3. Next, stop the tunnel by pressing the F4 function key in the command window and restart both ends of the tunnel using the TAP device. 4. Launch the server-side (listening) OpenVPN process for the TAP-style network: [root@server]# openvpn --ifconfig 10.200.0.1 255.255.255.0 --dev tap 5. Then launch the client-side OpenVPN process: [WinClient] C:>" Program FilesOpenVPNbinopenvpn.exe" --ifconfig 10.200.0.2 255.255.255.0 --dev tap --remote openvpnserver.example.com The connection will now be established and we can again ping the other end of the tunnel. How it works...
The server listens on UDP port 1194, which is the OpenVPN default port for incoming connections. The client connects to the server on this port. After the initial handshake, the server configures the first available TUN device with the IP address 10.200.0.1 and it expects the remote end (the Peer address) to be 10.200.0.2. The client does the opposite: after the initial handshake, the first TUN or TAP- Win32 device is configured with the IP address 10.200.0.2. It expects the remote end (the Peer address) to be 10.200.0.1. After this, the VPN is established. Note Notice the warning: ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext Here, the data is not secure: all of the data that is sent over the VPN tunnel can be read! There's more... Let's look at a couple of different scenarios and check whether they would modify the process. Using the TCP protocol In the previous example, we chose the UDP protocol. It would not have made any difference if we had chosen the TCP protocol, provided that we had done that on the server side (the side without --remote) as well as the client side. The following is the code for doing this on the server side: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --proto tcp-server Here's the code for the client side: [root@client]# openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --proto tcp-client --remote openvpnserver.example.com
Forwarding non-IP traffic over the tunnel With the TAP-style interface, it is possible to run non-IP traffic over the tunnel. For example, if AppleTalk is configured correctly on both sides, we can query a remote host using the aecho command: aecho openvpnserver 22 bytes from 65280.1: aep_seq=0. time=26. ms 22 bytes from 65280.1: aep_seq=1. time=26. ms 22 bytes from 65280.1: aep_seq=2. time=27. ms A tcpdump -nnel -i tap0 command shows that the type of traffic is indeed non-IP-based AppleTalk.
OpenVPN secret keys This recipe uses OpenVPN secret keys to secure the VPN tunnel. It is very similar to the previous recipe, but this time, we will use a shared secret key to encrypt the traffic between the client and the server. Getting ready Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 64 bit and OpenVPN 2.3.10. How to do it... 1. First, generate a secret key on the server (listener): [root@server]# openvpn --genkey --secret secret.key 2. Transfer this key to the client side over a secure channel (for example, using scp). 3. Next, launch the server-side (listening) OpenVPN process: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key 4. Then, launch the client-side OpenVPN process: [WinClient] C:>"Program FilesOpenVPNbinopenvpn.exe" --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key --remote openvpnserver.example.com The connection is now established, as shown in the following screenshot:
How it works... This example works exactly as the first one: the server listens to the incoming connections on UDP port 1194. The client connects to the server on this port. After the initial handshake, the server configures the first available TUN device with the IP address 10.200.0.1 and it expects the remote end (Peer address) to be 10.200.0.2. The client does the opposite. There's more... By default, OpenVPN uses two symmetric keys when setting up a point-to-point connection: A cipher key to encrypt the contents of the packets being exchanged. An HMAC key to sign packets. When packets arrive that are not signed using the appropriate HMAC key, they are dropped immediately. This is the first line of defense against a "denial-of-service" attack. The same set of keys are used on both ends and both keys are derived from the file specified using the --secret parameter. An OpenVPN secret key file is formatted as follows: # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1-----
-----BEGIN OpenVPN Static key V1----- <16 lines of random bytes> -----END OpenVPN Static key V1----- From the random bytes, the OpenVPN Cipher and HMAC keys are derived. Note that these keys are the same for each session. See also The next recipe, Multiple secret keys, will explain the format of secret keys in detail
Multiple secret keys As stated in the previous recipe, OpenVPN uses two symmetric keys when setting up a point-to-point connection. However, it is also possible to use shared yet asymmetric keys in point-to-point mode. OpenVPN will use four keys in this case: A cipher key on the client side An HMAC key on the client side A cipher key on the server side An HMAC key on the server side The same keying material is shared by both sides of the point-to-point connection, but the keys that are derived for encrypting and signing the data are different for each side. This recipe explains how to set up OpenVPN in this manner and how the keys can be made visible. Getting ready For this recipe, we use the secret.key file from the previous recipe. Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 64 bit and OpenVPN 2.3.10. We'll use the secret.key file from the OpenVPN secret keys recipe here. How to do it... 1. Launch the server-side (listening) OpenVPN process with an extra option to the --secret parameter and with more verbose logging: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key 0 --verb 7 2. Then launch the client-side OpenVPN process: [WinClient] C:>"Program FilesOpenVPNbinopenvpn.exe" --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key 1 --remote openvpnserver -- verb 7 The connection will be established with a lot of debugging messages.
The connection will be established with a lot of debugging messages. If we look through the server-side messages (searching for crypt), we can find the negotiated keys on the server side. Note that the output has been reformatted for clarity: ... Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Encrypt: CIPHER KEY: 80797ddc 547fbdef 79eb353f 2a1f3d1f ... Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Encrypt: HMAC KEY: c752f254 cc4ac230 83bd8daf 6141e73d 844764d8 ... Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Decrypt: CIPHER KEY: 8cf9abdd 371392b1 14b51523 25302c99 ... Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Decrypt: HMAC KEY: 39e06d8e 20c0d3c6 0f63b3e7 d94f35af bd744b27 On the client side, we will find the same keys but the "Encrypt" and "Decrypt" keys would have been reversed: ... Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Encrypt: CIPHER KEY: 8cf9abdd 371392b1 14b51523 25302c99 ... Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Encrypt: HMAC KEY: 39e06d8e 20c0d3c6 0f63b3e7 d94f35af bd744b27 ... Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Decrypt: CIPHER KEY: 80797ddc 547fbdef 79eb353f 2a1f3d1f ... Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Decrypt: HMAC KEY: c752f254 cc4ac230 83bd8daf 6141e73d 844764d8 If you look at the keys carefully, you will see that each one of them is mirrored on the client and the server side. How it works... OpenVPN derives all the keys from the static.key file, provided there is enough entropy (randomness) in the file to reliably generate four keys. All the keys generated using the following will have enough entropy: $ openvpn -- genkey --secret secret.key An OpenVPN static key file is 2,048 bits in size. The cipher keys are each 128 bits, whereas the HMAC keys are 160 bits each, for a total of 776 bits. This allows OpenVPN to easily generate four random keys from the static key file, even if a cipher is chosen that requires a larger initialization key.
There's more... The same secret key files are used in a client/server setup when the tls-auth ta.key parameter is used. See also The Setting up the public and private keys recipe from Chapter 2, Client- server IP-only Networks, in which the tls-auth key is generated in a very similar manner
Random documents with unrelated content Scribd suggests to you:
Critique: the useful is a practical fact. The useful as the egoistic or immoral. Having made clear that the definition of the useful as means implies the negation of the useful as a practical fact and its reduction to a theoretical category already known, we must exclude the possibility of such a reduction, for in the useful, the practical character, the effectivity of the will, is ineliminable. "It is useful for me to take a walk" means, "It pleases me to take a walk," "I will to do it." It is a question, not of contemplation or of reasoning, but of volitional movement. The knowledge that precedes the utilitarian act is one thing, the act itself is another. The old man has the same knowledge as the young man, he has indeed much more (si jeunesse savait, si vieillesse pouvait!), but he does not will what the young man wills: he knows that by traversing so many kilometers he will arrive at a certain definite point; but it is not useful for him to go there, because it is not useful for him to traverse those kilometers, or to submit to that exertion at the risk of an illness. The utilitarian will is expressed, not in merely hypothetical imperatives, but in those categoric imperatives that are at the same time hypothetical. The general formula is "will!" or "will that you will!" or "be coherent in your willing!" as the individuated forms are those that we are continually repeating to ourselves, "now, to bed!" "now, up you get!" and the like; which, when developed, mean: "go to bed" (if you wish to rest yourself), "get up" (if you wish to work), and so on. The distinction between the cognoscitive and the volitional theses is here evident. Since then, owing to the unalterably practical character of the utilitarian fact, it was not possible to insist upon its reduction to the technical, and since, on the other hand, it was not desired to recognize it as a practical category side by side with the practical category of morality, they have tried to think of it as something certainly practical, but at the same time of little value, to beware of it, to combat it, to free ourselves from it. "Useful" has in this way become synonymous with wilfulness, with individual caprice, with will more or less perverted, and (looking upon immorality as the
Critique: the useful is amoral. individual I, shut up in itself and rebelling against the universal) with egoism. This theory is supported by certain common modes of speech, in which the moral man is opposed to the man intent upon what is useful to him as an individual, the ethical to the economic life. But it is a question of phrases, true,' perhaps, in a certain sense, but inexact when understood or interpreted as affirmations of a contest between morality and utility. We discover at once that the contest is inexistent, by merely thinking of the case already mentioned, of the man in whom the moral conscience is not developed or has been suppressed, or of the case—limit called innocence. What is done in innocence responds, no doubt, to individual pleasure, and so to what is useful for the individual, as he feels it in the given circumstances: were this not so, what is done would not be done. But innocence is not immoral on this account. It will be amoral, because it is merely individual volition deprived of the light of the eternal; it will never be immoral. Thus (to make use of the comparison and analogy of the theoretic activity) the images that the poet creates will be without philosophy, but will not for this reason be anti-philosophical. Because, were that so, they would have to be partially philosophical, that is to say, to enter into strife with philosophy; but there is no such strife, and, therefore, those images, although philosophically not true, are none the less not philosophically false. Yet they are theoretical acts, in the same way that philosophy is a theoretical act. The philosophical innocence of the poet does not change his intuitive knowledge into bad philosophical knowledge, into a negative of philosophy.—Further, the useful not only is not the negative of morality, but, as we know, is also a fact that unites itself very well with morality, as the word is joined to the thought, making it concrete and palpable, so much so that thought without words is impossible. What honourable man would tolerate being judged disuseful? What moral action would be truly moral, were it not at the same time useful? The good action is good, because it is not bad, that is, it absolutely excludes the bad at the point in which it becomes effective; but certainly it is not so,
The useful as ethical minimum. Critique: the useful is premoral. because disuseful; indeed, in being good, it is also useful, because it absolutely comprehends the useful in itself at the point in which it becomes effective. The union of morality with utility suffices to eliminate the concept of the useful as a negative. Certainly negative and positive do unite to give rise to becoming and to development; but their union is that of strife, not of concord. The third way of eliminating the concept of the useful from Philosophy, or from the Philosophy of the practical, is that which makes of it a concept of ethical description, or an empirical and psychological concept designating certain groups of very minute ethical facts, the rudimentary ethical consciousness. Hence the illusion of the existence of volitional acts indifferent in respect to morality. These acts are really indifferentiated for the mind that is examining them, which sometimes does not take the trouble to do so minutely, save when such an examination is seriously undertaken, and then they are always differentiated into good or bad. Thus it generally said that eating and sleeping, playing at cards or at billiards, are things that appertain, not to morality, but to individual utility, and that each one may conduct himself as he wills in respect to them, whereas individual choice is excluded when it is necessary to fulfil one's own obligations of social work or of respecting the life of one's neighbour. But if we observe attentively, we see that also in eating or in sleeping, in playing cards or billiards, one acts morally or immorally, since, for example, it is immoral to ruin one's health with eating too much, or with sleeping too little, or to corrupt soul and intellect with card-playing and dawdling in billiard-rooms, when one can do something better. But the useful is none of all these things; it is not the complex of ethical micro-organisms, in which we discover with the microscope the same facts of life and of death that we observe with the naked eye in macro- organisms. No microscope will ever discern in it the oppositions of moral good and evil, because these oppositions are not really there; there are only those of utilitarian or economic good and evil. For the
A desperate attempt: the useful as inferior practical conscience. Confirmation of the autonomy of the useful. useful is not the moral minimum, but the premoral. In this case it is a question, not of approximative, but of rigorous difference; not psychological, but philosophical. Finally, it is necessary to consider the attempt to present the utilitarian conscience as a moral conscience, different and inferior to another moral conscience placed over it, not as a new mode of eliminating the concept of the useful, by absorbing it in that of morality, but as a confession of the autonomy of that moment of the spirit. It would be moral, because there is no contradiction to be found in it that can cause it to be judged immoral, and if it be so judged, this happens because it is looked at from the point of view of the superior conscience, or because the superior conscience is erroneously transported into the inferior. But this has importance precisely because it is not moral, and because the value that it is admitted to possess, far from being morality, is spirituality; that is to say, it constitutes a peculiar spiritual value, different from morality. "Better a will of some sort than no will at all" is a common saying which means that prior to morality, there is another and more elementary spiritual demand. The distinction of the two consciences, then, is philosophical, not one of more or less, a distinction of degrees, but not of empirical degrees, which coincides with our conclusion. Thus, to return to the usual comparison, the poetical figuration is true, and can only be judged false by him who looks upon it from a philosophical point of view, or himself falsifies it by turning it into a bad philosopheme. But the truth of that figuration is not philosophical, and remains purely and simply poetical truth. It will be said that morality is implied in utilitarian volition, because, when the individually useful is posited, the universal, which will dominate and correct it, is promoted, in the same way as it has been said that philosophy is implied in the æsthetic intuition, since by positing the individual imagination is posited the claim of the universal, which surpasses and renders it untrue. But since the æsthetic conscience is distinguished from the philosophical, precisely
Economic and ethic as the double degree of the practical. because that which in the latter is explicit is only implicit in the former, so, in like manner, the utilitarian conscience is distinguished from the moral conscience, because that morality which becomes explicit and effective in the second, is only implicit or actually inexistent in the first. The difference between implicit and explicit is another way of enunciating the distinction between the two consciousnesses or practical forms, the autonomy of both being thus recognized. IV RELATION BETWEEN THE ECONOMIC AND ETHICAL FORMS The respective distinction and autonomy of the two forms, economic and ethic, as we have hitherto been expounding it, and as results from the words "inferior" and "superior" just now used, is that of two degrees, at once distinct and united, such that the first can stand without the second, but the second cannot stand without the first. The moment of distinction lies in that possibility of existence independent of the first; the moment of unity is in the impossibility of independent existence of the second. If the first were wanting, there would be identity; if the second, there would be abstract distinction or separation. For this reason we have insisted upon showing that there are actions without morality, yet which are perfectly economical, whereas moral actions that are not also perfectly useful or economical do not exist. Morality lives in concrete, in utility, the universal in the individual, the eternal in the contingent. Hence our reason for reducing the theses that denied the distinction between the two practical forms to an exclusive affirmation of the economic form, this latter being as it were the general form, which of itself involves both itself and the other.
Errors arising from conceiving them as coordinated. Disinterested actions. Critique. Vain polemic conducted with such an assumption against utilitarianism. Even when both the practical forms, economic and ethic, utility and morality, are admitted, the gravest errors arise from failing to understand the connection of unity-distinction that exists between them, conceiving them as juxtaposed or parallel, and the respective concepts as coordinated. In truth, if utility and morality were coordinate concepts, each included as species beneath the general concept of practical activity, the first consequence that could be drawn from this (and it has been drawn) is that morality is conceivable without utility. This has given rise to the absurd concept of disinterested actions, that is, of those moral actions that should hold themselves aloof from any sort of impure contact with utility. But disinterested actions would be foolish actions, that is to say, wilful acts, caprices, non-actions. Every action is and must be interested; indeed, the more profoundly it is interested, so much the better. What interest is stronger and more personal than that which impels the man of science to the search for truth, which is his life? Morality requires that the individual should, in every case, make his individual interest that of the universal; and it reproves those who engage themselves in an insoluble contradiction between the individual interest of the universal and that which is merely individual. But it cannot claim to suppress the interest, that is, itself, in the same way that the volitional act dominates the passions, but cannot eradicate them without eradicating itself. Hence, as the volitional act triumphs over the passions as the supreme passion, so morality triumphs over interests as the supreme interest. The polemic of autonomous Ethic against the heteronomous Ethic of utilitarianism has had a false and fruitless beginning, owing to this fiction of disinterested actions. In the belief of conquering and more than conquering, it has been attempted to show that man accomplishes some actions without any personal interest, whereas on the contrary an easy
Actions morally indifferent, obligatory, supererogatory, etc. Critique. victory has in this way been prepared for the adversary. Utilitarianism, in fact, has always been able triumphantly to make the counter-demonstration that there is no action, be it as lofty as you will, that does not answer to a personal end. It is evident that the hero has his personal interest in the pro patria mori, just as the saint, who wishes to direct his soul toward humility, finds his own account in allowing himself to be abused, beaten and splashed with mud ("in this is perfect joy," said Francesco of Assisi to Frate Leone). Correct polemic should not enter upon the useless task of denying this evidence; it should on the contrary admit, as was admitted above, that there is no action which does not answer to an individual desire, since it is the individual that performs it, and the universal is always obliged to avail itself of individuals. But when this point has been conceded and admitted, it will prove, as was proved above, that the useful action can either remain merely personal or progress to the action that is universal-personal, ethical-useful. And the ethical-useful action itself is precisely the new spiritual category that the utilitarian does not see. A second erroneous but unavoidable consequence of the conception of useful and moral as coordinated concepts is that while, according to that theory, there can be ethical actions economically disinterested or indifferent, so there can be actions that are useful and morally indifferent. The indifferent would not be those that are merely economic, and, therefore, neither moral nor immoral, which we have recognized as the necessary precedent of moral actions, reappearing always when a return is made to the state of innocence, or as soon as the moral conscience is abolished or suspended. They would on the contrary be economic actions that should persist as such, that is, as ingenuous and amoral, when the moral consciousness is already kindled, and consequently in the very circle of such a conscientiousness. They are altogether inadmissible when thus conceived, and to have admitted them is equivalent to annulling morality, as the recognition of the right of subjects to rebel at their
Comparison with the relation of art and philosophy. pleasure would be to annul sovereignty, or a burlesque contract containing the clause that each party should be free not to observe the other clauses agreed upon, at his pleasure. Indifferent actions do not exist, either for economy or for morality, and those to which such a character is generally attributed are, as we know, indifferentiated, not indifferent, and always differentiable when more closely examined. Only he who places the useful and the moral, side by side with one another, separate and impenetrable, is of necessity led to conceive of useful actions morally indifferent, and as such licit or permissible. Hence it also happens that moral actions also seem to be obligatory compared with the first; and that, in order to obtain equilibrium at the other extremity, ultramoral or more than moral actions, called meritorious or supererogatory, are placed side by side with obligatory actions that hold the mean. But morality does not grant leave not to do, nor prizes for doing more than was required; it simply imposes doing, doing always what is morally good, always realizing the universal, in ordinary as in extraordinary life, on the occasions that occur every day, every hour, every minute, as in those that occur every year, every ten years, every century. Nothing is indifferent to economy in its sphere and nothing to morality in its sphere: in it, economic actions with their premoral character do not persist, but only moral actions subsist. Economicity is certainly the concrete form of morality; but it is never an element that possesses a value of its own in the moral life. A comparison with the theoretic activity will serve to make clearer this criticism of the licit or morally indifferent. Artistic intuitions or expressions are neither true nor false philosophically, so much so that Philosophy, if it wish to exist, must also become concrete itself, as living speech, æsthetic form, intuition-expression, and place itself as an intuition among intuitions, though it be an intuition portans mysteria, that is, enclosing in itself the universal. But the appearance of philosophy reacts upon the pure intuitions, or upon the poetic representation of the world, in which existent and inexistent were indistinct; and the world of intuition transforms itself into the world
Other erroneous conceptions of modes of action. of perceptions, in which those that once were poetic intuitions, are now all of them critical or reflective images penetrated by the concepts, divided into images of existence and images of possibility. In the world of perception or of history, no poetical element can subsist as such; what was a bewitching truth in the field of art, were it introduced into history, would give rise to disharmony and become changed into a repugnant lie, as we see is actually the case in history mingled with inventions and fables. History too assumes artistic form; but it cannot tolerate in its bosom art as an element standing alone. Utilitarian or economic volitions and the moral- economic volitions (universal and historical perceptions or representations of the practical) proceed in a manner perfectly analogous (intuitions of the practical). Moral indifference belongs to the first, when they are on this side of the moral conscience, but within this conscience they lose the right to innocence, as in history the pure intuitions, when they have become perceptions, lose the privilege that they possessed as pure intuitions. The ethical discrimination of the economic volitions, which takes place through the moral conscience, is then in full correspondence with the historical discrimination of the æsthetic intuitions, which takes place through the logical conscience. We owe to the false conception by coordination, not only the two monstrous little concepts of disinterested actions and of those that are morally indifferent, licit, or permissive, but others also, which have been deduced by means of a somewhat different casuistic from the same general hypothesis. Indeed, in the preceding case, useful and moral, posited as apart and parallel, were maintained one extraneous to the other and at peace between themselves. But nothing forbade that warlike plans should be attributed to those two entities, just as when two coordinate animal species are posited, we may suppose, either that the individuals of each one mind their own affairs and allow the individuals of the other species to live and to prosper in peace, or that the one takes to persecuting the other, sometimes injuring or destroying it and
sometimes being by it injured or destroyed. Thus were and are obtained concepts of moral anti-economic actions and of anti- economic moral actions, of immoral economic actions, and of economic immoral actions, four concepts which are all four to be rejected. Moral action can never be accomplished at a loss: morality is for the moral man the supreme advantage in the situation in which he finds himself, and it would be erroneous to measure it by comparison with what an individual without morality would do in the same situation, for, as we know, individual and situation are all one, in such a way that a like comparison is impossible. In a similar manner, an anti-economic action can never be moral; at the most it will not even be amoral, or will not even posit the primary and generic condition of morality, that is, it will not be action, but inert contemplation. An immoral action can never be economic, because immorality implies internal disagreement and strife between one volition directed to the universal and another directed to the merely individual, hence the result will be practical inconclusion and infecundity, dissatisfaction and remorse; that is to say, just the opposite of utility and economicity. In like manner, an economic action can never be immoral: at the most (when it is merely an economic action), it will be amoral.
Pleasure and the economic activity, happiness and virtue. Pleasure, pain and feeling. Coincidence of duty with pleasure. The bond of unity and distinction that exists between the concepts of the useful and the moral and the consequent negation of the formula of coordination, help to solve in a definite way the intricate questions relating to pleasure and morality, happiness and virtue. First of all, we can here give yet another meaning to the indeterminate category of feeling with its poles of pleasure and pain, for it is clear that when feeling was distinguished from moral activity and set at variance with it, we had in view nothing but the pure economic activity. And in truth, of all the tendencies included in that concept as sketched out, this of economicity seems on the whole to prevail over the others, so much so that we shall henceforth be disposed to give to the word "feeling" the name of economic activity. Thus it was reasonably maintained, with implied reference to this meaning, that pleasure and pain are proper to feeling and extraneous to the other spiritual forms, and that they only act in the others as concomitants. For if the theoretical forms give rise to the dialectic of true and false, in so far as the practical spirit can be introduced into them, it is clear that pleasure and pain come to those forms from the practical spirit, with which the theoretic spirit is always in unity. In the practical spirit too, the moral activity divides into pleasure and pain, in so far as it has concrete or economic form; and therefore in so far as it is economic, not in so far as it is moral. Pleasure and pain belong to feeling alone, because they belong to the economic activity alone, which is the practical in its general form, involving of itself all the other forms, practical and theoretic. When this has been established, pleasure or economic feeling or economic activity as positive cannot be at strife with duty or with the moral activity in its positivity, for the two terms coincide. The divergence existed only when they were conceived, not in unity and distinction, but in coordination. When we speak of a good action
Critique of rigorism or asceticism. Relation of happiness and virtue. accompanied with pain, we make an inexact statement, or better, we make use of a mode of expression that must be understood, not literally, but in its spirit. The good action, as such, always brings with it satisfaction and pleasure, and the pain said to accompany it, either shows that the action is not yet altogether good, because it has not been willed with complete internal accord, or that a new practical problem, still unsolved and therefore painful, lies beyond the pleasurable moral action. The other false idea, of rigoristic or ascetic Ethic, which makes war upon pleasure as such, derives from the plan of coordination, through the already mentioned casuistic of the conflict between the coordinated terms. Indeed, if it be legitimate to combat this or that pleasure, which enters into a contest with the moral act, it is not possible to abolish the category of pleasure, for the reason already given, that in this way the category itself of morality, which has its reality and concreteness in pleasure (in economicity), would be abolished: the concrete and real moral act is also pleasurable. The attempt to abolish pleasure is as insane as would be the wish to speak without words or any other form of expression, preserving thought pure of such sensual contacts, that is to say, producing an inexpressed and inexpressible thought. This last attempt has been made by mysticism, which either does not give thoughts at all, or, contradicting itself, gives them expressed and logical, like those of all other doctrines. Asceticism provides a complete counterpart to this in the practical field, for it might be called mysticism of the practical in the same way as the name of asceticism of the theoretical would not be unsuitable to mysticism. What has been said of the relation between pleasure and morality, is to be repeated of the other between happiness and virtue, a relation that is identical with the preceding, from which it diners only because expressed by means of empirical concepts of class. Happiness is not virtue, as pleasure is not morality, because there exist the pleasure of the innocent or of the mentally deficient, and
Critique of the subordination of pleasure to morality. the happiness of the child or the brute, who are without moral conscience. But virtue is always happiness, as morality is always pleasure. It will be said that a virtuous man may be unhappy, because he suffers atrocious physical pain or is in financial difficulties, and, therefore, that virtue and happiness do not coincide. But this is a vulgar sophism, because the virtuous man, who should be also happy, must be truly and altogether virtuous; that is to say, he must cure and conquer the ills of the body and of fortune with his energy, if he can, or, if it be impossible to conquer them, he must resign himself and take them into account and develop his own activity within the limits that they lay down. Every individual, not only the unfortunate individual of the example, has his limits; and everyone can transform his limits into pains by being dissatisfied with them, just as every one can, with resignation, transform his pains into limits and conditions of activity. It will be said that sometimes the evils that assail the virtuous man are not only incurable, but so intolerable as to render all resignation impossible. But he who does not effectively and absolutely resign himself, that is, does not accommodate himself to life, dies; and the occurrence of the death of the individual is neither happiness nor unhappiness: it is a fact or event. Finally, the theory that subordinates pleasure or happiness, utility or economy, to duty, to virtue, to moral activity, is to be rejected. The subordination of the one term to the other is not possible on this side of morality, because only one of the two terms is present; and in like manner it is impossible in the moral circle, because, though the terms are certainly two, they are two in one, not one above and the other below; that is to say, they are distinct terms that become unified. Morality has complete empire over life, and there is not an act of life, be it as small as you will, that morality does not or ought not to regulate. But morality has no absolute empire over the forms or categories of the spirit, and as it cannot destroy or modify itself, so it cannot destroy or modify the other spiritual forms, which are its necessary support and presupposition.
No empire of morality over the forms of the spirit. Inexistence of other practical forms and impossibility of subdivision of the two established. Hence is apparent the remarkable fatuity of those who pretend to regulate morally the function of art, of science, or of economy and profess moralistic theories of art and philosophy and a moralized economic science. The poet, the man of science, the business man, must be as honest as others, but it is not given to them to tear in pieces the nature of poetry, of science and of industry, in the madness of honesty. Indeed, were this done or attempted, and the poet were to introduce extraneous elements into his work of art, through his failure to understand morality, or the philosopher to veil or alter the purity of truth, or the man of business foolishly to bring his own business to ruin, then and only then, would they be dishonest. To substitute the single acts of life that appertain to morality, for the universal forms of the spirit, and to predicate of these what should be predicated only of those, is so evident an absurdity that it could not be committed by anyone accustomed to philosophical distinctions. But what nonsense is so evident that idle babblers and elegant men of letters do not know how to cover with their ratiocinative and æsthetic flowers and to present to society or to the academic world as truth, or at least as a theory worthy of reflection and discussion? Such, then, are the two forms of the practical activity, and such their relation; and as it is not possible to reduce them to one alone, so it is not possible to multiply them beyond the two, which altogether exhaust the nexus of finite and infinite. Hence, too, we perceive that the economic and also the ethic-economic activity do not each of them give rise to new subdivisions, because other terms of subdivision are not conceivable beyond the duality of finite and infinite. As there are no philosophical and ethical classes, nor categories of expression (rhetoric), nor categories of concepts (formalistic logic), so there are no economic categories and ethical categories beyond those that constitute utility (volition of the individual) and morality (volition of the universal).
Problem of the relations between Philosophy and Science of Economy. V THE PHILOSOPHY OF ECONOMY AND THE SO-CALLED SCIENCE OF ECONOMY Internal observation, confirming at all points rational necessity, has rendered clear the existence of a special form of practical activity, the utilitarian or economic, and of a correlative Economic or Philosophy of economy. But however irrefutable may seem the demonstration that we have given, yet it will never be altogether satisfactory, while a very important point is left obscure: the relation between our Philosophy of economy and the Science of economy. This is a system of doctrine that takes various names and forms, and is presented in turn as political, national, pure, or mathematical Economy; it is a system of doctrines which, although not without precedents in antiquity, has been gradually formed, especially in recent centuries, and is now in fullest flower. A saying of Hegel is often recorded, not without satisfaction, for even in his time he praised Economy as "a science that does much honour to thought, because it extracts the laws from a mass of accidentally."[1] Has it the same object as our Philosophy of economy? If the reply be in the affirmative, how does it ever arrive at concepts altogether different? Or is it an empirical science, and if so, from what source does it derive the rigour and absoluteness by which it is removed from all empiricism and formulates truths of universal character? Two strict sciences with the same object are inconceivable; and yet as it seems, there must here be precisely two: hence the perplexity and disorientation that the affirmation of a Philosophy of economy must and does produce.
Unreality of the laws and concepts of economic science. If the economic actions of man be considered, in their uncontaminated and undiminished reality, with an eye free from all prejudice, it is never possible to establish even a single one of the concepts and laws of economic science. Every individual is different at every moment of his life: he wills always in a new and different way, not comparable with the other modes of his or of others' willing. If A spent seven soldi to buy a loaf of bread yesterday, and to-day he spend the same amount in making the same purchase, the seven soldi of to-day are not for this reason those of yesterday, nor is the bread the same as that of yesterday, nor the want that A satisfies to-day the same as that of yesterday, nor is the effort that his action costs him identical with that of yesterday. If the individual B also spend seven soldi for a loaf of bread, the action of B is different from that of A, as that of the A of to-day was different from that of yesterday. If we lead the economist on to this ground of reality (or rather to the side of this Heraclitean river, in which it is not possible to dip the same hands twice in the same water), he will feel himself impotent, for he will not find any point of support for the edification of any of his theories.—The value of a piece of goods (says a theorem of Economy) depends upon the quantity of it and of all the other goods that are upon the market.— But what does "goods" mean? Bread, for example, or wine? In reality, abstract bread and wine do not exist, but a given piece of bread, a given glass of wine, with a given individual who will give a treasure or nothing in order to eat the one or to drink the other, according to the conditions in which he finds himself.—Any sort of enjoyment, when protracted, decreases and finally becomes extinguished.—That is the law of Gossen, one of the foundation— stones of economic theory. But what are these enjoyments that are protracted, decrease, and end by becoming extinguished? In reality there exist only actions, which assume different positions at every moment, owing to the continual changing of surrounding reality, in which the volitional individual operates. The difference is qualitative, not quantitative: if the individual A eat the bread that he has bought for seven soldi, when swallowing the second or the tenth or the last
Economic Science founded upon empirical concepts, but not empirical or descriptive. mouthful, he has a pleasure, not inferior to that which he had when swallowing the first, but different: the last was not less necessary for him, in its way, than the first; otherwise he would have remained unsatisfied in his normal want, in his habit, or in his caprice.—The economic man seeks the maximum of satisfaction with the least effort.—That is the very principle of Economy, but neither does this principle correspond with reality, most simple and general though it be. The individual A disputes for an-hour, in order to save two soldi in the purchase of an object, for which he has been asked ten lire, thus attaining the maximum satisfaction for himself with the least means that is naturally at his disposal on that occasion. The individual B, making boast of his magnificence, lights his cigarette with a banknote of a hundred lire, thus likewise attaining for himself the greatest satisfaction to which he aspired, with the least means that he possessed, namely, by burning that paper money. But if this be so, we have here a question, not of greatest and least, but of individual ends and of relative means adopted, or (owing to the unity of means and ends already noted), of actions individually different. Certainly, it is quite possible to abstract in a greater or less measure from the infinite variety of actions and to construct a series of types or concepts of classes and of empirical laws, thus rendering uniform the formless, within certain limits. Thus is obtained the concept of bread and of the consumption of bread, and of the various portions of bread and of other objects, for which a portion of bread can be exchanged, and so on. In this way are full philosophico-historical reality and the method of logical necessity and of realistic observation of facts abandoned for a feigned reality and for a method of arbitrary choice, which, as we know, has its good reasons for existing in the human spirit, and does great service by the swift recall and easy control of the requisite knowledge. And if Economy consisted in the establishment of a series of laws and examples in the above sense (or when understood in this way), it would join the number of the
descriptive disciplines; and in that case there would be no necessity for us to speak of it further, for it would suffice to refer back to what has already been said of the relations of the Philosophy of the practical with practical Description, classes, rules, and casuistic. But economic Science is not descriptive, and is not developed according to the following formula: goods are divided into the classes a, b, c, d, e, etc., and the class a is exchanged with the class b in the proportion of I to 3, the class b with the class c in the proportion of I to 5, etc. In such a formula is always understood the up and down, the for the most part, and the very nearly: the classes with their ups and downs are as stated; the exchanges take place for the most part in the proportions stated; if things are to-day very nearly thus, to- morrow they will be so very nearly, in a different way. On the contrary, the propositions of the Science of Economy are rigorous and necessary. "Granted that soils of different degrees of fertility are cultivated, their possessors will all obtain, besides the absolute rent, a differential rent, with the exception of the possessor of the least fertile soil" (Ricardo's law). "Bad money drives out good" (Gresham's law). Now, it is not conceivable in any case that soils of different fertility, all of them cultivated, should not give a differential rent. It will be said that the State can confiscate the differential rent, or that the possessor, owing to his bad cultivation or to his bad administration, may lose it; but the proposition does not remain less sound on this account. Nor is it possible that, when an unchangeable paper money is in circulation, gold coins should also circulate indifferently and on a par with it, when the total of the money in circulation lowers the value of the monetary unit beneath the metallic value of the better money. A madman who might be in possession of a hoard of gold pieces at the time of the circulation of the declining paper money (which causes poverty) would perhaps give it in exchange for the inferior money; but the wise man will keep it in his safe. The economic proposition expresses the rational necessity, not the madness, which is irrational. Those propositions, like all the others of economic science, are therefore certainly not descriptions, but theorems.
Their mathematical nature. Its principles; their character of arbitrary postulates and definitions. Their utility. The denomination "theorems" makes us think at once of the mathematical disciplines, among which alone can economic Science find a place. The propositions of that science being excluded from philosophical, historical, or naturalistic science, there remains nothing that they can be, save mathematical. Yes, they are mathematical, but not pure mathematics, for in that case they would be nothing but arithmetic, algebra, or the calculus, that is, they would belong to the kind of mathematical disciplines called applied, because they introduce into the paradigms of the calculus certain data taken from reality, that is to say, taken from without the purely numerical conception. Economic Science, then, is a mathematic applied to the concept of human action and to its sub-species. It does not inquire what human action is; but having posited certain concepts of action, it creates formulæ for the prompt recognition of the necessary connections. It is not surprising that such propositions examined in their truth appear in one respect arbitrary and in another tautological. But it is not thus that they are examined, and it is not thus that propositions of mathematics are ever examined, for their value lies solely in the service that they render. Certainly Ricardo's law relating to land of varying fertility is nothing but the definition of lands of various fertility, in the same way that Gresham's law relating to bad money is nothing but the definition of bad money. The same may be said of any other economic law, as, for example, that every protective tariff is destruction of riches, or that a demand for commodities is not a demand for labour, since these, like the preceding, are simply definitions of the protective tariff, of the demand for commodities, and of the demand for labour. And it could be proved of all of them that they are arbitrary, because the concepts of land, tariffs, commodities, money, and so on, are arbitrary, and because they become necessary only when that arbitrariness has been admitted as a postulate. But the same demonstration can be given of any theorem in Geometry; since it is
Comparison of Economic with Mechanics, and reason for its exclusion from ethical, æsthetic and logical facts. not less arbitrary and tautological, that the measure of a quadrilateral should be equal to the base multiplied by the height, or that the sum of the squares of a cathetic should be equal to the square of the hypotenuse. This does not prevent Geometry from being Geometry, or negate the fact that without it we should not have been able to build the house in which we dwell, nor to measure this star upon which we live, nor the others that revolve around it or around which we revolve. Thus, it would be impossible to find one's way in empirical reality without these economic formulæ, and that would happen which happened when economic science was still in its infancy; namely, that by its means measures of government were adopted, which were admirably suited to produce in the highest degree those evils which it was thought could be avoided by its help, a misfortune of which the Spanish government in Lombardy or in the Province of Naples in the seventeenth century, with its cries and its pragmatics in economic and financial matters, has left most excellent examples. Or what happens now, when ignorance, or deceitful interest, which profits by ignorance, proposes or causes to be adopted ruinous measures under the appearance of publica salus, arguing that they are good, or that they are good for different reasons than those for which they could be maintained. Such, for instance, would be the proposal for fresh expenditure on public works that are useless or of little use during a period of economic depression in a country, and instead of relieving, increase the general depression; or the increase of protective tariffs, when industrial progress is slow, which ought to encourage industry, but on the contrary produce an industry that is unstable and artificial, in place of one that is spontaneous and durable. The special form of application of mathematics, which we find in economic Science, has been compared on several occasions with that which takes place in Mechanics. "The economic man" of the first has seemed to be altogether like the "material point" of the second, and Economy has been called "a sort of Mechanics," or simply
Errors of philosophism and historicism in Economy. "Mechanics." All this is very natural, for Mechanics are nothing but the complex of formulæ of calculation constructed on reality, which is Spirit and Becoming in Metaphysic, and may be abstracted and falsified in Science, so as to assume the aspect of Force or a system of forces, for the convenience of calculation. Economy does the same thing, when it cuts off from the volitional acts certain groups, which it simplifies and makes rigid with the definition of the "economic man," the laws of "least means," and the like. And owing precisely to this mechanicizing process of economic Science, it is ingenuous to ask oneself why ethical, logical, or æsthetic facts are not included in Economy, and in what way they can be included. Economic science is the sum of abstractive operations effected upon the concept of Will or Action, which is thus quantified. Now since moral facts are also will and action, and since economic Science is not occupied with qualitative distinctions, not even with the quality itself of that economic fact which it employs as its material, it is clear that Science cannot lay any stress upon moral distinguished from economic facts, nor can it receive them in a special class, because its assumption is the indistinction of the two orders of facts, and they are included in that indistinction. As to æsthetic or scientific facts, these, taken by themselves, are not facts, but representations and thoughts of facts, and as such escape economic calculation: considered in the unity of the spirit, they are certainly facts, that is to say, volitional products, but as such are already found included with these in the indistinction of economic Science. As a mathematical discipline, economic Science is ultimately quantitative, and it remains so, even when it makes use of the smallest possible number of numerical and algebraical signs (even when it is not mathematical Economy in the strict sense of the word). The attempts, both of philosophism and historicism, which claim to deny Economy, by criticizing its abstractness and its arbitrariness, and to make it philosophical (or as they say psychological) and historical are therefore to be reproved. If Economy do not give the universal truth of Philosophy, nor the
The two degenerations: extreme abstracticism and empiristical disaggregation. particular truth of History, Philosophy and History are in their turn incapable of making the smallest calculation: if Economy have not eyes for the true, Philosophy and History have not arms to break and to dominate the waves of fact, which would oppress man with their importunity and finally prevent him from seeing. Hence the absurdity of philosophism and historicism; hence too, the sound tendency of Economy to constitute itself pure Economy, free of practical questions, which are also, it is clear, historical, not abstract and scientific questions. But economy has in itself other enemies besides these that are external, in so far as it is certainly a mathematical discipline, but an applied mathematic, that is to say, one that assumes empirical data. These empirical data can be infinitely multiplied, and hence result infinite economic propositions, each distinct from the other; and on the other hand, they can be regrouped, simplified and unified, so as finally to return to the indistinct x. If the first tendency prevail, we have what is called economic empiricism, a cumbrous mass of disaggregated propositions; if the second, a very general formula, which sometimes does not even preserve the smallest vestige of that concept of human action from which it started, and becomes altogether confounded with the formulæ of arithmetic, of algebra and of the calculus. Sound economic Science must be at once abstract and empirical, in accordance with its nature, connecting and unifying disaggregate propositions; but it must not allow distinction to be lost in unity, for the one is as necessary as the other. Those who are unacquainted with the generalities of Economic Science, and those acquainted only with its details, are alike incapable, though for different reasons, of calculating the economic consequences of a fact. The first see all the facts as one single fact, the second, all the facts as different, without any arrangement by similarities and hierarchies. The question as to the relative proportion of generalities and particulars to be given in treatises, is one that has been much discussed, but since this has only a
dance at the History of the various tendencies of Economy. didascalic and pedagogic importance, it is only possible to answer it, case for case, according to the nature of the various scholastic institutions that are held in view. To maintain that Economy must stop short at this or that degree of abstraction, and for example be limited to what are called external goods or riches, excluding services; or to capital, as a concept distinct from land and human labour, without striving to unify these three concepts, is altogether capricious. Every unification, like every specification, can be useful, and haters of abstracticism are also abstracticists, but only half so. All those acquainted with economic studies will have recognized in the concepts that we have explained, the logical motives of the history of Economy, the divisions, the polemics, the defeats and the victories of this or that school and the progress of that branch of studies. The quantitative character of economic science already appears in its classics; in the inquiries of Aristotle as to prices and value (Politic and Nichomachean Ethic); and this is apparent also in the rare mentions by Mediæval and Renaissance writers. Economists have always been mathematicians, even when they have not spoken of mathematical Economy. Our writers of the nineteenth century, Galiani, Genovesi and Verri, were mathematicians in their methods; Francesco Ferrara, the greatest Italian economist of the nineteenth century, was a mathematician. The economic principle, which is all one with the excogitation of the economic man, was formulated by the head of the physiocratic school, Quesnay; and if the title of political Economy, first given to the discipline by Montchrétien in 1615, prevailed, that of social Arithmetic also sometimes made its appearance. Its progress has consisted, not only in the discovery of new economic theorems, but also in the connection and unification of those that had previously been posited in isolation, of material and immaterial goods, of the cost of production and of rarity, of gross and net produce, of agricultural rents and of all the others that are not agricultural, of the production, distribution and circulation of riches, of economic and financial laws, of social and isolated
Signification of the judgment of economy, of the value of utility and of the value of exchange. It has even been possible to unite with the body of admitted economic doctrines those of Marx, which seemed revolutionary, for these are only definitions of a particular casuistry founded upon the comparison of different types of economic constitution. But to conquer empiricism was not enough; economic Science was menaced in its existence by the so-called historical School, which refused to recognize abstract definitions and set up against them the infinite variety of historical facts; hence the strife with historicism conducted by Menger and the Austrian school. A consequence of the struggle against the political degeneration of economic science was the constitution of Economy as a pure science (Cairnes). This was all the more necessary, inasmuch as by confounding the abstract with the concrete, and in the concrete itself, Economy with Ethic, there was a desire manifested upon several occasions among German economists (ethical school), and among Catholics of all countries, for an economic Science that should have as its base Ethic. The conception of Economy as a science deduced from the egoistic hypothesis, has been the extreme form of the reaction against ethicism (for example in the treatise of Pantaleoni). The dangers arising from philosophism have been less, because recent times, in which that discipline has most flourished, have not sinned through excessive philosophy. Of late, owing to the works of Jevons and of other Englishmen, of Gossen, of the Italians of the school of Ferrara, and of the Austrians, Economy has become at once more and more complicated and more simple, owing to the applications, extensions, and reductions that it has effected. But if with its progress it be able to become ever more exact and perspicuous, yet it will never for that reason become organic; its character of a quantitative discipline, of an applied mathematic, in which the atomism of the postulates and of the definitions is insuperable, does not allow of such metamorphoses. In this connection and as the seal upon what we have just been saying, it is fitting to observe that
Hegel upon the Science of Economy. Adoption of the method and of definition of Economy by Philosophy. the phrase of Hegel referred to above can only have been interpreted as expressing admiration for the degree of truth attained by Economy, owing to the ignorance of Hegelian philosophy that has become usual; as though Hegel meant that Economic science did much honour to the thought, that is, to the speculative reason. Hegel wished to say, on the contrary, that Economy does much honour to the intellect, that is, to the intellect alone, to that abstractive and arbitrary intellect which he hunted down in all his philosophy: that it is not indeed true and philosophical science, but a simple descriptive or quantitative discipline treated with much elegance. This praise also contained the demand for a delimitation, which, however, he did not expressly enunciate, develop and execute. [1] Philos, d. Rechtes, § 189. Zus. VI CRITIQUE OF THE CONFUSIONS BETWEEN ECONOMIC SCIENCE AND PHILOSOPHY OF ECONOMY There is no disagreement, then, between the Philosophy of Economy described by us and economic Science or Calculus, of which we have just defined the nature, since there cannot be any between two altogether heterogeneous forms, the one moving within the categories of truth, the other outside them, with objects of a practical order. This reciprocal tolerance can be disturbed only by Philosophy, when it compels itself, either to invade the field of economic Science, or to receive within itself, to a greater or less extent, the method and the formulæ proper to the latter. We have already referred to the first, when we noted the inadmissibility of the economic attempts of philosophism
Welcome to our website – the perfect destination for book lovers and knowledge seekers. We believe that every book holds a new world, offering opportunities for learning, discovery, and personal growth. That’s why we are dedicated to bringing you a diverse collection of books, ranging from classic literature and specialized publications to self-development guides and children's books. More than just a book-buying platform, we strive to be a bridge connecting you with timeless cultural and intellectual values. With an elegant, user-friendly interface and a smart search system, you can quickly find the books that best suit your interests. Additionally, our special promotions and home delivery services help you save time and fully enjoy the joy of reading. Join us on a journey of knowledge exploration, passion nurturing, and personal growth every day! ebookbell.com

More Related Content

PDF
PostgreSQL 9 Administration Cookbook - Second Edition Simon Riggs
mowwoiq538
 
PDF
PostgreSQL 9 Administration Cookbook - Second Edition Simon Riggs
bligesilva28
 
PDF
Download full ebook of Angular 2 Cookbook Frisbie instant download pdf
kovencoitofm
 
PDF
Windows Server 2016 Cookbook Jordan Krause
waksyioda
 
PDF
Instant download Angular 2 Cookbook Frisbie pdf all chapter
solvorpohlak24
 
PDF
Instant download Angular 2 Cookbook Frisbie pdf all chapter
ikraanfalan
 
PDF
Prometheus Up Running Infrastructure And Application Performance Monitoring 2...
rzeczycozin
 
PDF
Clojure Programming Cookbook Makoto Hashimoto Nicolas Modrzyk
mbouemugnia
 
PostgreSQL 9 Administration Cookbook - Second Edition Simon Riggs
mowwoiq538
 
PostgreSQL 9 Administration Cookbook - Second Edition Simon Riggs
bligesilva28
 
Download full ebook of Angular 2 Cookbook Frisbie instant download pdf
kovencoitofm
 
Windows Server 2016 Cookbook Jordan Krause
waksyioda
 
Instant download Angular 2 Cookbook Frisbie pdf all chapter
solvorpohlak24
 
Instant download Angular 2 Cookbook Frisbie pdf all chapter
ikraanfalan
 
Prometheus Up Running Infrastructure And Application Performance Monitoring 2...
rzeczycozin
 
Clojure Programming Cookbook Makoto Hashimoto Nicolas Modrzyk
mbouemugnia
 

Similar to Openvpn Cookbook Second Edition 2nd Revised Edition Keijser (20)

PPTX
How to Issue and Activate Free SSL using Let's Encrypt
Mayeenul Islam
 
PDF
Hadoop Mapreduce Cookbook Srinath Perera Thilina Gunarathne
tarubmawuna
 
PDF
Digital certificates
DouglasPickett
 
PDF
Node Up And Running Scalable Serverside Code With Javascript 1st Edition Tom ...
nunleyagika
 
PDF
HTTP The Definitive Guide 1st Edition David Gourley
javydelfio
 
PPTX
Whm and cpanel overview hosting control panel overview
Sayed Ahmed
 
PDF
Learning HTTP 2 a practical guide for beginners First Edition Garza
heynsmagat8k
 
PDF
Oracle Plsql Programming Sixth Edition Steven Feuerstein Bill Pribyl
msaadiutura
 
PDF
Skype for business and lync troubleshooting guide (Version 1.0 )
Thomas Poett
 
PPTX
Scrum&Kanban Together
Alper Gurbuz - MBA, PSM 1, PMP
 
PDF
Kubernetes Best Practices 1st Edition Brendan Burns Eddie Villalba
duukkoofi65
 
PDF
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
seinersofhia
 
PDF
How to Implement Token Authentication Using the Django REST Framework
Katy Slemon
 
PDF
OpenStack Operations Guide 1st Edition Tom Fifield
tuekamrasyid
 
PDF
PDF DevOps with OpenShift 1st Edition Mike Hepburn download
xalanaunnuk
 
PDF
Apache httpd and TLS/SSL certificates validation
Jean-Frederic Clere
 
PDF
Opa Up And Running Henri Binsztok Adam Koprowski Ida Swarczewskaja
valdeyyampis
 
PDF
Securing the Web without site-specific passwords
Francois Marier
 
PDF
Object Storage with Swift Cloud storage administration through OpenStack 1. A...
nkuhqytfb3547
 
PDF
Web_Development_with_Node_Express.pdf
Marco Antonio Martinez Andrade
 
How to Issue and Activate Free SSL using Let's Encrypt
Mayeenul Islam
 
Hadoop Mapreduce Cookbook Srinath Perera Thilina Gunarathne
tarubmawuna
 
Digital certificates
DouglasPickett
 
Node Up And Running Scalable Serverside Code With Javascript 1st Edition Tom ...
nunleyagika
 
HTTP The Definitive Guide 1st Edition David Gourley
javydelfio
 
Whm and cpanel overview hosting control panel overview
Sayed Ahmed
 
Learning HTTP 2 a practical guide for beginners First Edition Garza
heynsmagat8k
 
Oracle Plsql Programming Sixth Edition Steven Feuerstein Bill Pribyl
msaadiutura
 
Skype for business and lync troubleshooting guide (Version 1.0 )
Thomas Poett
 
Scrum&Kanban Together
Alper Gurbuz - MBA, PSM 1, PMP
 
Kubernetes Best Practices 1st Edition Brendan Burns Eddie Villalba
duukkoofi65
 
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
seinersofhia
 
How to Implement Token Authentication Using the Django REST Framework
Katy Slemon
 
OpenStack Operations Guide 1st Edition Tom Fifield
tuekamrasyid
 
PDF DevOps with OpenShift 1st Edition Mike Hepburn download
xalanaunnuk
 
Apache httpd and TLS/SSL certificates validation
Jean-Frederic Clere
 
Opa Up And Running Henri Binsztok Adam Koprowski Ida Swarczewskaja
valdeyyampis
 
Securing the Web without site-specific passwords
Francois Marier
 
Object Storage with Swift Cloud storage administration through OpenStack 1. A...
nkuhqytfb3547
 
Web_Development_with_Node_Express.pdf
Marco Antonio Martinez Andrade
 
Ad

Recently uploaded (20)

DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Classroom Observation Tools for Teachers
Nicaramirez
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Ad

Openvpn Cookbook Second Edition 2nd Revised Edition Keijser

  • 1. Openvpn Cookbook Second Edition 2nd Revised Edition Keijser download https://ebookbell.com/product/openvpn-cookbook-second- edition-2nd-revised-edition-keijser-50195128 Explore and download more ebooks at ebookbell.com
  • 2. Here are some recommended products that we believe you will be interested in. You can click the link to download. Openvpn 2 Cookbook Jan Just Keijser https://ebookbell.com/product/openvpn-2-cookbook-jan-just- keijser-2118390 Openvpn Building And Integrating Virtual Private Networks Markus Feilner https://ebookbell.com/product/openvpn-building-and-integrating- virtual-private-networks-markus-feilner-921368 Beginning Openvpn 209 Norbert Graf https://ebookbell.com/product/beginning-openvpn-209-norbert- graf-2313848 Mastering Openvpn Master Building And Integrating Secure Private Networks Using Openvpn Eric F Crist https://ebookbell.com/product/mastering-openvpn-master-building-and- integrating-secure-private-networks-using-openvpn-eric-f- crist-50195242
  • 3. Troubleshooting Openvpn 1st Edition Eric F Crist https://ebookbell.com/product/troubleshooting-openvpn-1st-edition- eric-f-crist-6823330 Mastering Openvpn 1st Edition Eric F Crist Jan Just Keijser https://ebookbell.com/product/mastering-openvpn-1st-edition-eric-f- crist-jan-just-keijser-48647812
  • 5. OpenVPN Cookbook - Second Edition
  • 6. Table of Contents OpenVPN Cookbook - Second Edition Credits About the Author About the Reviewer www.PacktPub.com Why subscribe? Customer Feedback Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Errata Piracy Questions 1. Point-to-Point Networks Introduction The shortest setup possible Getting ready How to do it... How it works... There's more... Using the TCP protocol Forwarding non-IP traffic over the tunnel OpenVPN secret keys Getting ready How to do it... How it works... There's more... See also
  • 7. Multiple secret keys Getting ready How to do it... How it works... There's more... See also Plaintext tunnel Getting ready How to do it... How it works... There's more... Routing Getting ready How to do it... How it works... There's more... Routing issues Automating the setup See also Configuration files versus the command line Getting ready How to do it... How it works... There's more... Exceptions to the rule Complete site-to-site setup Getting ready How to do it... How it works... There's more... See also Three-way routing Getting ready How to do it... How it works... There's more... Scalability
  • 8. Routing protocols See also Using IPv6 Getting ready How to do it... How it works... There's more... Log file errors IPv6-only tunnel See also 2. Client-server IP-only Networks Introduction Setting up the public and private keys Getting ready How to do it... How it works... There's more... Using the easy-rsa scripts on Windows Some notes on the different variables See also A simple configuration Getting ready How to do it... How it works... There's more... Server-side routing Getting ready How to do it... How it works... There's more... Linear addresses Using the TCP protocol Server certificates and ns-cert-type server Masquerading Adding IPv6 support Getting ready How to do it...
  • 9. How it works... There's more... IPv6 endpoints IPv6-only setup Using client-config-dir files Getting ready How to do it... How it works... There's more... The default configuration file Troubleshooting Options allowed in a client-config-dir file Routing - subnets on both sides Getting ready How to do it... How it works... There's more... Masquerading Client-to-client subnet routing No route statements in a CCD file See also Redirecting the default gateway Getting ready How to do it... How it works... There's more... Redirect-gateway parameters The redirect-private option Split tunneling See also Redirecting the IPv6 default gateway Getting ready How to do it... How it works... There's more... Using an ifconfig-pool block Getting ready
  • 10. How to do it... How it works... There's more.. Configuration files on Windows Client-to-client access Using the TCP protocol Using the status file Getting ready How to do it... How it works... There's more... Status parameters Disconnecting clients Explicit-exit-notify The management interface Getting ready How to do it... How it works... There's more... See Also Proxy ARP Getting ready How to do it... How it works... There's more... TAP-style networks User nobody Broadcast traffic might not always work See also 3. Client-server Ethernet-style Networks Introduction Simple configuration - non-bridged Getting ready How to do it... How it works... There's more... Differences between TUN and TAP
  • 11. Using the TCP protocol Making IP forwarding permanent See also Enabling client-to-client traffic Getting ready How to do it... How it works... There's more... Broadcast traffic may affect scalability Filtering traffic TUN-style networks Bridging - Linux Getting ready How to do it... How it works... There's more... Fixed addresses and the default gateway Name resolution See also Bridging-Windows Getting ready How to do it... How it works... See also Checking broadcast and non-IP traffic Getting ready How to do it... How it works... An external DHCP server Getting ready How to do it... How it works... There's more... DHCP server configuration DHCP relay Tweaking etcsysconfig/network-scripts Using the status file
  • 12. Getting ready How to do it... How it works... There's more... Difference with TUN-style networks Disconnecting clients See also The management interface Getting ready How to do it... How it works... There's more... See also Integrating IPv6 into TAP-style networks Getting ready How to do it... How it works... There's more... See also 4. PKI, Certificates, and OpenSSL Introduction Certificate generation Getting ready How to do it... How it works... There's more... See also OpenSSL tricks - x509, pkcs12, verify output Getting ready How to do it... How it works... Revoking certificates Getting ready How to do it... How it works... There's more... What is needed to revoke a certificate
  • 13. See also The use of CRLs Getting ready How to do it... How it works... There's more... See also Checking expired/revoked certificates Getting ready How to do it... How it works... There's more... Intermediary CAs Getting ready How to do it... How it works... There's more... Multiple CAs - stacking, using the capath directive Getting ready How to do it... How it works... There's more... Using the -capath directive Determining the crypto library to be used Getting ready How to do it... How it works... There's more... See also Crypto features of OpenSSL and PolarSSL Getting ready How to do it... How it works... There's more... AEAD Ciphers Encryption speed Pushing ciphers
  • 14. Getting ready How to do it... How it works... There's more... Future enhancements Elliptic curve support Getting ready How to do it... How it works... There's more... Elliptic curve support 5. Scripting and Plugins Introduction Using a client-side up/down script Getting ready How to do it... How it works... There's more... Environment variables Calling the down script before the connection terminates Advanced - verify the remote hostname Using a client-connect script Getting ready How to do it... How it works... There's more... Pitfall in using ifconfig-push The client-disconnect scripts Environment variables Absolute paths Using a learn-address script Getting ready How to do it... How it works... There's more... User nobody The update action
  • 15. Using a tls-verify script Getting ready How to do it... How it works... There's more... Using an auth-user-pass-verify script Getting ready How to do it... How it works... There's more... Specifying the username and password in a file on the client Passing the password via environment variables Script order Getting ready How to do it... How it works... There's more... Script security and logging Getting ready How to do it... How it works... There's more... Scripting and IPv6 Getting ready How to do it... How it works... There's more... Using the down-root plugin Getting ready How to do it... How it works... There's more... See also Using the PAM authentication plugin Getting ready How to do it... How it works...
  • 16. There's more... See also 6. Troubleshooting OpenVPN - Configurations Introduction Cipher mismatches Getting ready How to do it... How it works... There's more... Pushable ciphers TUN versus TAP mismatches Getting ready How to do it... How it works... Compression mismatches Getting ready How to do it... How it works... Key mismatches Getting ready How to do it... How it works... See also Troubleshooting MTU and tun-mtu issues Getting ready How to do it... How it works... There's more... See also Troubleshooting network connectivity Getting ready How to do it... How it works... There's more... Troubleshooting client-config-dir issues Getting ready How to do it...
  • 17. How it works... There's more... More verbose logging Other frequent client-config-dir mistakes See also Troubleshooting multiple remote issues Getting ready How to do it... How it works... There's more... See also Troubleshooting bridging issues Getting ready How to do it... How it works... See also How to read the OpenVPN log files Getting ready How to do it... How it works... There's more... 7. Troubleshooting OpenVPN - Routing Introduction The missing return route Getting ready How to do it... How it works... There's more... Masquerading Adding routes on the LAN hosts See also Missing return routes when iroute is used Getting ready How to do it... How it works... There's more... See also
  • 18. All clients function except the OpenVPN endpoints Getting ready How to do it... How it works... There's more... See also Source routing Getting ready How to do it... How it works... There's more... Routing and permissions on Windows Getting ready How to do it... How it works... There's more... Unable to change Windows network location Getting ready How to do it... How it works... There's more... Troubleshooting client-to-client traffic routing Getting ready How to do it... How it works... There's more... See also Understanding the MULTI: bad source warnings Getting ready How to do it... How it works... There's more... Other occurrences of the MULTI: bad source message See also Failure when redirecting the default gateway Getting ready How to do it...
  • 19. How it works... There's more... See also 8. Performance Tuning Introduction Optimizing performance using ping Getting ready How to do it... How it works... There's more... See also Optimizing performance using iperf Getting ready How to do it... How it works... There's more... Client versus server iperf results Network latency Gigabit networks See also Comparing IPv4 and IPv6 speed Getting ready How to do it... How it works... There's more... Client versus server iperf results OpenSSL cipher speed Getting ready How to do it... How it works... There's more... See also OpenVPN in Gigabit networks Getting ready How to do it... How it works... There's more...
  • 20. Plaintext tunnel Windows performance Compression tests Getting ready How to do it... How it works... There's more... Traffic shaping Getting ready How to do it... How it works... Tuning UDP-based connections Getting ready How to do it... How it works... There's more... See also Tuning TCP-based connections Getting ready How to do it... How it works... There's more... Analyzing performance using tcpdump Getting ready How to do it... How it works... See also 9. OS Integration Introduction Linux - using NetworkManager Getting ready How to do it... How it works... There's more... Setting up routes using NetworkManager DNS settings Scripting
  • 21. Linux - using pull-resolv-conf Getting ready How to do it... How it works... There's more... Windows - elevated privileges Getting ready How to do it... How it works... Windows - using the CryptoAPI store Getting ready How to do it... How it works... There's more... The CA certificate file Certificate fingerprint Windows - updating the DNS cache Getting ready How to do it... How it works... See also Windows - running OpenVPN as a service Getting ready How to do it... How it works... There's more... Automatic service startup OpenVPN user name See also Windows - public versus private network adapters Getting ready How to do it... How it works... See also Windows - routing methods Getting ready How to do it...
  • 22. How it works... There's more... Windows 8+ - ensuring DNS lookups are secure Getting ready How to do it... How it works... There's more... Android - using the OpenVPN for Android clients Getting ready How to do it... How it works... There's more... See also Push-peer-info - pushing options to Android clients Getting ready How to do it... How it works... There's more... 10. Advanced Configuration Introduction Including configuration files in config files Getting ready How to do it... How it works... Multiple remotes and remote-random Getting ready How to do it... How it works... There's more... Mixing TCP and UDP-based setups Advantage of using TCP-based connections Automatically reverting to the first OpenVPN server See also Inline certificates Getting ready How to do it... How it works...
  • 23. There's more... Connection blocks Getting ready How to do it... How it works... There's more... Allowed directives inside connection blocks Pitfalls when mixing TCP and UDP-based setups See also Details of ifconfig-pool-persist Getting ready How to do it... How it works... There's more... Specifying the update interval Caveat - the duplicate-cn option When topology net30 is used Connecting using a SOCKS proxy Getting ready How to do it... How it works... There's more... Performance SOCKS proxies via SSH SOCKS proxies using plain-text authentication See also Connecting via an HTTP proxy Getting ready How to do it... How it works... There's more... http-proxy options Dodging firewalls Performance Using the OpenVPN GUI See also Connecting via an HTTP proxy with authentication
  • 24. Getting ready How to do it... How it works... There's more... NTLM proxy authorization Authentication methods OpenVPN GUI limitations See also IP-less setups - ifconfig-noexec Getting ready How to do it... How it works... There's more... Point-to-point and TUN-style networks Routing and firewalling Port sharing with an HTTPS server Getting ready How to do it... How it works... There's more... Alternatives Routing features - redirect-private, allow-pull-fqdn Getting ready How to do it... How it works... There's more... The route-nopull directive The max-routes directive See also Filtering out pushed options Getting ready How to do it... How it works... Handing out the public IPs Getting ready How to do it... How it works...
  • 26. OpenVPN Cookbook - Second Edition
  • 27. OpenVPN Cookbook - Second Edition Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: February 2011 Second edition: February 2017 Production reference: 1100217 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78646-312-8 www.packtpub.com
  • 28. Credits Author Jan Just Keijser Copy Editor Pranjali Chury Reviewer Ralf Hildebrandt Project Coordinator Izzat Contractor Commissioning Editor Pratik Shah Proofreader Safis Editing Acquisition Editor Rahul Nair Indexer Tejal Soni Content Development Editor Zeeyan Pinheiro Production Coordinator Melwyn D'sa Technical Editor Vivek Pala
  • 29. About the Author Jan Just Keijser is an open source professional from Utrecht, the Netherlands. He has a wide range of experience in IT, ranging from providing user support, system administration, and systems programming to network programming. He has worked for various IT companies since 1989. He was an active USENET contributor in the early 1990s and has been working mainly on Unix/Linux platforms since 1995. Currently, he is employed as a senior scientific programmer in Amsterdam, the Netherlands, at Nikhef, the institute for subatomic physics from the Dutch Foundation for Fundamental Research on Matter (FOM). He works on multi- core and many-core computing systems and grid computing as well as smartcard applications. His open source interests include all types of virtual private networking, including IPSec, PPTP, and, of course, OpenVPN. In 2004, he discovered OpenVPN and has been using it ever since. His first book was OpenVPN 2 Cookbook by Packt Publishing in 2011, followed by Mastering OpenVPN, also by Packt Publishing, in 2015.
  • 30. About the Reviewer Ralf Hildebrandt is an active and well-known figure in the Postfix community. He’s currently employed at Charite, Europe’s largest university hospital. OpenVPN has successfully been used at Charite for over 10 years now on a multitude of client operating systems. Together with Patrick Koetter, he has written the Book of Postfix.
  • 31. www.PacktPub.com For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. https://www.packtpub.com/mapt Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career. Why subscribe? Fully searchable across every book published by Packt Copy and paste, print, and bookmark content On demand and accessible via a web browser
  • 32. Customer Feedback Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://goo.gl/A3V0ND. If you'd like to join our team of regular reviewers, you can e-mail us at customerreviews@packtpub.com. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
  • 33. Preface OpenVPN is one of the world's most popular packages for setting up a Virtual Private Network (VPN). OpenVPN provides an extensible VPN framework that has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients or supporting alternative authentication methods via OpenVPN's plugin module interface. It is widely used by many individuals and companies, and some service providers even offer OpenVPN access as a service to users in remote, unsecured environments. This book provides you with many different recipes for setting up, monitoring, and troubleshooting an OpenVPN network. The author's experience in troubleshooting OpenVPN and networking configurations enables him to share his insights and solutions to help you get the most out of your OpenVPN setup.
  • 34. What this book covers Chapter 1, Point-to-Point Networks, gives an introduction to configuring OpenVPN. The recipes are based on a point-to-point-style network, meaning that only a single client can connect at a time. Chapter 2, Client-Server IP-Only Networks, introduces the reader to the most commonly-used deployment model for OpenVPN: a single server with multiple remote clients capable of routing IP traffic. This chapter provides the foundation for many of the recipes found in the other chapters. Chapter 3, Client-Server Ethernet-Style Networks, covers another popular deployment model for OpenVPN: a single server with multiple clients, capable of routing Ethernet traffic. This includes non-IP traffic as well as bridging. You will also learn about the use of an external DHCP server and the use of the OpenVPN status file. Chapter 4, PKI, Certificates, and OpenSSL, introduces you to the public key infrastructure (PKI) and X.509 certificates, which are used in OpenVPN. You will learn how to generate, manage, manipulate, and view certificates, and you will also learn about the interactions between OpenVPN and the OpenSSL libraries that it depends upon. Chapter 5, Scripting and Plugins, covers the powerful scripting and plugin capabilities that OpenVPN offers. You will learn to use client-side scripting, which can be used to tail the connection process to the site-specific needs. You will also learn about server-side scripting and the use of OpenVPN plugins. Chapter 6, Troubleshooting OpenVPN - Configurations, is all about troubleshooting OpenVPN misconfigurations. Some of the configuration directives used in this chapter have not been demonstrated before, so even if your setup is functioning properly, this chapter will still be insightful. Chapter 7, Troubleshooting OpenVPN - Routing, gives an insight into troubleshooting routing problems when setting up a VPN using OpenVPN. You will learn how to detect, diagnose, and repair common routing issues.
  • 35. Chapter 8, Performance Tuning, explains how you can optimize the performance of your OpenVPN setup. You will learn how to diagnose performance issues and how to tune OpenVPN's settings to speed up your VPN. Chapter 9, OS Integration, covers the intricacies of integrating OpenVPN with the operating system it is run on. You will learn how to use OpenVPN on the most commonly used client operating systems: Linux, Mac OS X, and Windows. Chapter 10, Advanced Configuration, goes deeper into the configuration options that OpenVPN has to offer. The recipes will cover both advanced server configurations, such as the use of a dynamic DNS, as well as the advanced client configuration, such as using a proxy server to connect to an OpenVPN server.
  • 36. What you need for this book In order to get the most from this book, there are some expectations of prior knowledge and experience. It is assumed that the reader has a fair understanding of the system administration as well as knowledge of TCP/IP networking. Some knowledge on installing OpenVPN is required as well, for which you can refer to the book Beginning OpenVPN 2.0.9.
  • 37. Who this book is for This book is for system administrators who have basic knowledge of OpenVPN and are eagerly waiting to build, secure, and manage VPNs using the latest version. This book assumes some prior knowledge of TCP/IP networking and OpenVPN. And to get the most out of this book, you must have network administration skills.
  • 38. Conventions In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning. Code words in text are shown as follows: "Copy over the tls-auth secret key file from the etcopenvpn/cookbook/keys directory." A block of code is set as follows: user nobody group nobody persist-tun persist-key keepalive 10 60 ping-timer-rem When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold: secret secret.key 1 ifconfig 10.200.0.2 10.200.0.1 route 172.31.32.0 255.255.255.0 tun-ipv6 ifconfig-ipv6 2001:db8:100::2 2001:db8:100::1 Any command-line input or output is written as follows: [root@server]# openvpn --genkey --secret secret.key New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Go to the Network and Sharing Center and observe that the TAP adapter is in the section Public Network and that it is not possible to change this." Note
  • 39. Warnings or important notes appear in a box like this. Tip Tips and tricks appear like this.
  • 40. Reader feedback Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
  • 41. Customer support Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase. Downloading the example code You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you. You can download the code files by following these steps: 1. Log in or register to our website using your e-mail address and password. 2. Hover the mouse pointer on the SUPPORT tab at the top. 3. Click on Code Downloads & Errata. 4. Enter the name of the book in the Search box. 5. Select the book for which you're looking to download the code files. 6. Choose from the drop-down menu where you purchased this book from. 7. Click on Code Download. You can also download the code files by clicking on the Code Files button on the book's webpage at the Packt Publishing website. This page can be accessed by entering the book's name in the Search box. Please note that you need to be logged in to your Packt account. Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of: WinRAR / 7-Zip for Windows Zipeg / iZip / UnRarX for Mac 7-Zip / PeaZip for Linux The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/openvpncookbook. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
  • 42. Errata Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section. Piracy Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at copyright@packtpub.com with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content. Questions If you have a problem with any aspect of this book, you can contact us at questions@packtpub.com, and we will do our best to address the problem.
  • 43. Chapter 1. Point-to-Point Networks In this chapter, we will cover the following: The shortest setup possible OpenVPN secret keys Multiple secret keys Plaintext tunnel Routing Configuration files versus the command line IP-less configurations Complete site-to-site setup Three-way routing Using IPv6 Introduction The recipes in this chapter will provide an introduction to configuring OpenVPN. They are based on a point-to-point type of network, meaning that only a single client can connect at a given time. A point-to-point network is very useful when connecting to a small number of sites or clients. It is easier to set up, as no certificates or public key infrastructure (PKI) is required. Also, routing is slightly easier to configure as no client-specific configuration files containing --iroute statements are required. The drawbacks of a point-to-point network are as follows: The lack of having perfect forward secrecy-a key compromise may result in a total disclosure of previous sessions The secret key must exist in plaintext form on each VPN peer
  • 44. The shortest setup possible This recipe will explain the shortest setup possible when using OpenVPN. For this setup, you require two computers that are connected over a network (LAN or Internet). We will use both a TUN-style network and a TAP-style network and will focus on the differences between them. A TUN device is used mostly for VPN tunnels where only IP traffic is used. A TAP device allows all the Ethernet frames to be passed over the OpenVPN tunnel, hence providing support for non-IP based protocols, such as IPX and AppleTalk. While this may seem useless at first glance, it can be very useful to quickly test whether OpenVPN can connect to a remote system. Getting ready Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 Pro 64bit and OpenVPN 2.3.10. How to do it... Here are the steps that you need to follow: 1. Launch the server-side (listening) OpenVPN process for the TUN-style network: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun Note The preceding command should be entered as a single line. The character is used to denote the fact that the command continues on the next line. 2. Then, launch the client-side OpenVPN process: [WinClient] C:>"Program FilesOpenVPNbinopenvpn.exe"
  • 45. --ifconfig 10.200.0.2 10.200.0.1 --dev tun --remote openvpnserver.example.com The following screenshot shows how a connection is established: As soon as the connection is established, we can ping the other end of the tunnel. 3. Next, stop the tunnel by pressing the F4 function key in the command window and restart both ends of the tunnel using the TAP device. 4. Launch the server-side (listening) OpenVPN process for the TAP-style network: [root@server]# openvpn --ifconfig 10.200.0.1 255.255.255.0 --dev tap 5. Then launch the client-side OpenVPN process: [WinClient] C:>" Program FilesOpenVPNbinopenvpn.exe" --ifconfig 10.200.0.2 255.255.255.0 --dev tap --remote openvpnserver.example.com The connection will now be established and we can again ping the other end of the tunnel. How it works...
  • 46. The server listens on UDP port 1194, which is the OpenVPN default port for incoming connections. The client connects to the server on this port. After the initial handshake, the server configures the first available TUN device with the IP address 10.200.0.1 and it expects the remote end (the Peer address) to be 10.200.0.2. The client does the opposite: after the initial handshake, the first TUN or TAP- Win32 device is configured with the IP address 10.200.0.2. It expects the remote end (the Peer address) to be 10.200.0.1. After this, the VPN is established. Note Notice the warning: ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext Here, the data is not secure: all of the data that is sent over the VPN tunnel can be read! There's more... Let's look at a couple of different scenarios and check whether they would modify the process. Using the TCP protocol In the previous example, we chose the UDP protocol. It would not have made any difference if we had chosen the TCP protocol, provided that we had done that on the server side (the side without --remote) as well as the client side. The following is the code for doing this on the server side: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --proto tcp-server Here's the code for the client side: [root@client]# openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --proto tcp-client --remote openvpnserver.example.com
  • 47. Forwarding non-IP traffic over the tunnel With the TAP-style interface, it is possible to run non-IP traffic over the tunnel. For example, if AppleTalk is configured correctly on both sides, we can query a remote host using the aecho command: aecho openvpnserver 22 bytes from 65280.1: aep_seq=0. time=26. ms 22 bytes from 65280.1: aep_seq=1. time=26. ms 22 bytes from 65280.1: aep_seq=2. time=27. ms A tcpdump -nnel -i tap0 command shows that the type of traffic is indeed non-IP-based AppleTalk.
  • 48. OpenVPN secret keys This recipe uses OpenVPN secret keys to secure the VPN tunnel. It is very similar to the previous recipe, but this time, we will use a shared secret key to encrypt the traffic between the client and the server. Getting ready Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 64 bit and OpenVPN 2.3.10. How to do it... 1. First, generate a secret key on the server (listener): [root@server]# openvpn --genkey --secret secret.key 2. Transfer this key to the client side over a secure channel (for example, using scp). 3. Next, launch the server-side (listening) OpenVPN process: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key 4. Then, launch the client-side OpenVPN process: [WinClient] C:>"Program FilesOpenVPNbinopenvpn.exe" --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key --remote openvpnserver.example.com The connection is now established, as shown in the following screenshot:
  • 49. How it works... This example works exactly as the first one: the server listens to the incoming connections on UDP port 1194. The client connects to the server on this port. After the initial handshake, the server configures the first available TUN device with the IP address 10.200.0.1 and it expects the remote end (Peer address) to be 10.200.0.2. The client does the opposite. There's more... By default, OpenVPN uses two symmetric keys when setting up a point-to-point connection: A cipher key to encrypt the contents of the packets being exchanged. An HMAC key to sign packets. When packets arrive that are not signed using the appropriate HMAC key, they are dropped immediately. This is the first line of defense against a "denial-of-service" attack. The same set of keys are used on both ends and both keys are derived from the file specified using the --secret parameter. An OpenVPN secret key file is formatted as follows: # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1-----
  • 50. -----BEGIN OpenVPN Static key V1----- <16 lines of random bytes> -----END OpenVPN Static key V1----- From the random bytes, the OpenVPN Cipher and HMAC keys are derived. Note that these keys are the same for each session. See also The next recipe, Multiple secret keys, will explain the format of secret keys in detail
  • 51. Multiple secret keys As stated in the previous recipe, OpenVPN uses two symmetric keys when setting up a point-to-point connection. However, it is also possible to use shared yet asymmetric keys in point-to-point mode. OpenVPN will use four keys in this case: A cipher key on the client side An HMAC key on the client side A cipher key on the server side An HMAC key on the server side The same keying material is shared by both sides of the point-to-point connection, but the keys that are derived for encrypting and signing the data are different for each side. This recipe explains how to set up OpenVPN in this manner and how the keys can be made visible. Getting ready For this recipe, we use the secret.key file from the previous recipe. Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 64 bit and OpenVPN 2.3.10. We'll use the secret.key file from the OpenVPN secret keys recipe here. How to do it... 1. Launch the server-side (listening) OpenVPN process with an extra option to the --secret parameter and with more verbose logging: [root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key 0 --verb 7 2. Then launch the client-side OpenVPN process: [WinClient] C:>"Program FilesOpenVPNbinopenvpn.exe" --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key 1 --remote openvpnserver -- verb 7 The connection will be established with a lot of debugging messages.
  • 52. The connection will be established with a lot of debugging messages. If we look through the server-side messages (searching for crypt), we can find the negotiated keys on the server side. Note that the output has been reformatted for clarity: ... Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Encrypt: CIPHER KEY: 80797ddc 547fbdef 79eb353f 2a1f3d1f ... Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Encrypt: HMAC KEY: c752f254 cc4ac230 83bd8daf 6141e73d 844764d8 ... Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Decrypt: CIPHER KEY: 8cf9abdd 371392b1 14b51523 25302c99 ... Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Decrypt: HMAC KEY: 39e06d8e 20c0d3c6 0f63b3e7 d94f35af bd744b27 On the client side, we will find the same keys but the "Encrypt" and "Decrypt" keys would have been reversed: ... Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Encrypt: CIPHER KEY: 8cf9abdd 371392b1 14b51523 25302c99 ... Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Encrypt: HMAC KEY: 39e06d8e 20c0d3c6 0f63b3e7 d94f35af bd744b27 ... Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key ... Static Decrypt: CIPHER KEY: 80797ddc 547fbdef 79eb353f 2a1f3d1f ... Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication ... Static Decrypt: HMAC KEY: c752f254 cc4ac230 83bd8daf 6141e73d 844764d8 If you look at the keys carefully, you will see that each one of them is mirrored on the client and the server side. How it works... OpenVPN derives all the keys from the static.key file, provided there is enough entropy (randomness) in the file to reliably generate four keys. All the keys generated using the following will have enough entropy: $ openvpn -- genkey --secret secret.key An OpenVPN static key file is 2,048 bits in size. The cipher keys are each 128 bits, whereas the HMAC keys are 160 bits each, for a total of 776 bits. This allows OpenVPN to easily generate four random keys from the static key file, even if a cipher is chosen that requires a larger initialization key.
  • 53. There's more... The same secret key files are used in a client/server setup when the tls-auth ta.key parameter is used. See also The Setting up the public and private keys recipe from Chapter 2, Client- server IP-only Networks, in which the tls-auth key is generated in a very similar manner
  • 54. Random documents with unrelated content Scribd suggests to you:
  • 55. Critique: the useful is a practical fact. The useful as the egoistic or immoral. Having made clear that the definition of the useful as means implies the negation of the useful as a practical fact and its reduction to a theoretical category already known, we must exclude the possibility of such a reduction, for in the useful, the practical character, the effectivity of the will, is ineliminable. "It is useful for me to take a walk" means, "It pleases me to take a walk," "I will to do it." It is a question, not of contemplation or of reasoning, but of volitional movement. The knowledge that precedes the utilitarian act is one thing, the act itself is another. The old man has the same knowledge as the young man, he has indeed much more (si jeunesse savait, si vieillesse pouvait!), but he does not will what the young man wills: he knows that by traversing so many kilometers he will arrive at a certain definite point; but it is not useful for him to go there, because it is not useful for him to traverse those kilometers, or to submit to that exertion at the risk of an illness. The utilitarian will is expressed, not in merely hypothetical imperatives, but in those categoric imperatives that are at the same time hypothetical. The general formula is "will!" or "will that you will!" or "be coherent in your willing!" as the individuated forms are those that we are continually repeating to ourselves, "now, to bed!" "now, up you get!" and the like; which, when developed, mean: "go to bed" (if you wish to rest yourself), "get up" (if you wish to work), and so on. The distinction between the cognoscitive and the volitional theses is here evident. Since then, owing to the unalterably practical character of the utilitarian fact, it was not possible to insist upon its reduction to the technical, and since, on the other hand, it was not desired to recognize it as a practical category side by side with the practical category of morality, they have tried to think of it as something certainly practical, but at the same time of little value, to beware of it, to combat it, to free ourselves from it. "Useful" has in this way become synonymous with wilfulness, with individual caprice, with will more or less perverted, and (looking upon immorality as the
  • 56. Critique: the useful is amoral. individual I, shut up in itself and rebelling against the universal) with egoism. This theory is supported by certain common modes of speech, in which the moral man is opposed to the man intent upon what is useful to him as an individual, the ethical to the economic life. But it is a question of phrases, true,' perhaps, in a certain sense, but inexact when understood or interpreted as affirmations of a contest between morality and utility. We discover at once that the contest is inexistent, by merely thinking of the case already mentioned, of the man in whom the moral conscience is not developed or has been suppressed, or of the case—limit called innocence. What is done in innocence responds, no doubt, to individual pleasure, and so to what is useful for the individual, as he feels it in the given circumstances: were this not so, what is done would not be done. But innocence is not immoral on this account. It will be amoral, because it is merely individual volition deprived of the light of the eternal; it will never be immoral. Thus (to make use of the comparison and analogy of the theoretic activity) the images that the poet creates will be without philosophy, but will not for this reason be anti-philosophical. Because, were that so, they would have to be partially philosophical, that is to say, to enter into strife with philosophy; but there is no such strife, and, therefore, those images, although philosophically not true, are none the less not philosophically false. Yet they are theoretical acts, in the same way that philosophy is a theoretical act. The philosophical innocence of the poet does not change his intuitive knowledge into bad philosophical knowledge, into a negative of philosophy.—Further, the useful not only is not the negative of morality, but, as we know, is also a fact that unites itself very well with morality, as the word is joined to the thought, making it concrete and palpable, so much so that thought without words is impossible. What honourable man would tolerate being judged disuseful? What moral action would be truly moral, were it not at the same time useful? The good action is good, because it is not bad, that is, it absolutely excludes the bad at the point in which it becomes effective; but certainly it is not so,
  • 57. The useful as ethical minimum. Critique: the useful is premoral. because disuseful; indeed, in being good, it is also useful, because it absolutely comprehends the useful in itself at the point in which it becomes effective. The union of morality with utility suffices to eliminate the concept of the useful as a negative. Certainly negative and positive do unite to give rise to becoming and to development; but their union is that of strife, not of concord. The third way of eliminating the concept of the useful from Philosophy, or from the Philosophy of the practical, is that which makes of it a concept of ethical description, or an empirical and psychological concept designating certain groups of very minute ethical facts, the rudimentary ethical consciousness. Hence the illusion of the existence of volitional acts indifferent in respect to morality. These acts are really indifferentiated for the mind that is examining them, which sometimes does not take the trouble to do so minutely, save when such an examination is seriously undertaken, and then they are always differentiated into good or bad. Thus it generally said that eating and sleeping, playing at cards or at billiards, are things that appertain, not to morality, but to individual utility, and that each one may conduct himself as he wills in respect to them, whereas individual choice is excluded when it is necessary to fulfil one's own obligations of social work or of respecting the life of one's neighbour. But if we observe attentively, we see that also in eating or in sleeping, in playing cards or billiards, one acts morally or immorally, since, for example, it is immoral to ruin one's health with eating too much, or with sleeping too little, or to corrupt soul and intellect with card-playing and dawdling in billiard-rooms, when one can do something better. But the useful is none of all these things; it is not the complex of ethical micro-organisms, in which we discover with the microscope the same facts of life and of death that we observe with the naked eye in macro- organisms. No microscope will ever discern in it the oppositions of moral good and evil, because these oppositions are not really there; there are only those of utilitarian or economic good and evil. For the
  • 58. A desperate attempt: the useful as inferior practical conscience. Confirmation of the autonomy of the useful. useful is not the moral minimum, but the premoral. In this case it is a question, not of approximative, but of rigorous difference; not psychological, but philosophical. Finally, it is necessary to consider the attempt to present the utilitarian conscience as a moral conscience, different and inferior to another moral conscience placed over it, not as a new mode of eliminating the concept of the useful, by absorbing it in that of morality, but as a confession of the autonomy of that moment of the spirit. It would be moral, because there is no contradiction to be found in it that can cause it to be judged immoral, and if it be so judged, this happens because it is looked at from the point of view of the superior conscience, or because the superior conscience is erroneously transported into the inferior. But this has importance precisely because it is not moral, and because the value that it is admitted to possess, far from being morality, is spirituality; that is to say, it constitutes a peculiar spiritual value, different from morality. "Better a will of some sort than no will at all" is a common saying which means that prior to morality, there is another and more elementary spiritual demand. The distinction of the two consciences, then, is philosophical, not one of more or less, a distinction of degrees, but not of empirical degrees, which coincides with our conclusion. Thus, to return to the usual comparison, the poetical figuration is true, and can only be judged false by him who looks upon it from a philosophical point of view, or himself falsifies it by turning it into a bad philosopheme. But the truth of that figuration is not philosophical, and remains purely and simply poetical truth. It will be said that morality is implied in utilitarian volition, because, when the individually useful is posited, the universal, which will dominate and correct it, is promoted, in the same way as it has been said that philosophy is implied in the æsthetic intuition, since by positing the individual imagination is posited the claim of the universal, which surpasses and renders it untrue. But since the æsthetic conscience is distinguished from the philosophical, precisely
  • 59. Economic and ethic as the double degree of the practical. because that which in the latter is explicit is only implicit in the former, so, in like manner, the utilitarian conscience is distinguished from the moral conscience, because that morality which becomes explicit and effective in the second, is only implicit or actually inexistent in the first. The difference between implicit and explicit is another way of enunciating the distinction between the two consciousnesses or practical forms, the autonomy of both being thus recognized. IV RELATION BETWEEN THE ECONOMIC AND ETHICAL FORMS The respective distinction and autonomy of the two forms, economic and ethic, as we have hitherto been expounding it, and as results from the words "inferior" and "superior" just now used, is that of two degrees, at once distinct and united, such that the first can stand without the second, but the second cannot stand without the first. The moment of distinction lies in that possibility of existence independent of the first; the moment of unity is in the impossibility of independent existence of the second. If the first were wanting, there would be identity; if the second, there would be abstract distinction or separation. For this reason we have insisted upon showing that there are actions without morality, yet which are perfectly economical, whereas moral actions that are not also perfectly useful or economical do not exist. Morality lives in concrete, in utility, the universal in the individual, the eternal in the contingent. Hence our reason for reducing the theses that denied the distinction between the two practical forms to an exclusive affirmation of the economic form, this latter being as it were the general form, which of itself involves both itself and the other.
  • 60. Errors arising from conceiving them as coordinated. Disinterested actions. Critique. Vain polemic conducted with such an assumption against utilitarianism. Even when both the practical forms, economic and ethic, utility and morality, are admitted, the gravest errors arise from failing to understand the connection of unity-distinction that exists between them, conceiving them as juxtaposed or parallel, and the respective concepts as coordinated. In truth, if utility and morality were coordinate concepts, each included as species beneath the general concept of practical activity, the first consequence that could be drawn from this (and it has been drawn) is that morality is conceivable without utility. This has given rise to the absurd concept of disinterested actions, that is, of those moral actions that should hold themselves aloof from any sort of impure contact with utility. But disinterested actions would be foolish actions, that is to say, wilful acts, caprices, non-actions. Every action is and must be interested; indeed, the more profoundly it is interested, so much the better. What interest is stronger and more personal than that which impels the man of science to the search for truth, which is his life? Morality requires that the individual should, in every case, make his individual interest that of the universal; and it reproves those who engage themselves in an insoluble contradiction between the individual interest of the universal and that which is merely individual. But it cannot claim to suppress the interest, that is, itself, in the same way that the volitional act dominates the passions, but cannot eradicate them without eradicating itself. Hence, as the volitional act triumphs over the passions as the supreme passion, so morality triumphs over interests as the supreme interest. The polemic of autonomous Ethic against the heteronomous Ethic of utilitarianism has had a false and fruitless beginning, owing to this fiction of disinterested actions. In the belief of conquering and more than conquering, it has been attempted to show that man accomplishes some actions without any personal interest, whereas on the contrary an easy
  • 61. Actions morally indifferent, obligatory, supererogatory, etc. Critique. victory has in this way been prepared for the adversary. Utilitarianism, in fact, has always been able triumphantly to make the counter-demonstration that there is no action, be it as lofty as you will, that does not answer to a personal end. It is evident that the hero has his personal interest in the pro patria mori, just as the saint, who wishes to direct his soul toward humility, finds his own account in allowing himself to be abused, beaten and splashed with mud ("in this is perfect joy," said Francesco of Assisi to Frate Leone). Correct polemic should not enter upon the useless task of denying this evidence; it should on the contrary admit, as was admitted above, that there is no action which does not answer to an individual desire, since it is the individual that performs it, and the universal is always obliged to avail itself of individuals. But when this point has been conceded and admitted, it will prove, as was proved above, that the useful action can either remain merely personal or progress to the action that is universal-personal, ethical-useful. And the ethical-useful action itself is precisely the new spiritual category that the utilitarian does not see. A second erroneous but unavoidable consequence of the conception of useful and moral as coordinated concepts is that while, according to that theory, there can be ethical actions economically disinterested or indifferent, so there can be actions that are useful and morally indifferent. The indifferent would not be those that are merely economic, and, therefore, neither moral nor immoral, which we have recognized as the necessary precedent of moral actions, reappearing always when a return is made to the state of innocence, or as soon as the moral conscience is abolished or suspended. They would on the contrary be economic actions that should persist as such, that is, as ingenuous and amoral, when the moral consciousness is already kindled, and consequently in the very circle of such a conscientiousness. They are altogether inadmissible when thus conceived, and to have admitted them is equivalent to annulling morality, as the recognition of the right of subjects to rebel at their
  • 62. Comparison with the relation of art and philosophy. pleasure would be to annul sovereignty, or a burlesque contract containing the clause that each party should be free not to observe the other clauses agreed upon, at his pleasure. Indifferent actions do not exist, either for economy or for morality, and those to which such a character is generally attributed are, as we know, indifferentiated, not indifferent, and always differentiable when more closely examined. Only he who places the useful and the moral, side by side with one another, separate and impenetrable, is of necessity led to conceive of useful actions morally indifferent, and as such licit or permissible. Hence it also happens that moral actions also seem to be obligatory compared with the first; and that, in order to obtain equilibrium at the other extremity, ultramoral or more than moral actions, called meritorious or supererogatory, are placed side by side with obligatory actions that hold the mean. But morality does not grant leave not to do, nor prizes for doing more than was required; it simply imposes doing, doing always what is morally good, always realizing the universal, in ordinary as in extraordinary life, on the occasions that occur every day, every hour, every minute, as in those that occur every year, every ten years, every century. Nothing is indifferent to economy in its sphere and nothing to morality in its sphere: in it, economic actions with their premoral character do not persist, but only moral actions subsist. Economicity is certainly the concrete form of morality; but it is never an element that possesses a value of its own in the moral life. A comparison with the theoretic activity will serve to make clearer this criticism of the licit or morally indifferent. Artistic intuitions or expressions are neither true nor false philosophically, so much so that Philosophy, if it wish to exist, must also become concrete itself, as living speech, æsthetic form, intuition-expression, and place itself as an intuition among intuitions, though it be an intuition portans mysteria, that is, enclosing in itself the universal. But the appearance of philosophy reacts upon the pure intuitions, or upon the poetic representation of the world, in which existent and inexistent were indistinct; and the world of intuition transforms itself into the world
  • 63. Other erroneous conceptions of modes of action. of perceptions, in which those that once were poetic intuitions, are now all of them critical or reflective images penetrated by the concepts, divided into images of existence and images of possibility. In the world of perception or of history, no poetical element can subsist as such; what was a bewitching truth in the field of art, were it introduced into history, would give rise to disharmony and become changed into a repugnant lie, as we see is actually the case in history mingled with inventions and fables. History too assumes artistic form; but it cannot tolerate in its bosom art as an element standing alone. Utilitarian or economic volitions and the moral- economic volitions (universal and historical perceptions or representations of the practical) proceed in a manner perfectly analogous (intuitions of the practical). Moral indifference belongs to the first, when they are on this side of the moral conscience, but within this conscience they lose the right to innocence, as in history the pure intuitions, when they have become perceptions, lose the privilege that they possessed as pure intuitions. The ethical discrimination of the economic volitions, which takes place through the moral conscience, is then in full correspondence with the historical discrimination of the æsthetic intuitions, which takes place through the logical conscience. We owe to the false conception by coordination, not only the two monstrous little concepts of disinterested actions and of those that are morally indifferent, licit, or permissive, but others also, which have been deduced by means of a somewhat different casuistic from the same general hypothesis. Indeed, in the preceding case, useful and moral, posited as apart and parallel, were maintained one extraneous to the other and at peace between themselves. But nothing forbade that warlike plans should be attributed to those two entities, just as when two coordinate animal species are posited, we may suppose, either that the individuals of each one mind their own affairs and allow the individuals of the other species to live and to prosper in peace, or that the one takes to persecuting the other, sometimes injuring or destroying it and
  • 64. sometimes being by it injured or destroyed. Thus were and are obtained concepts of moral anti-economic actions and of anti- economic moral actions, of immoral economic actions, and of economic immoral actions, four concepts which are all four to be rejected. Moral action can never be accomplished at a loss: morality is for the moral man the supreme advantage in the situation in which he finds himself, and it would be erroneous to measure it by comparison with what an individual without morality would do in the same situation, for, as we know, individual and situation are all one, in such a way that a like comparison is impossible. In a similar manner, an anti-economic action can never be moral; at the most it will not even be amoral, or will not even posit the primary and generic condition of morality, that is, it will not be action, but inert contemplation. An immoral action can never be economic, because immorality implies internal disagreement and strife between one volition directed to the universal and another directed to the merely individual, hence the result will be practical inconclusion and infecundity, dissatisfaction and remorse; that is to say, just the opposite of utility and economicity. In like manner, an economic action can never be immoral: at the most (when it is merely an economic action), it will be amoral.
  • 65. Pleasure and the economic activity, happiness and virtue. Pleasure, pain and feeling. Coincidence of duty with pleasure. The bond of unity and distinction that exists between the concepts of the useful and the moral and the consequent negation of the formula of coordination, help to solve in a definite way the intricate questions relating to pleasure and morality, happiness and virtue. First of all, we can here give yet another meaning to the indeterminate category of feeling with its poles of pleasure and pain, for it is clear that when feeling was distinguished from moral activity and set at variance with it, we had in view nothing but the pure economic activity. And in truth, of all the tendencies included in that concept as sketched out, this of economicity seems on the whole to prevail over the others, so much so that we shall henceforth be disposed to give to the word "feeling" the name of economic activity. Thus it was reasonably maintained, with implied reference to this meaning, that pleasure and pain are proper to feeling and extraneous to the other spiritual forms, and that they only act in the others as concomitants. For if the theoretical forms give rise to the dialectic of true and false, in so far as the practical spirit can be introduced into them, it is clear that pleasure and pain come to those forms from the practical spirit, with which the theoretic spirit is always in unity. In the practical spirit too, the moral activity divides into pleasure and pain, in so far as it has concrete or economic form; and therefore in so far as it is economic, not in so far as it is moral. Pleasure and pain belong to feeling alone, because they belong to the economic activity alone, which is the practical in its general form, involving of itself all the other forms, practical and theoretic. When this has been established, pleasure or economic feeling or economic activity as positive cannot be at strife with duty or with the moral activity in its positivity, for the two terms coincide. The divergence existed only when they were conceived, not in unity and distinction, but in coordination. When we speak of a good action
  • 66. Critique of rigorism or asceticism. Relation of happiness and virtue. accompanied with pain, we make an inexact statement, or better, we make use of a mode of expression that must be understood, not literally, but in its spirit. The good action, as such, always brings with it satisfaction and pleasure, and the pain said to accompany it, either shows that the action is not yet altogether good, because it has not been willed with complete internal accord, or that a new practical problem, still unsolved and therefore painful, lies beyond the pleasurable moral action. The other false idea, of rigoristic or ascetic Ethic, which makes war upon pleasure as such, derives from the plan of coordination, through the already mentioned casuistic of the conflict between the coordinated terms. Indeed, if it be legitimate to combat this or that pleasure, which enters into a contest with the moral act, it is not possible to abolish the category of pleasure, for the reason already given, that in this way the category itself of morality, which has its reality and concreteness in pleasure (in economicity), would be abolished: the concrete and real moral act is also pleasurable. The attempt to abolish pleasure is as insane as would be the wish to speak without words or any other form of expression, preserving thought pure of such sensual contacts, that is to say, producing an inexpressed and inexpressible thought. This last attempt has been made by mysticism, which either does not give thoughts at all, or, contradicting itself, gives them expressed and logical, like those of all other doctrines. Asceticism provides a complete counterpart to this in the practical field, for it might be called mysticism of the practical in the same way as the name of asceticism of the theoretical would not be unsuitable to mysticism. What has been said of the relation between pleasure and morality, is to be repeated of the other between happiness and virtue, a relation that is identical with the preceding, from which it diners only because expressed by means of empirical concepts of class. Happiness is not virtue, as pleasure is not morality, because there exist the pleasure of the innocent or of the mentally deficient, and
  • 67. Critique of the subordination of pleasure to morality. the happiness of the child or the brute, who are without moral conscience. But virtue is always happiness, as morality is always pleasure. It will be said that a virtuous man may be unhappy, because he suffers atrocious physical pain or is in financial difficulties, and, therefore, that virtue and happiness do not coincide. But this is a vulgar sophism, because the virtuous man, who should be also happy, must be truly and altogether virtuous; that is to say, he must cure and conquer the ills of the body and of fortune with his energy, if he can, or, if it be impossible to conquer them, he must resign himself and take them into account and develop his own activity within the limits that they lay down. Every individual, not only the unfortunate individual of the example, has his limits; and everyone can transform his limits into pains by being dissatisfied with them, just as every one can, with resignation, transform his pains into limits and conditions of activity. It will be said that sometimes the evils that assail the virtuous man are not only incurable, but so intolerable as to render all resignation impossible. But he who does not effectively and absolutely resign himself, that is, does not accommodate himself to life, dies; and the occurrence of the death of the individual is neither happiness nor unhappiness: it is a fact or event. Finally, the theory that subordinates pleasure or happiness, utility or economy, to duty, to virtue, to moral activity, is to be rejected. The subordination of the one term to the other is not possible on this side of morality, because only one of the two terms is present; and in like manner it is impossible in the moral circle, because, though the terms are certainly two, they are two in one, not one above and the other below; that is to say, they are distinct terms that become unified. Morality has complete empire over life, and there is not an act of life, be it as small as you will, that morality does not or ought not to regulate. But morality has no absolute empire over the forms or categories of the spirit, and as it cannot destroy or modify itself, so it cannot destroy or modify the other spiritual forms, which are its necessary support and presupposition.
  • 68. No empire of morality over the forms of the spirit. Inexistence of other practical forms and impossibility of subdivision of the two established. Hence is apparent the remarkable fatuity of those who pretend to regulate morally the function of art, of science, or of economy and profess moralistic theories of art and philosophy and a moralized economic science. The poet, the man of science, the business man, must be as honest as others, but it is not given to them to tear in pieces the nature of poetry, of science and of industry, in the madness of honesty. Indeed, were this done or attempted, and the poet were to introduce extraneous elements into his work of art, through his failure to understand morality, or the philosopher to veil or alter the purity of truth, or the man of business foolishly to bring his own business to ruin, then and only then, would they be dishonest. To substitute the single acts of life that appertain to morality, for the universal forms of the spirit, and to predicate of these what should be predicated only of those, is so evident an absurdity that it could not be committed by anyone accustomed to philosophical distinctions. But what nonsense is so evident that idle babblers and elegant men of letters do not know how to cover with their ratiocinative and æsthetic flowers and to present to society or to the academic world as truth, or at least as a theory worthy of reflection and discussion? Such, then, are the two forms of the practical activity, and such their relation; and as it is not possible to reduce them to one alone, so it is not possible to multiply them beyond the two, which altogether exhaust the nexus of finite and infinite. Hence, too, we perceive that the economic and also the ethic-economic activity do not each of them give rise to new subdivisions, because other terms of subdivision are not conceivable beyond the duality of finite and infinite. As there are no philosophical and ethical classes, nor categories of expression (rhetoric), nor categories of concepts (formalistic logic), so there are no economic categories and ethical categories beyond those that constitute utility (volition of the individual) and morality (volition of the universal).
  • 69. Problem of the relations between Philosophy and Science of Economy. V THE PHILOSOPHY OF ECONOMY AND THE SO-CALLED SCIENCE OF ECONOMY Internal observation, confirming at all points rational necessity, has rendered clear the existence of a special form of practical activity, the utilitarian or economic, and of a correlative Economic or Philosophy of economy. But however irrefutable may seem the demonstration that we have given, yet it will never be altogether satisfactory, while a very important point is left obscure: the relation between our Philosophy of economy and the Science of economy. This is a system of doctrine that takes various names and forms, and is presented in turn as political, national, pure, or mathematical Economy; it is a system of doctrines which, although not without precedents in antiquity, has been gradually formed, especially in recent centuries, and is now in fullest flower. A saying of Hegel is often recorded, not without satisfaction, for even in his time he praised Economy as "a science that does much honour to thought, because it extracts the laws from a mass of accidentally."[1] Has it the same object as our Philosophy of economy? If the reply be in the affirmative, how does it ever arrive at concepts altogether different? Or is it an empirical science, and if so, from what source does it derive the rigour and absoluteness by which it is removed from all empiricism and formulates truths of universal character? Two strict sciences with the same object are inconceivable; and yet as it seems, there must here be precisely two: hence the perplexity and disorientation that the affirmation of a Philosophy of economy must and does produce.
  • 70. Unreality of the laws and concepts of economic science. If the economic actions of man be considered, in their uncontaminated and undiminished reality, with an eye free from all prejudice, it is never possible to establish even a single one of the concepts and laws of economic science. Every individual is different at every moment of his life: he wills always in a new and different way, not comparable with the other modes of his or of others' willing. If A spent seven soldi to buy a loaf of bread yesterday, and to-day he spend the same amount in making the same purchase, the seven soldi of to-day are not for this reason those of yesterday, nor is the bread the same as that of yesterday, nor the want that A satisfies to-day the same as that of yesterday, nor is the effort that his action costs him identical with that of yesterday. If the individual B also spend seven soldi for a loaf of bread, the action of B is different from that of A, as that of the A of to-day was different from that of yesterday. If we lead the economist on to this ground of reality (or rather to the side of this Heraclitean river, in which it is not possible to dip the same hands twice in the same water), he will feel himself impotent, for he will not find any point of support for the edification of any of his theories.—The value of a piece of goods (says a theorem of Economy) depends upon the quantity of it and of all the other goods that are upon the market.— But what does "goods" mean? Bread, for example, or wine? In reality, abstract bread and wine do not exist, but a given piece of bread, a given glass of wine, with a given individual who will give a treasure or nothing in order to eat the one or to drink the other, according to the conditions in which he finds himself.—Any sort of enjoyment, when protracted, decreases and finally becomes extinguished.—That is the law of Gossen, one of the foundation— stones of economic theory. But what are these enjoyments that are protracted, decrease, and end by becoming extinguished? In reality there exist only actions, which assume different positions at every moment, owing to the continual changing of surrounding reality, in which the volitional individual operates. The difference is qualitative, not quantitative: if the individual A eat the bread that he has bought for seven soldi, when swallowing the second or the tenth or the last
  • 71. Economic Science founded upon empirical concepts, but not empirical or descriptive. mouthful, he has a pleasure, not inferior to that which he had when swallowing the first, but different: the last was not less necessary for him, in its way, than the first; otherwise he would have remained unsatisfied in his normal want, in his habit, or in his caprice.—The economic man seeks the maximum of satisfaction with the least effort.—That is the very principle of Economy, but neither does this principle correspond with reality, most simple and general though it be. The individual A disputes for an-hour, in order to save two soldi in the purchase of an object, for which he has been asked ten lire, thus attaining the maximum satisfaction for himself with the least means that is naturally at his disposal on that occasion. The individual B, making boast of his magnificence, lights his cigarette with a banknote of a hundred lire, thus likewise attaining for himself the greatest satisfaction to which he aspired, with the least means that he possessed, namely, by burning that paper money. But if this be so, we have here a question, not of greatest and least, but of individual ends and of relative means adopted, or (owing to the unity of means and ends already noted), of actions individually different. Certainly, it is quite possible to abstract in a greater or less measure from the infinite variety of actions and to construct a series of types or concepts of classes and of empirical laws, thus rendering uniform the formless, within certain limits. Thus is obtained the concept of bread and of the consumption of bread, and of the various portions of bread and of other objects, for which a portion of bread can be exchanged, and so on. In this way are full philosophico-historical reality and the method of logical necessity and of realistic observation of facts abandoned for a feigned reality and for a method of arbitrary choice, which, as we know, has its good reasons for existing in the human spirit, and does great service by the swift recall and easy control of the requisite knowledge. And if Economy consisted in the establishment of a series of laws and examples in the above sense (or when understood in this way), it would join the number of the
  • 72. descriptive disciplines; and in that case there would be no necessity for us to speak of it further, for it would suffice to refer back to what has already been said of the relations of the Philosophy of the practical with practical Description, classes, rules, and casuistic. But economic Science is not descriptive, and is not developed according to the following formula: goods are divided into the classes a, b, c, d, e, etc., and the class a is exchanged with the class b in the proportion of I to 3, the class b with the class c in the proportion of I to 5, etc. In such a formula is always understood the up and down, the for the most part, and the very nearly: the classes with their ups and downs are as stated; the exchanges take place for the most part in the proportions stated; if things are to-day very nearly thus, to- morrow they will be so very nearly, in a different way. On the contrary, the propositions of the Science of Economy are rigorous and necessary. "Granted that soils of different degrees of fertility are cultivated, their possessors will all obtain, besides the absolute rent, a differential rent, with the exception of the possessor of the least fertile soil" (Ricardo's law). "Bad money drives out good" (Gresham's law). Now, it is not conceivable in any case that soils of different fertility, all of them cultivated, should not give a differential rent. It will be said that the State can confiscate the differential rent, or that the possessor, owing to his bad cultivation or to his bad administration, may lose it; but the proposition does not remain less sound on this account. Nor is it possible that, when an unchangeable paper money is in circulation, gold coins should also circulate indifferently and on a par with it, when the total of the money in circulation lowers the value of the monetary unit beneath the metallic value of the better money. A madman who might be in possession of a hoard of gold pieces at the time of the circulation of the declining paper money (which causes poverty) would perhaps give it in exchange for the inferior money; but the wise man will keep it in his safe. The economic proposition expresses the rational necessity, not the madness, which is irrational. Those propositions, like all the others of economic science, are therefore certainly not descriptions, but theorems.
  • 73. Their mathematical nature. Its principles; their character of arbitrary postulates and definitions. Their utility. The denomination "theorems" makes us think at once of the mathematical disciplines, among which alone can economic Science find a place. The propositions of that science being excluded from philosophical, historical, or naturalistic science, there remains nothing that they can be, save mathematical. Yes, they are mathematical, but not pure mathematics, for in that case they would be nothing but arithmetic, algebra, or the calculus, that is, they would belong to the kind of mathematical disciplines called applied, because they introduce into the paradigms of the calculus certain data taken from reality, that is to say, taken from without the purely numerical conception. Economic Science, then, is a mathematic applied to the concept of human action and to its sub-species. It does not inquire what human action is; but having posited certain concepts of action, it creates formulæ for the prompt recognition of the necessary connections. It is not surprising that such propositions examined in their truth appear in one respect arbitrary and in another tautological. But it is not thus that they are examined, and it is not thus that propositions of mathematics are ever examined, for their value lies solely in the service that they render. Certainly Ricardo's law relating to land of varying fertility is nothing but the definition of lands of various fertility, in the same way that Gresham's law relating to bad money is nothing but the definition of bad money. The same may be said of any other economic law, as, for example, that every protective tariff is destruction of riches, or that a demand for commodities is not a demand for labour, since these, like the preceding, are simply definitions of the protective tariff, of the demand for commodities, and of the demand for labour. And it could be proved of all of them that they are arbitrary, because the concepts of land, tariffs, commodities, money, and so on, are arbitrary, and because they become necessary only when that arbitrariness has been admitted as a postulate. But the same demonstration can be given of any theorem in Geometry; since it is
  • 74. Comparison of Economic with Mechanics, and reason for its exclusion from ethical, æsthetic and logical facts. not less arbitrary and tautological, that the measure of a quadrilateral should be equal to the base multiplied by the height, or that the sum of the squares of a cathetic should be equal to the square of the hypotenuse. This does not prevent Geometry from being Geometry, or negate the fact that without it we should not have been able to build the house in which we dwell, nor to measure this star upon which we live, nor the others that revolve around it or around which we revolve. Thus, it would be impossible to find one's way in empirical reality without these economic formulæ, and that would happen which happened when economic science was still in its infancy; namely, that by its means measures of government were adopted, which were admirably suited to produce in the highest degree those evils which it was thought could be avoided by its help, a misfortune of which the Spanish government in Lombardy or in the Province of Naples in the seventeenth century, with its cries and its pragmatics in economic and financial matters, has left most excellent examples. Or what happens now, when ignorance, or deceitful interest, which profits by ignorance, proposes or causes to be adopted ruinous measures under the appearance of publica salus, arguing that they are good, or that they are good for different reasons than those for which they could be maintained. Such, for instance, would be the proposal for fresh expenditure on public works that are useless or of little use during a period of economic depression in a country, and instead of relieving, increase the general depression; or the increase of protective tariffs, when industrial progress is slow, which ought to encourage industry, but on the contrary produce an industry that is unstable and artificial, in place of one that is spontaneous and durable. The special form of application of mathematics, which we find in economic Science, has been compared on several occasions with that which takes place in Mechanics. "The economic man" of the first has seemed to be altogether like the "material point" of the second, and Economy has been called "a sort of Mechanics," or simply
  • 75. Errors of philosophism and historicism in Economy. "Mechanics." All this is very natural, for Mechanics are nothing but the complex of formulæ of calculation constructed on reality, which is Spirit and Becoming in Metaphysic, and may be abstracted and falsified in Science, so as to assume the aspect of Force or a system of forces, for the convenience of calculation. Economy does the same thing, when it cuts off from the volitional acts certain groups, which it simplifies and makes rigid with the definition of the "economic man," the laws of "least means," and the like. And owing precisely to this mechanicizing process of economic Science, it is ingenuous to ask oneself why ethical, logical, or æsthetic facts are not included in Economy, and in what way they can be included. Economic science is the sum of abstractive operations effected upon the concept of Will or Action, which is thus quantified. Now since moral facts are also will and action, and since economic Science is not occupied with qualitative distinctions, not even with the quality itself of that economic fact which it employs as its material, it is clear that Science cannot lay any stress upon moral distinguished from economic facts, nor can it receive them in a special class, because its assumption is the indistinction of the two orders of facts, and they are included in that indistinction. As to æsthetic or scientific facts, these, taken by themselves, are not facts, but representations and thoughts of facts, and as such escape economic calculation: considered in the unity of the spirit, they are certainly facts, that is to say, volitional products, but as such are already found included with these in the indistinction of economic Science. As a mathematical discipline, economic Science is ultimately quantitative, and it remains so, even when it makes use of the smallest possible number of numerical and algebraical signs (even when it is not mathematical Economy in the strict sense of the word). The attempts, both of philosophism and historicism, which claim to deny Economy, by criticizing its abstractness and its arbitrariness, and to make it philosophical (or as they say psychological) and historical are therefore to be reproved. If Economy do not give the universal truth of Philosophy, nor the
  • 76. The two degenerations: extreme abstracticism and empiristical disaggregation. particular truth of History, Philosophy and History are in their turn incapable of making the smallest calculation: if Economy have not eyes for the true, Philosophy and History have not arms to break and to dominate the waves of fact, which would oppress man with their importunity and finally prevent him from seeing. Hence the absurdity of philosophism and historicism; hence too, the sound tendency of Economy to constitute itself pure Economy, free of practical questions, which are also, it is clear, historical, not abstract and scientific questions. But economy has in itself other enemies besides these that are external, in so far as it is certainly a mathematical discipline, but an applied mathematic, that is to say, one that assumes empirical data. These empirical data can be infinitely multiplied, and hence result infinite economic propositions, each distinct from the other; and on the other hand, they can be regrouped, simplified and unified, so as finally to return to the indistinct x. If the first tendency prevail, we have what is called economic empiricism, a cumbrous mass of disaggregated propositions; if the second, a very general formula, which sometimes does not even preserve the smallest vestige of that concept of human action from which it started, and becomes altogether confounded with the formulæ of arithmetic, of algebra and of the calculus. Sound economic Science must be at once abstract and empirical, in accordance with its nature, connecting and unifying disaggregate propositions; but it must not allow distinction to be lost in unity, for the one is as necessary as the other. Those who are unacquainted with the generalities of Economic Science, and those acquainted only with its details, are alike incapable, though for different reasons, of calculating the economic consequences of a fact. The first see all the facts as one single fact, the second, all the facts as different, without any arrangement by similarities and hierarchies. The question as to the relative proportion of generalities and particulars to be given in treatises, is one that has been much discussed, but since this has only a
  • 77. dance at the History of the various tendencies of Economy. didascalic and pedagogic importance, it is only possible to answer it, case for case, according to the nature of the various scholastic institutions that are held in view. To maintain that Economy must stop short at this or that degree of abstraction, and for example be limited to what are called external goods or riches, excluding services; or to capital, as a concept distinct from land and human labour, without striving to unify these three concepts, is altogether capricious. Every unification, like every specification, can be useful, and haters of abstracticism are also abstracticists, but only half so. All those acquainted with economic studies will have recognized in the concepts that we have explained, the logical motives of the history of Economy, the divisions, the polemics, the defeats and the victories of this or that school and the progress of that branch of studies. The quantitative character of economic science already appears in its classics; in the inquiries of Aristotle as to prices and value (Politic and Nichomachean Ethic); and this is apparent also in the rare mentions by Mediæval and Renaissance writers. Economists have always been mathematicians, even when they have not spoken of mathematical Economy. Our writers of the nineteenth century, Galiani, Genovesi and Verri, were mathematicians in their methods; Francesco Ferrara, the greatest Italian economist of the nineteenth century, was a mathematician. The economic principle, which is all one with the excogitation of the economic man, was formulated by the head of the physiocratic school, Quesnay; and if the title of political Economy, first given to the discipline by Montchrétien in 1615, prevailed, that of social Arithmetic also sometimes made its appearance. Its progress has consisted, not only in the discovery of new economic theorems, but also in the connection and unification of those that had previously been posited in isolation, of material and immaterial goods, of the cost of production and of rarity, of gross and net produce, of agricultural rents and of all the others that are not agricultural, of the production, distribution and circulation of riches, of economic and financial laws, of social and isolated
  • 78. Signification of the judgment of economy, of the value of utility and of the value of exchange. It has even been possible to unite with the body of admitted economic doctrines those of Marx, which seemed revolutionary, for these are only definitions of a particular casuistry founded upon the comparison of different types of economic constitution. But to conquer empiricism was not enough; economic Science was menaced in its existence by the so-called historical School, which refused to recognize abstract definitions and set up against them the infinite variety of historical facts; hence the strife with historicism conducted by Menger and the Austrian school. A consequence of the struggle against the political degeneration of economic science was the constitution of Economy as a pure science (Cairnes). This was all the more necessary, inasmuch as by confounding the abstract with the concrete, and in the concrete itself, Economy with Ethic, there was a desire manifested upon several occasions among German economists (ethical school), and among Catholics of all countries, for an economic Science that should have as its base Ethic. The conception of Economy as a science deduced from the egoistic hypothesis, has been the extreme form of the reaction against ethicism (for example in the treatise of Pantaleoni). The dangers arising from philosophism have been less, because recent times, in which that discipline has most flourished, have not sinned through excessive philosophy. Of late, owing to the works of Jevons and of other Englishmen, of Gossen, of the Italians of the school of Ferrara, and of the Austrians, Economy has become at once more and more complicated and more simple, owing to the applications, extensions, and reductions that it has effected. But if with its progress it be able to become ever more exact and perspicuous, yet it will never for that reason become organic; its character of a quantitative discipline, of an applied mathematic, in which the atomism of the postulates and of the definitions is insuperable, does not allow of such metamorphoses. In this connection and as the seal upon what we have just been saying, it is fitting to observe that
  • 79. Hegel upon the Science of Economy. Adoption of the method and of definition of Economy by Philosophy. the phrase of Hegel referred to above can only have been interpreted as expressing admiration for the degree of truth attained by Economy, owing to the ignorance of Hegelian philosophy that has become usual; as though Hegel meant that Economic science did much honour to the thought, that is, to the speculative reason. Hegel wished to say, on the contrary, that Economy does much honour to the intellect, that is, to the intellect alone, to that abstractive and arbitrary intellect which he hunted down in all his philosophy: that it is not indeed true and philosophical science, but a simple descriptive or quantitative discipline treated with much elegance. This praise also contained the demand for a delimitation, which, however, he did not expressly enunciate, develop and execute. [1] Philos, d. Rechtes, § 189. Zus. VI CRITIQUE OF THE CONFUSIONS BETWEEN ECONOMIC SCIENCE AND PHILOSOPHY OF ECONOMY There is no disagreement, then, between the Philosophy of Economy described by us and economic Science or Calculus, of which we have just defined the nature, since there cannot be any between two altogether heterogeneous forms, the one moving within the categories of truth, the other outside them, with objects of a practical order. This reciprocal tolerance can be disturbed only by Philosophy, when it compels itself, either to invade the field of economic Science, or to receive within itself, to a greater or less extent, the method and the formulæ proper to the latter. We have already referred to the first, when we noted the inadmissibility of the economic attempts of philosophism
  • 80. Welcome to our website – the perfect destination for book lovers and knowledge seekers. We believe that every book holds a new world, offering opportunities for learning, discovery, and personal growth. That’s why we are dedicated to bringing you a diverse collection of books, ranging from classic literature and specialized publications to self-development guides and children's books. More than just a book-buying platform, we strive to be a bridge connecting you with timeless cultural and intellectual values. With an elegant, user-friendly interface and a smart search system, you can quickly find the books that best suit your interests. Additionally, our special promotions and home delivery services help you save time and fully enjoy the joy of reading. Join us on a journey of knowledge exploration, passion nurturing, and personal growth every day! ebookbell.com