The Poor Person's VPN - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

The Poor Person's VPN

Description:

There are two ways to connect remote sites: Use a dedicated line (a private network) ... Want to allow two sites to access LAN at each site as if part of same network. ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 17
Provided by: maho9
Category:
Tags: vpn | person | poor

less

Transcript and Presenter's Notes

Title: The Poor Person's VPN


1
The Poor Person's VPN
  • Or is it The Lazy Person's VPN?

Hugh Mahon - hm_at_mahon.cwx.net
2
What is a VPN?
  • There are two ways to connect remote sites
  • Use a dedicated line (a private network).
  • Use the Internet.
  • Not private, so need to secure the connection.
  • Want to keep internal network hidden from
    Internet.
  • Want to allow two sites to access LAN at each
    site as if part of same network.
  • The secure access using the Internet instead of a
    dedicated line is what makes it a Virtual,
    Private Network.

3
Why VPNs?
  • Connect two sites.
  • Allow remote access by individual users.

4
Two Sites
5
Two Sites One Virtual Site
6
Tunnel Technologies
  • IPSec
  • CIPE
  • PPTP
  • SSH PPP

7
What is SSH?
  • Secure Shell (think encrypted telnet).
  • Allows secure access across the Internet.
  • Can also provide tunneling of individual ports.
  • e.g., Allow X11 to securely pass back to remote
    system.
  • Can act as transport for ppp.

8
PPP
  • Point-to-Point Protocol
  • Usually used with serial connections.
  • Provides IP connection between two points.
  • Establishes IP address at both ends of
    connection.
  • IP traffic can be routed over PPP connection.

9
Setting up SSH
  • Set up shared keys on both systems
  • This allows connecting without using the password
    to the account on the remote system.
  • Can use a passphrase for the key or not.
  • Can use different kinds of keys (e.g., RSA, DSA)
  • Command is ssh-keygen
  • Edit 'authorized_keys' file on each system to
    enable access by other system

10
Setting up PPP
  • Make sure pppd is setuid.
  • Have /etc/pppd/options contain
  • lock
  • noauth
  • Optional set up /etc/ppp/ip-up.local to
    establish routing to remote network.
  • Make sure to move any /.ppprc files out of the
    way.

11
Making it simple footunnel
  • A script that does the job of starting the VPN
  • starts ssh and ppp
  • Usage
  • footunnel -u user -l local-addr -r addr
    remotesys

12
The script footunnel
  • Gets the passphrase for ssh.
  • Starts pppd
  • Starts pppd on remote system via ssh connection,
    which is the secure transport for the tunnel.
  • Monitors the connection.
  • Cleans up when connection is torn down (i.e.,
    stops ssh-agent).

13
Simple Performance comparison
No VPN time6 sec.
Copy w/ VPN
Mid-transfer
End of transfer time 58 sec.
File size17,515 kB
14
Uses for the script
  • Site to site.
  • Home to work.
  • Work to home.
  • Wireless connection.

15
Wireless Example
16
Resources
  • Book Building Linux Virtual Private Networks
    (VPNs) - Oleg Kolesnikov, Brian Hatch published
    by New Riders
  • www.buildinglinuxvpns.com (for above book)
  • VPN-HOWTO
  • http//vpn.shmoo.com/vpn/FAQ.html
  • For IPSec www.freeswan.org
  • For CIPE http//sites.inka.de/bigred/devel/cipe.h
    tml
  • For SSH www.openssh.org
  • mahon.cwx.net
Write a Comment
User Comments (0)
About PowerShow.com