Presentation is loading. Please wait.

Presentation is loading. Please wait.

VPN-Implementation Using UBUNTU OS and OpenVPN and Hamachi in client-server environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi.

Published byRuphin Byamungu Modified over 6 years ago

Similar presentations

Presentation on theme: "VPN-Implementation Using UBUNTU OS and OpenVPN and Hamachi in client-server environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi."— Presentation transcript:

1 Using UBUNTU OS and OpenVPN and Hamachi in Server –Client environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi

2 OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol [9] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and Firewalls - wikipediaopen-sourcevirtual private network [9]SSL/TLSnetwork address translators

3 Update server’s package $ sudo apt –get update Install easy –rsa package $ sudo apt –get install openvpn easy –rsa

4 OpenVPN is an TLS/SSL VPN – it utilizes certificates to encrypt traffic between server and clients Copy the easy-rsa template to home directory $ make-cadir ~/openvpn-ca Move to newly created directory $ cd ~/openvpn-ca

5 To do this open the vars file and edit it $ nano vars Edit the highlighted values to whatever you prefer Also edit the KEY_NAME value to “server”

6 One must be in CA directory and then source the vars file $ cd ~/openvpn-ca $ source vars Then build the root CA $./build –ca ( This initiates the process of building CA)

7 In this step server certificate and key pairs as well as some additional files used during encryption are generated. (a 2048 bit RSA Private Key is generated and written to “Server.key”) A notification is given indicating the time frame for the certificate validation – in this case it is until 2027

8 The process can be done both on the client machine and then signed by the server/CA for security reasons, it is also possible to generate the signed key on the server A single client key can be generated if there is only one client, but the generation process can be repeated as many times as there are clients

9 Configure the OpenVPN Service Adjust the Server Networking Configuratuion Allow IP Forwarding Adjust UFW rules to Masquerade Client Connections Open the OpenVPN Port – allow 1194/udp, Open SSH

10 Start and Enable the OpenVPN Service Create Client Configuration Infrastructure Create the Client Config Directory Structure Create a base Configuration Create a Configuration Generation Script

11 Generate Client Configurations Transfer Configration to Clients Devices – PC, mobile device Install the Client Configuration Windows Linux

12 LogMeIn Hamachi is a virtual private network (VPN) application that is capable of establishing direct links between computers that are behind NAT firewalls without requiring reconfiguration.virtual private networkNAT It establishes a connection over the Internet that emulates the connection that would exist if the computers were connected over a local area network. - Wikipedealocal area network

13

14 LogMeIn Hamachi's security is end-to-end: two Hamachi nodes exchange information with each other after mutual authentication and session key agreement. While node-to-node traffic (that is, regular VPN flow) typically bypasses LogMeIn's servers and is sent directly from one point to the other, even traffic that has to be relayed through a server is secured and encrypted at the endpoints.

15 The LogMeIn servers authenticate Hamachi nodes using an RSA keypair. To log in, the node submits its Hamachi identifier and uses its private key to sign the server's challenge. The server verifies the signature and this authenticates the client. When the node connects to the server, it announces which key it expects the server to have. If the server has the requested key, the login sequence commences.

16 When any two entities exchange data with each other, a key exchange protocol takes place in conjunction with the obligatory authentication phase. The key exchange protocol is Diffie-Hellman with the 2048-bit MODP group as defined in RFC 3526. Once a session key has been established, the AES-256-CBC cipher is used for data encryption and decryption with ESP- style padding as defined in RFC 2406. Packets are authenticated with the HMAC-SHA-1-96 (RFC 2404)

Download ppt "VPN-Implementation Using UBUNTU OS and OpenVPN and Hamachi in client-server environment. By Ruphin Byamungu, Kusinza United States International University-Nairobi."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
M2M Gateway Features Jari Lahti, CTO www.violasystems.com.

M2M Gateway Features Jari Lahti, CTO
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Configuring Routing and Remote Access(RRAS) and Wireless Networking

Configuring Routing and Remote Access(RRAS) and Wireless Networking
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.

12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Secure Socket Layer (SSL)

Secure Socket Layer (SSL)
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Similar presentations

Ads by Google