Presentation is loading. Please wait.

Presentation is loading. Please wait.

VPN Lab 2 Zutao Zhu 04/02/2010. Outline How a packet traverse in VPN How to write socket program Certificate.

Similar presentations


Presentation on theme: "VPN Lab 2 Zutao Zhu 04/02/2010. Outline How a packet traverse in VPN How to write socket program Certificate."— Presentation transcript:

1 VPN Lab 2 Zutao Zhu 04/02/2010

2 Outline How a packet traverse in VPN How to write socket program Certificate

3 Packet Flow

4

5 VMware Port Forwarding How it works?

6 Routing Table Add route to host –# route add -host 192.168.1.2 dev eth0:0 –# route add -host 10.20.30.148 gw 10.20.30.40 Add route to network –# route add -net 10.20.30.40 netmask 255.255.255.248 eth0 # route add -net 10.20.30.48 netmask 255.255.255.248 gw 10.20.30.41 # route add -net 192.168.1.0/24 eth1 Add default route –# route add default gw 192.168.1.1

7 Routing Table Flags Flags Possible flags include U (route is up) H (target is a host) G (use gateway) R (reinstate route for dynamic routing) D (dynamically installed by daemon or redirect) M (modified from routing daemon or redirect) A (installed by addrconf) C (cache entry) ! (reject route)

8 IP Forwarding One machine has more than one network adapter # sysctl -w net.ipv4.ip_forward=1 # sysctl net.ipv4.ip_forward # vi /etc/sysctl.conf net.ipv4.ip_forward = 1

9 Make sure You understand how the packets flow You need to change the IP address in the appropriate point When debugging, print out the values of src_ip, src_port, dst_ip, dst_port in the key points

10 Socket Programming UDP server –sock = socket(AF_INET, SOCK_DGRAM, 0) –Set struct sockaddr_in server_addr (which port you want to use), client_addr –Bind socket to server_addr –Enter infinite loop, recvfrom(sock,recv_data,1024,0, (struct sockaddr *)&client_addr, &addr_len)

11 Socket Programming UDP client –sock = socket(AF_INET, SOCK_DGRAM, 0) –Set struct sockaddr_in server_addr (which port you want to use), client_addr –Enter infinite loop, sendto(sock, send_data, strlen(send_data), 0, (struct sockaddr *)&server_addr, sizeof(struct sockaddr))

12 Certificate Create the configuration file You need to create your own certificates when demo You can define your VPN server’s authenticate policy (for the clients) Design your small protocol to do the key exchange

13 Control and data channels Control one : TCP Data one : UDP

14 Key Exchange Use TCP channel Client changes the session key/IV/etc. Client use the new session key to encrypt the data When server is notified, server also changes the session key for this communication Server can decrypt client’s encrypted data

15 Reference http://www.prasannatech.net/2008/07/sock et-programming-tutorial.htmlhttp://www.prasannatech.net/2008/07/sock et-programming-tutorial.html


Download ppt "VPN Lab 2 Zutao Zhu 04/02/2010. Outline How a packet traverse in VPN How to write socket program Certificate."

Similar presentations


Ads by Google