Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing
Outline Project Goal New Technical Background Current Network Layout Roadmap of our Project Status of our tasks Summary Challenges Faced CSE591: Virtualization and Cloud Computing
Project Goal Provide users of Android devices with several reliable options for accessing a cloud via a VPN connection. CSE591: Virtualization and Cloud Computing
Technical Background There are several different protocols users may wish to use. PPTP L2TP L2TP/IPSec SSL VPN CSE591: Virtualization and Cloud Computing
PPTP Point-To-Point Tunneling Protocol (PPTP): Developed by Microsoft Generally: Maintains a control channel over a TCP connection. Through that, it initiates a GRE tunnel PPP packets are sent through a GRE tunnel (Generic Routing Encapsulation). The PPP traffic is authenticated using protocols like PAP, CHAP, etc. The PPP payload can be encrypted using MPPE. CSE591: Virtualization and Cloud Computing
L2TP Layer 2 Tunneling Protocol (L2TP): L2TP: It’s initiated over UDP L2TP itself does not provide any encryption or authentication. It simply provides the tunnel. L2TP/IPSec: 3 major steps to establish it: Negotiation of IPSec Security Association using pre- shared key or a certificate. Establishing ESP communication, hence a secure channel. Establishing a L2TP tunnel over the secure channel. CSE591: Virtualization and Cloud Computing
SSL VPN Encrypt everything above the Transport Layer using SSL protocols. Runs over TCP or UDP. Uses pre-shared keys or certificates for authentication Always uses the strongest encryption that both the server and client support. Capable of traversing NATs and firewalls and proxy servers. CSE591: Virtualization and Cloud Computing
Network Diagram CSE591: Virtualization and Cloud Computing Virtual Private Network
Roadmap of Project By midterm: Set up, document, and test all possible server (Linux/Windows) and protocol combinations with the native Android client. (95% Completed) Place a web server inside our VPN and have the mobile device access it through a VPN connection. (Completed) By final: Have L2TP/IPSec with Certificates working. Set up an SSL VPN Server (with OpenVPN) Find a client for SSL VPN (without need for rooting) Website for Registration Documentation of how we did what we did If time permits: Set up the native client to automatically reconnect when the connection is lost. CSE591: Virtualization and Cloud Computing
Native Android Client We have successfully set up the native Android VPN client to work with the following configurations: Linux using L2TP Linux using L2TP IPSec PSK Windows using PPTP with no encryption Windows using PPTP with encryption Windows using L2TP IPSec PSK CSE591: Virtualization and Cloud Computing
Native Android Client For each of the configurations we have documented the steps we took to set up the VPN Servers and the VPN clients on the Android device. This allows others to easily reproduce and expand on our work. In the future, we will add more screenshots to this document to help future users with the process. CSE591: Virtualization and Cloud Computing
Web Server inside VPN We have successfully set up a Web Server inside of our VPN testing environment. This allows us to verify that our VPN is working correctly. Once the Android device has connected to the VPN we then see if the device can access the web site hosted on this server, which would otherwise be unavailable. CSE591: Virtualization and Cloud Computing
Summary of Findings Server/ Client Linux ServerWindows Server L2TPL2TP CRT L2TP PSK SSL VPN PPTP w/Enc PPTP No Enc L2TPL2TP CRT L2TP PSK SSL VPN Native Android Client 3 rd Party Android Client CSE591: Virtualization and Cloud Computing
Challenges Faced Setting up the Web Server Dynamic IPs at ASU Setting up Apache Windows Firewall Setting up Linux VPN Servers Limited Documentation Personal solutions provided online Compatibility issues CSE591: Virtualization and Cloud Computing
Questions? CSE591: Virtualization and Cloud Computing