Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building Distributed Networks using VPNs David R Newman.

Published byGregory Wilson Modified over 6 years ago

Similar presentations

Presentation on theme: "Building Distributed Networks using VPNs David R Newman."— Presentation transcript:

1 Building Distributed Networks using VPNs David R Newman

2 VPN – Virtual Private Network
A Definition VPN – Virtual Private Network A virtual network that is constructed across the Internet (or other public network) to connect two or more parts of a private network.

3 OSI Model

4 Types of VPN On top of Data Link Layer On top of Network Layer
L2TP/IPsec - Layer 2 Tunnelling Protocol / Internet Protocol security VPLS – Virtual Private LAN Service On top of Network Layer PPTP – Point-to-Point Tunnelling Protocol SSH – Secure Shell VPRN – Virtual Private Routed Network DTLS – Data Transport Layer Security TLS – Transport Layer Security E.g. OpenVPN

5 Server and Clients

6 Why OpenVPN? Open Source
High connection speed (relative to available bandwidth) Secure Makes it is easy to bypass NATs and Firewalls Well-supported by OpenWRT Extensively configurable

7 OpenVPN Server (1) server 10.13.112.112 255.255.255.252
local port 5044 proto udp dev tap55 ca /etc/openvpn/package_managment/node_control_2015.crt cert /etc/openvpn/package_managment/server- node_control_2015.crt key /etc/openvpn/package_managment/server- node_control_2015.crt.key dh /etc/openvpn/dh1024.pem push "route " push "route " push "dhcp-option DNS "

8 OpenVPN Server (2) client-connect "/etc/openvpn/client-routes/connect- node308" client-disconnect "/etc/openvpn/client- routes/disconnect-node308" client-to-client keepalive user openvpn group openvpn persist-key persist-tun log /var/log/openvpn/server55.log status /var/log/openvpn/server55-status.log verb 3 script-security 3 system

9 OpenVPN Client client remote sown-auth2.ecs.soton.ac.uk 5044
proto udp dev tap ca /etc/sown/node_control_2015.crt cert /etc/sown/client.crt key /etc/sown/client.key down /etc/sown/events/tunnel_down up /etc/sown/events/tunnel_up nobind resolv-retry infinite user nobody group nogroup persist-key verb 3 script-security 2

10 Now For Some Magic!!!

11 /27 /24 /30 Saving Address Space = 32 addresses = 256 addresses
/30 = 4 addresses

12 Proxying to a VPN Server
sown-auth2 DNAT + ACCEPT SNAT sown-vpn2 Firewall

13 IPv6 Tunnelbroker Sound Familiar?
Provides globally routable IPv6 networking to isolated LANs. Replacement for discontinued SIXXS tunnel broker. Intended for existing and new research projects that require IPv6 connectivity in unusual locations. Needs to be easy to configure client side across a number of different platforms. Needs to easily bypass NATs and Firewalls whilst having a high level of security. Sound Familiar?

14 Users of IPv6 Tunnelbroker

15 How Things Get IPv6 from the Tunnelbroker
brain Generate a client config tarball on tunnelbroker. Deploy tarball on interface Raspberry pi Get OpenVPN client on interface to connect to server on tunnelbroker IPv6 addresses configured using RADVD. Devices inside the University firewall can connect to all the pis. 2001:630:d0:f301: ba27:ebff:fe8e:6270 2001:630:d0:f300::1 mech 2001:630:d0:f301: ba27:ebff:fe86:f3ba interface 2001:630:d0:f300::1001 2001:630:d0:f301::1 left-eye 2001:630:d0:f301: ba27:ebff:fe9f:d0e7 right-eye 2001:630:d0:f301: ba27:ebff:fe33:9304

16 Further Reading OSI vs. TCP/IP Model Picking a VPN
between-osi-seven-layer-network-model-and-tcpip Picking a VPN ikev2/ OpenVPN Documentation OpenVPN on OpenWRT Wide Area Wi-Fi

17 Future SOWN Talks Firmware Development for Embedded Devices
– Chris Malton A Mechanism for Global Distributed Authentication – David Newman Administering the SOWN Network – David Newman and Chris Malton

18 Questions?

Download ppt "Building Distributed Networks using VPNs David R Newman."

Similar presentations

Www.sown.org.uk Southampton Open Wireless Network The Topology Talk.

Southampton Open Wireless Network The Topology Talk.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.

Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)

Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Virtual Private Networking with OpenVPN Wim Kerkhoff Fraser Valley Linux Users Group April 15, 2004.

Virtual Private Networking with OpenVPN Wim Kerkhoff Fraser Valley Linux Users Group April 15, 2004.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
VPN Protocol. -2--2- What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.

VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.
Module 4: Designing Routing and Switching Requirements.

Module 4: Designing Routing and Switching Requirements.

Similar presentations

Ads by Google