Top Banner

Click here to load reader

VPN

Nov 14, 2014

ReportDownload

Documents

henry

remote insecure

networking overview

electronics http

install use

world http

pc partial solution

opensource alternatives

secure use

Serious VPN && !(Serious Cost)a.k.a. don't pay to go-to-your-pc

Jeremy Willden Open Source Enthusiast Ad Hoc Electronics http://www.adhocelectronics.com/

Internet Security Issue: BGP spoof

Border Gateway Protocol handles major routing Unencrypted traffic can be monitored or modified from anywhere in the world

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

Networking Overview

Firewalls and NAT

Networking Overview

Networking Overview

Networking Overview

Networking Overview

Remote Access

Problem: how to remote control your PC Partial Solution: VNC Server & Client

Remote Access

Remote Access

Remote Access

Problem: how to remote control your PC Partial Solution: VNC Server & Client Google VNC or check sourceforge.net Use password authentication Port forwarding (5900) remote - insecure! Solution isn't complete

It's not secure, only allows one service (port) Separate port for each client

Securely Connecting Networks

Virtual Private Network (VPN) Data encrypted between networks Many closed and open-source alternatives

Many get broken by NAT, or are limited by it Proprietary ones may only be obscure, not secure Use the same code base as eCommerce, TLS/SSL Take it further: not just one service/port

Ideal: open/free, well tested, reviewed

Why OpenVPN?

Uses OpenSSL (TLS)

Heavily tested, SSL is used for HTTPS Many ciphers (Blowfish, AES 128/256, many more) Free as in Freedom Available ready to deploy on many platforms

Linux/Mac/Windows Router (embedded) firmware Certificate revocation without re-keying

Public Key Infrastructure

TLS (SSL) Handshake

Random keys exchanged using public key cryptography, prevents man-in-middle attacks

Image Copyleft Christian Friedrich, licensed under GFDL, with spelling corrections. Source: Wikimedia

TLS (SSL) Handshake

Image Copyleft Christian Friedrich, licensed under GFDL, with spelling corrections. Source: Wikimedia

General Setup-Linux

http://openvpn.net/index.php/documentation/howto.html

Pull down the source from openvpn.net

http://www.oberhumer.com/opensource/lzo/download/lzo-2.03.tar.gz http://openvpn.net/release/openvpn-2.0.9.tar.gz Unzip/untar: tar -xzf ./lzo-2.03.tar.gz, tar -xzf ./openvpn-2.0.9.tar.gz cd into each folder, do ./configure, make, make install

Use yum or apt-get (yum -y install openvpn) Download RPMs (including dependencies)

rpm -ivh (path to each RPM, one at a time)

chkconfig openvpn on (to auto-start)

General Setup-Windows

Install Windows package from openvpn.net

Related Documents See more >
Cisco Group Encrypted Transport VPN Technical Overview MPLS VPN Network VPN A VPN A VPN A VPN A VPN
Cisco Group Encrypted Transport VPN Technical Overview MPLS....
Category: Documents
Advanced VPN Setup on the CVR100W VPN Router Advanced VPN Setup on the CVR100W VPN Router Objective
Advanced VPN Setup on the CVR100W VPN Router Advanced VPN...
Category: Documents
VPN with Mobile Devices revisited - strongSwan VPN Routing ohne Virtuelle IP Adresse VPN Gateway VPN
VPN with Mobile Devices revisited - strongSwan VPN Routing.....
Category: Documents
EVR100 VPN Tunnel Configuration Guide v1.2 - VPN Tunnel Configuration...Wireless Gigabit VPN Router EVR100 VPN Configuration Guide Wireless N VPN Router with Gigabit Switch V1.0
EVR100 VPN Tunnel Configuration Guide v1.2 - VPN Tunnel...
Category: Documents
VPN in 5 Minuten - bintec-elmeg.com VPN in 5 Minuten bintec VPN Gatewaybintec VPN Gateway Konfigurationsanleitung
VPN in 5 Minuten - bintec-elmeg.com VPN in 5 Minuten bintec....
Category: Documents
SL Router VPN With SafeNet VPN Client_appnote_v1_3
SL Router VPN With SafeNet VPN Client_appnote_v1_3
Category: Documents