Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IPSec Lab. 2 Install openvpn To install openvpn type: To install openvpn type: yum install openvpnyum install openvpn Note: both openvpn and lzo are.

Published byShannon Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "1 IPSec Lab. 2 Install openvpn To install openvpn type: To install openvpn type: yum install openvpnyum install openvpn Note: both openvpn and lzo are."— Presentation transcript:

1 1 IPSec Lab

2 2 Install openvpn To install openvpn type: To install openvpn type: yum install openvpnyum install openvpn Note: both openvpn and lzo are installed Note: both openvpn and lzo are installed To see what they are type: To see what they are type: rpm –qi openvpnrpm –qi openvpn rpm –qi lzorpm –qi lzo rpm –qi opensslrpm –qi openssl

3 3 Set Up Determine who’s left and who’s right Determine who’s left and who’s right Exchange IP addresses Exchange IP addresses Ping each others address to make sure you have connectivity Ping each others address to make sure you have connectivity Verify /dev/net/tun device file was created Verify /dev/net/tun device file was created Create an account for your partner using useradd and passwd Create an account for your partner using useradd and passwd

4 4 Check/Set Firewall Check to see if firewall is running: Check to see if firewall is running: iptables –L -niptables –L -n Insert firewall rule to allow VPN Insert firewall rule to allow VPN iptables -I RH-Firewall-1-INPUT -p udp --dport 1194 -j ACCEPTiptables -I RH-Firewall-1-INPUT -p udp --dport 1194 -j ACCEPT

5 5 VPN Configuration Change to the following directory: Change to the following directory: /usr/share/doc/openvpn-2.1//usr/share/doc/openvpn-2.1/ Look around…lot’s of information here Look around…lot’s of information here Change into the sample-config-files directory Change into the sample-config-files directory For the purpose of simplicity we will use config files posted on wildbill.org For the purpose of simplicity we will use config files posted on wildbill.org right = right.conf.txtright = right.conf.txt left = left.conf.txtleft = left.conf.txt Copy the right or left config files to /etc/openvpn (depending if you were right or left)Copy the right or left config files to /etc/openvpn (depending if you were right or left)

6 6 VPN Configuration Rename the conf file you downloaded to openvpn.conf Rename the conf file you downloaded to openvpn.conf Now we will edit the /etc/openvpn/openvpn.conf file Now we will edit the /etc/openvpn/openvpn.conf file Only the left file needs to be changed by adding the ip address of the right Only the left file needs to be changed by adding the ip address of the right

7 7 VPN Configuration Now one of you has to generate a shared key that will encrypt the tunnel Now one of you has to generate a shared key that will encrypt the tunnel openvpn --genkey --secret static.keyopenvpn --genkey --secret static.key Now copy that to your partner’s PC Now copy that to your partner’s PC He can then (as root) copy it into the /etc/openvpn directory He can then (as root) copy it into the /etc/openvpn directory Note: the same static.key file must be in both /etc/openvpn directories Note: the same static.key file must be in both /etc/openvpn directories

8 8 Starting the VPN On both servers type: On both servers type: service openvpn startservice openvpn start Check to see if the tunnel interface came up: Check to see if the tunnel interface came up: ifconfigifconfig You should see an interface called tun0 You should see an interface called tun0 Now try pinging each other Now try pinging each other ping 10.8.0.1 from the leftping 10.8.0.1 from the left ping 10.8.0.2 from the rightping 10.8.0.2 from the right

9 9 Check the Connection Using tcpdump you can verify the connection Using tcpdump you can verify the connection start a ping from one side to 10.8.0.xstart a ping from one side to 10.8.0.x while on the other side start a tcpdump against the tunnel interfacewhile on the other side start a tcpdump against the tunnel interface tcpdump –I tun0 tcpdump –I tun0 And against unencrypted interfaceAnd against unencrypted interface tcpdump –I eth0 host tcpdump –I eth0 host

10 10 More OpenVPN information Home Page: Home Page: http://www.openvpn.nethttp://www.openvpn.nethttp://www.openvpn.net Howto Howto http://openvpn.net/howto.htmlhttp://openvpn.net/howto.htmlhttp://openvpn.net/howto.html Other VPN applications: Other VPN applications: Free S/WAN (http://www.freeswan.org)Free S/WAN (http://www.freeswan.org)http://www.freeswan.org Stunnel (http://stunnel.mirt.net)Stunnel (http://stunnel.mirt.net)

11 11 An alternate reality

Download ppt "1 IPSec Lab. 2 Install openvpn To install openvpn type: To install openvpn type: yum install openvpnyum install openvpn Note: both openvpn and lzo are."

Similar presentations

Untangle and OpenVPN.

Untangle and OpenVPN.
Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.
VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.

VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.
Workshop 5: IPSec Security Ricky Mok 4 Apr 2014. Preparation Group yourself into groups of 2 people. – You will take turn to be “client” and “server”.

Workshop 5: IPSec Security Ricky Mok 4 Apr Preparation Group yourself into groups of 2 people. – You will take turn to be “client” and “server”.
VPN Lab Zutao Zhu 03/26/2010. Outline VPN VPN Setup in VMWare VPN tasks OpenSSL How to Write Socket Programs using OpenSSL APIs.

VPN Lab Zutao Zhu 03/26/2010. Outline VPN VPN Setup in VMWare VPN tasks OpenSSL How to Write Socket Programs using OpenSSL APIs.
XP Road Warrior Connection By: Darren Critchley. What is Road Warrior? Remote client such as a salesperson who needs to connect to the main office LAN.

XP Road Warrior Connection By: Darren Critchley. What is Road Warrior? Remote client such as a salesperson who needs to connect to the main office LAN.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Installing and running FreeS/WAN. What is FreeS/WAN An implementation of IpSec for Linux –Can be found at www.freeswan.org Helps setup encrypted and/or.

Installing and running FreeS/WAN. What is FreeS/WAN An implementation of IpSec for Linux –Can be found at Helps setup encrypted and/or.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,

1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
Installing Ricoh Driver. Items you need to know IP address of Printer Options that are installed And Paper Sizes To get all this information you can print.

Installing Ricoh Driver. Items you need to know IP address of Printer Options that are installed And Paper Sizes To get all this information you can print.
Untangle and OpenVPN. ‏ What is OpenVPN? Allows secure remote connection Based on SSL Uses UDP 1194 Supports – Site to Site (hardware to hardware) – Site.

Untangle and OpenVPN. ‏ What is OpenVPN? Allows secure remote connection Based on SSL Uses UDP 1194 Supports – Site to Site (hardware to hardware) – Site.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria.

CIS 193A – Lesson10 Protecting Your Network. CIS 193A – Lesson10 Focus Question What information contained in packets can be used as matching criteria.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.

Similar presentations

Ads by Google