Top Banner

Click here to load reader

VPN

Nov 14, 2014

ReportDownload

Documents

henry

Serious VPN && !(Serious Cost)a.k.a. don't pay to go-to-your-pc

Jeremy Willden Open Source Enthusiast Ad Hoc Electronics http://www.adhocelectronics.com/

Internet Security Issue: BGP spoof

Border Gateway Protocol handles major routing Unencrypted traffic can be monitored or modified from anywhere in the world

http://blog.wired.com/27bstroke6/2008/08/revealed-the-in.html

Networking Overview

Firewalls and NAT

Networking Overview

Networking Overview

Networking Overview

Networking Overview

Remote Access

Problem: how to remote control your PC Partial Solution: VNC Server & Client

Remote Access

Remote Access

Remote Access

Problem: how to remote control your PC Partial Solution: VNC Server & Client Google VNC or check sourceforge.net Use password authentication Port forwarding (5900) remote - insecure! Solution isn't complete

It's not secure, only allows one service (port) Separate port for each client

Securely Connecting Networks

Virtual Private Network (VPN) Data encrypted between networks Many closed and open-source alternatives

Many get broken by NAT, or are limited by it Proprietary ones may only be obscure, not secure Use the same code base as eCommerce, TLS/SSL Take it further: not just one service/port

Ideal: open/free, well tested, reviewed

Why OpenVPN?

Uses OpenSSL (TLS)

Heavily tested, SSL is used for HTTPS Many ciphers (Blowfish, AES 128/256, many more) Free as in Freedom Available ready to deploy on many platforms

Linux/Mac/Windows Router (embedded) firmware Certificate revocation without re-keying

Public Key Infrastructure

TLS (SSL) Handshake

Random keys exchanged using public key cryptography, prevents man-in-middle attacks

Image Copyleft Christian Friedrich, licensed under GFDL, with spelling corrections. Source: Wikimedia

TLS (SSL) Handshake

Image Copyleft Christian Friedrich, licensed under GFDL, with spelling corrections. Source: Wikimedia

General Setup-Linux

http://openvpn.net/index.php/documentation/howto.html

Pull down the source from openvpn.net

http://www.oberhumer.com/opensource/lzo/download/lzo-2.03.tar.gz http://openvpn.net/release/openvpn-2.0.9.tar.gz Unzip/untar: tar -xzf ./lzo-2.03.tar.gz, tar -xzf ./openvpn-2.0.9.tar.gz cd into each folder, do ./configure, make, make install

Use yum or apt-get (yum -y install openvpn) Download RPMs (including dependencies)

rpm -ivh (path to each RPM, one at a time)

chkconfig openvpn on (to auto-start)

General Setup-Windows

Install Windows package from openvpn.net