Building Distributed Networks using VPNs David R Newman.

Slides:



Advertisements
Similar presentations
Southampton Open Wireless Network The Topology Talk.
Advertisements

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
NetComm Wireless VPN Functionality Feature Spotlight.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Virtual Private Networking with OpenVPN Wim Kerkhoff Fraser Valley Linux Users Group April 15, 2004.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
Module 4: Designing Routing and Switching Requirements.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Module 5: Configuring Access for Remote Clients and Networks.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
OpenVPN Vs IPSec measure performance
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
COMP3371 Cyber Security Richard Henson University of Worcester November 2015.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
Securing Access to Data Using IPsec Josh Jones Cosc352.
VPN Alex Carr. Overview  Introduction  3 Main Purposes of a VPN  Equipment  Remote-Access VPN  Site-to-Site VPN  Extranet Based  Intranet Based.
Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.
Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.
Defining Network Infrastructure and Network Security Lesson 8.
Windows 10 Common VPN Error Tech Support Number
Administering the SOWN Network David R Newman & Chris Malton.
Virtual Private Networks
Virtual Private Network Access for Remote Networks
Building Distributed Networks using VPNs David R Newman.
Linking Remote Sites With OpenVPN
Virtual Private Networks
Virtual Private Networks
Virtual Private Networks
Virtual Private Network (VPN)
Virtual Private Network
Microsoft Windows NT 4.0 Authentication Protocols
Virtual Private Networking with OpenVPN
Virtual Private Networks
Remote Access Lecture 2.
Planning and Troubleshooting Routing and Switching
Richard Henson University of Worcester November 2016
Configuring and Troubleshooting Routing and Remote Access
IbVPN: Ensures Your Online Safety and Access Blocked Websites
Virtual Private Networks (VPN)
MICROSOFT Networking with Windows Server VCE
The Internet of Things (IoT)
VPN-Implementation Using UBUNTU OS and OpenVPN and Hamachi in client-server environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi.
Virtual Private Network (VPN)
Server-to-Client Remote Access and DirectAccess
Goals Introduce the Windows Server 2003 family of operating systems
Cengage Learning: Computer Networking from LANs to WANs
WireGuard zswu.
Virtual Private Network zswu
OpenVPN zswu.
Internet protocol stack
Presentation transcript:

Building Distributed Networks using VPNs David R Newman

VPN – Virtual Private Network A Definition VPN – Virtual Private Network “ A virtual network that is constructed across the Internet (or other public network) to connect two or more parts of a private network. ”

OSI Model

Types of VPN On top of Data Link Layer On top of Network Layer L2TP/IPsec - Layer 2 Tunnelling Protocol / Internet Protocol security VPLS – Virtual Private LAN Service On top of Network Layer PPTP – Point-to-Point Tunnelling Protocol SSH – Secure Shell VPRN – Virtual Private Routed Network DTLS – Data Transport Layer Security TLS – Transport Layer Security E.g. OpenVPN

Server and Clients

Why OpenVPN? Open Source High connection speed (relative to available bandwidth) Secure Makes it is easy to bypass NATs and Firewalls Well-supported by OpenWRT Extensively configurable

OpenVPN Server (1) server 10.13.112.112 255.255.255.252 local 152.78.189.90 port 5044 proto udp dev tap55 ca /etc/openvpn/package_managment/node_control_2015.crt cert /etc/openvpn/package_managment/server- node_control_2015.crt key /etc/openvpn/package_managment/server- node_control_2015.crt.key dh /etc/openvpn/dh1024.pem push "route 10.12.0.0 255.254.0.0" push "route 152.78.189.82 255.255.255.255" push "dhcp-option DNS 10.13.0.239"

OpenVPN Server (2) client-connect "/etc/openvpn/client-routes/connect- node308" client-disconnect "/etc/openvpn/client- routes/disconnect-node308" client-to-client keepalive 10 120 user openvpn group openvpn persist-key persist-tun log /var/log/openvpn/server55.log status /var/log/openvpn/server55-status.log verb 3 script-security 3 system

OpenVPN Client client remote sown-auth2.ecs.soton.ac.uk 5044 proto udp dev tap ca /etc/sown/node_control_2015.crt cert /etc/sown/client.crt key /etc/sown/client.key down /etc/sown/events/tunnel_down up /etc/sown/events/tunnel_up nobind resolv-retry infinite user nobody group nogroup persist-key verb 3 script-security 2

Now For Some Magic!!!

/27 /24 /30 Saving Address Space = 32 addresses = 256 addresses 10.13.77.1 10.13.0.8 10.13.77.2 169.254.13.113 10.13.121.113 169.254.13.114 10.13.121.114 10.13.77.30 10.13.77.254 10.13.77.3 /30 = 4 addresses

Proxying to a VPN Server sown-auth2 DNAT + ACCEPT SNAT sown-vpn2 Firewall

IPv6 Tunnelbroker Sound Familiar? Provides globally routable IPv6 networking to isolated LANs. Replacement for discontinued SIXXS tunnel broker. Intended for existing and new research projects that require IPv6 connectivity in unusual locations. Needs to be easy to configure client side across a number of different platforms. Needs to easily bypass NATs and Firewalls whilst having a high level of security. Sound Familiar?

Users of IPv6 Tunnelbroker

How Things Get IPv6 from the Tunnelbroker brain Generate a client config tarball on tunnelbroker. Deploy tarball on interface Raspberry pi Get OpenVPN client on interface to connect to server on tunnelbroker IPv6 addresses configured using RADVD. Devices inside the University firewall can connect to all the pis. 2001:630:d0:f301: ba27:ebff:fe8e:6270 2001:630:d0:f300::1 mech 2001:630:d0:f301: ba27:ebff:fe86:f3ba interface 2001:630:d0:f300::1001 2001:630:d0:f301::1 left-eye 2001:630:d0:f301: ba27:ebff:fe9f:d0e7 right-eye 2001:630:d0:f301: ba27:ebff:fe33:9304

Further Reading OSI vs. TCP/IP Model Picking a VPN http://electronicdesign.com/what-s-difference-between/what-s-difference- between-osi-seven-layer-network-model-and-tcpip Picking a VPN http://vpnpick.com/vpn-newbie-guide-picking-openvpn-pptp-l2tp/ https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs- ikev2/ OpenVPN Documentation https://openvpn.net/index.php/open-source/documentation OpenVPN on OpenWRT https://wiki.openwrt.org/doc/howto/vpn.openvpn https://wiki.openwrt.org/doc/howto/vpn.client.openvpn.tap Wide Area Wi-Fi https://wiki.openwrt.org/doc/howto/wide.area.wifi

Future SOWN Talks Firmware Development for Embedded Devices – Chris Malton A Mechanism for Global Distributed Authentication – David Newman Administering the SOWN Network – David Newman and Chris Malton

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.