Presentation is loading. Please wait.

Presentation is loading. Please wait.

PSeries Technical Conference L19 Brian Dolan-Goecke Atlanta, GeorgiaOctober 8-12, 2001 Linux VPN.

PublishAnn Joseph Modified over 9 years ago

Similar presentations

Presentation on theme: "PSeries Technical Conference L19 Brian Dolan-Goecke Atlanta, GeorgiaOctober 8-12, 2001 Linux VPN."— Presentation transcript:

1 pSeries Technical Conference L19 Brian Dolan-Goecke Atlanta, GeorgiaOctober 8-12, 2001 Linux VPN

2 pSeries Technical Conference Brian Dolan-Goecke

3 pSeries Technical Conference Contact Email: Brian@Goecke-Dolan.comBrian@Goecke-Dolan.com WebSite: www.Goecke-Dolan.com/Brianwww.Goecke Phone: (612) 759-0967

4 pSeries Technical Conference Linux VPN We will explain and build a basic Virtual Private Network (VPN) on Linux. We will begin this session looking at VPNs and how they work. Then investigate some of the solutions for building VPNs on Linux. Finally we will build a basic VPN across the Internet with Linux. A good understanding of TCP/IP and networking is preferred.

5 pSeries Technical Conference Session Objectives Issues to consider when building a VPN - How it works - What is needed - What technology to use Some Linux VPN options Build a basic VPN

6 pSeries Technical Conference VPN Definition Virtual Private Network A secure network connection across an insecure network.

7 pSeries Technical Conference VPN Definition Virtual Private Network (VPN) The use of encryption in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet. VPNs are generally cheaper than real private networks using private lines but rely on having the same encryption system at both ends. The encryption may be performed by firewall software or possibly by routers. Link-level (layer 2 and 3) encryption provides extra protection by encrypting all of each datagram except the link-level information. This prevents a listener from obtaining information about network structure. While link-level encryption prevents traffic analysis (a form of attack), it must encrypt/decrypt on every hop and every path. Protocol-level encryption (layer 3 and 4) encryption encrypts protocol data but leaves protocol and link headers clear. While protocol-level encryption requires you to encrypt/decrypt data only once, and it encrypts/decrypts only those sessions that need it, headers are sent as clear text, allowing traffic analysis. Application (layer 5 up) encryption is based on a particular application and requires that the application be modified to incorporate encryption. Cisco. (1999-11-15)

8 pSeries Technical Conference VPN Explanation

9 pSeries Technical Conference Connection Type Typical Internet Connection Traditional Remote Corporate Connection VPN Remote Cooperate Connection Detailed VPN Connection

10 pSeries Technical Conference Internet Connection

11 pSeries Technical Conference Traditional Connection

12 pSeries Technical Conference VPN Connection

13 pSeries Technical Conference VPN Connection Detail

14 pSeries Technical Conference How Does It Work ? 1) A host encrypts and encapsulates network packets in network packets. 2) Packets are transmitted to a remote host, via an insecure network. 3) The remote host will de-encapsulate and decrypt the network packets. 4) The original network packets are then forwarded to the local network.

15 pSeries Technical Conference How VPN Works

16 pSeries Technical Conference Why Have a VPN Secure access to corporate resources Fast access Less expensive infrastructure Easier access to corporate resources One connection for Internet and corporate

17 pSeries Technical Conference Why Not to have a VPN Higher cost of administration Can make your site more visible Need to be more security proactive Large possible security risk Requires more powerful systems

18 pSeries Technical Conference What is Needed ? Host Computers Network Connections VPN Software

19 pSeries Technical Conference Linux VPN Options

20 pSeries Technical Conference Available Linux VPNs Low Cost (Free) Solutions GRE CIPE IPIP PPTP SSH port forwarding IPSec

21 pSeries Technical Conference Available Linux VPNs Non-Free Solutions AltVista Tunnel CheckPoint FireWall-1 IPSec Many More...

22 pSeries Technical Conference VPN We Will Investigate GRE CIPE IPSec PPTP

23 pSeries Technical Conference Linux GRE Developed by: Cisco Available from: Part of standard Linux Kernel tarball Resources: RFC 2401 (and more...)

24 pSeries Technical Conference Linux GRE Advantages Free Comes with Linux Kernel tarball Works with cisco routers Tried and tested Can work through Masq/NAT Works with IPv6

25 pSeries Technical Conference Linux GRE Disadvantages No encryption

26 pSeries Technical Conference Linux CIPE Developed by: Olaf Titzl Available at: http://sites.inka.de/~bigred/devel/cipe.html Resources: http://sites.inka.de/~bigred/devel/cipe.html

27 pSeries Technical Conference Linux CIPE Advantages Built for VPN Can use blowfish or PKE encryption Works through/with SOCKS, NAT, Dynamic IP Free

28 pSeries Technical Conference Linux CIPE Disadvantages Uses udp (for good reason) Seems slow now and then Only works for IPv4

29 pSeries Technical Conference Linux IPSec Developed by: FreeS/WAN (Linux Version) Available at: http://www.freeswan.org/download.html Resources: http://www.freeswan.org

30 pSeries Technical Conference IPSec Advantages Should work across platform/vendors/devices Will work with IPv6

31 pSeries Technical Conference IPSec Disadvantages Difficult to implement Has problems with NAT/Masq Problems with authentication

32 pSeries Technical Conference Linux PPTP Developed by: Matthew Ramsay, Kevin Thayer, David Luyer, Patrick LoPresti, Philip Van Baren, Peter Galbavy and more Available at: http://poptop.lineo.com/download_pptp.html Resources: http://poptop.lineo.com/

33 pSeries Technical Conference Linux PPTP Advantages Compatible with Microsoft Can be server or client

34 pSeries Technical Conference Linux PPTP Disadvantages Compatible with Microsoft Has some security holes

35 pSeries Technical Conference Build Linux VPN!

36 pSeries Technical Conference VPNs to Create GRE CIPE

37 pSeries Technical Conference Need Software IP and Network Address IPChains config Routing

38 pSeries Technical Conference Tools We Will Use ifconfig route ipchains

39 pSeries Technical Conference VPN Basics Define devices Create devices Connect devices Adjust routing/ipchains

40 pSeries Technical Conference GRE Steps Determine IP addresses & network Load module Configure GRE tunnel Setup routing Modify IPChains

41 pSeries Technical Conference CIPE Steps Determine IP addresses & network Download software Compile software Configure software Load module Start ciped daemon Set up routing Modify IPChains

42 pSeries Technical Conference CIPE Notes Can handle up to 99 devices Auto-creates devices Use "device ciped0" option in config file

43 pSeries Technical Conference CIPE Config File #/etc/cipe/options # Surprise, this file allows comments (but only on a line by themselves) debug=yes # This is probably the minimal set of options that has to be set # Without a "device" line, the device is picked dynamically device ciped # the peer's IP address ptpaddr 10.2.13.1 # our CIPE device's IP address ipaddr 192.168.13.1 # my UDP address. Note: if you set port 0 here, the system will pick # one and tell it to you via the ip-up script. Same holds for IP 0.0.0.0. #me bigred.inka.de:6789 me 127.0.0.1:2048 #...and the UDP address we connect to. Of course no wildcards here. #peer blackforest.inka.de:6543 peer 192.172.18.34:2048 # The static key. Keep this file secret! # The key is 128 bits in hexadecimal notation. key 3333fd20adf9c0ccf9eff2393bbb3e41

44 pSeries Technical Conference Other Issue DNS Broadcast or Not Authentication

45 pSeries Technical Conference Resources Linux Docs -- www.linuxdoc.orgwww.linuxdoc.org - Linux Route2 HowTo - Linux Masquerade HowTo - Linux VPN HowTo - Linux Network Administrators Guide (NAG) Virtual Private Network Consortium -- www.vpnc.orgwww.vpnc.org FreeS/WAN IPSec -- www.freeswan.orgwww.freeswan.org

46 pSeries Technical Conference Books IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks By Naganand Doraswamy & Dan Harkins Prentice Hall, 1999 www.phptr.com Virtual Private Networks, 2nd Edition By Charlie Scott, Paul Wolfe & Mike Erwin 2nd Edition December 1998 www.ora.com

47 pSeries Technical Conference Version Info Brian Dolan-Goecke Brian@Goecke-Dolan.com http://www.goecke-dolan.com/Brian/Presentations Linux VPN Presentation Version 1.4 10/10/2001

Download ppt "PSeries Technical Conference L19 Brian Dolan-Goecke Atlanta, GeorgiaOctober 8-12, 2001 Linux VPN."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.

COS 420 Day 20. Agenda Group Project Discussion Protocol Definition Due April 12 Paperwork Due April 29 Assignment 3 Due Assignment 4 is posted Last Assignment.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Internet Security Seminar Class CS591 Presentation Topic: VPN.

Internet Security Seminar Class CS591 Presentation Topic: VPN.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Network Security Philadelphia UniversitylAhmad Al-Ghoul 2010-20111 Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 12 Module 12 Virtual Private Networks  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.

Similar presentations

Ads by Google