Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Open VPN Using IPV6
Transcript of Open VPN Using IPV6
(m1003074) OPEN VPN USING IPV6
IPv6 is designed to solve the problems of IPV4 like mobility, auto-configuration, overall extensibility.
IPv6 has 128-bit (16-byte) source and destination IP addresses. Although 128 bits can express over 3.4´1038 possible combinations, the large address space of IPv6 has been designed to allow for multiple levels of subnetting and address allocation from the Internet to the individual subnets within an organization. WHAT IS IPV6?
The extended address length offered by IPv6 eliminates the need to use techniques such as network address translation to avoid running out of the available address space.
IPv6 contains addressing and control information to route packets for the next generation Internet WHY NEED IPV6?
Now the mechanism by which OpenVPN connects computer A with computer B is this: It simply creates an encrypted UDP connection over the internet between A and B and forwards traffic between on A with on B. Because of the way in which the drivers were designed, it is possible for a program running entirely in user-space to effect this link, allowing OpenVPN to be a portable cross-platform , rather than an OS-specific kernel module (like IPSec). WHAT IS OPENVPN ? Fundamentally, a VPN is a set of tools which allow networks at different locations to be securely connected, using a public network as the transport layer.
VPNs use cryptography to provide protections against eavesdropping and active attacks.
VPNs are most commonly used today for telecommuting and linking branch offices via secure WANs. How VPN is different from other security software? OpenVPN tries to take advantage of all the capabilities which are possible to a user space VPN.
Familiar daemon-style usage.
No kernel modifications required.
State-of-the-art cryptography layer provided by the OpenSSL library
FEATURES OF OPENVPN IPSec— IPSec consists of a suite of protocols designed to protect IP traffic between security gateways or hosts as it transits an intervening network. IPsec tunnels are often used to build a site-to-site between CE devices (CE-based VPNs).
GRE— GRE can be used to construct tunnels and transport multiprotocol traffic between CE devices in a VPN. GRE has little or no inherent security, but GRE tunnels can be protected using IPSec.
Draft Martini (Any Transport over MPLS [AToM])— Draft Martini transport allows point-to-point transport of protocols such as Frame Relay, ATM, Ethernet, Ethernet VLAN (802.1Q), High-Level Data Link Control (HDLC), and PPP traffic over MPLS.
L2TPv3— L2TPv3 allows the point-to-point transport of protocols such as Frame Relay, ATM, Ethernet, Ethernet VLAN, HDLC, and PPP traffic over an IP or other backbone. VPN Technologies and Protocols
IEEE 802.1Q tunnelling (Q-in-Q)— 802.1Q tunnelling allows a service provider to tunnel tagged Ethernet (802.1Q) customer traffic over a shared backbone. Customer 802.1Q traffic is tunnelled over the shared provider backbone by prepending another 802.1Q tag.
MPLS LSPs— An LSP is a path via Label Switch Routers (LSR) in an MPLS network. Packets are switched based on labels prepended to the packet. LSPs may be signalled using the Tag Distribution Protocol (TDP), the Label Distribution Protocol (LDP), or the Resource Reservation Protocol (RSVP). The Layer Two Forwarding (L2F) Protocol— L2F is a Cisco proprietary protocol It is designed to allow the tunneling of PPP (or Serial Line Interface Protocol [SLIP]) frames between a NAS and a VPN gateway device located at a central site.
The Point-to-Point Tunneling Protocol (PPTP)—PPTP is a protocol that was developed by a consortium of vendors, including Microsoft, 3Com, and Ascend Communications. Like L2F, PPTP allows the tunneling of remote access client PPP frames between a NAS and a VPN gateway/concentrator.
The Layer 2 Tunneling Protocol versions 2 and 3 (L2TPv2/L2TPv3)— L2TP is an Internet Engineering Task Force (IETF) standard and combines the best features of L2F and PPTP. FOR ENABLE REMOTE ACCESS VPNs Secure Sockets Layer.
Protects a communication channel.
Uses public key encryption.
Works at the transport layer/session layer.
Optional client authentication. SSL Overview SERVER INSTALLATION
To install OpenVPN :
sudo apt-get install openvpn
OPEN VPN INSTALLATION The first step in building an OpenVPN configuration is to establish a PKI (public key infrastructure). The PKI consists of:
Separate certificate (also known as a public key) and private key for the server and each client.
Master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.
OpenVPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established.
Both server and client will authenticate the other by first verifying that the presented certificate was signed by the master certificate authority (CA), and then by testing information in the now-authenticated certificate header, such as the certificate common name or certificate type (client or server). Public Key Infrastructure Setup To setup your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients first copy the easy-rsa directory to /etc/openvpn. This will ensure that any changes to the scripts will not be lost when the package is updated. From a terminal change to user root and:
1. mkdir /etc/openvpn/easy-rsa/
2. cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
Certificate Authority Setup 1.cd /etc/openvpn/easy-rsa/
./build-key-server myservername Certificate Authority (CA) certificate and key A Diffie-Hellman group to determine the strength of the encryption-key determination algorithm. The security appliance uses this algorithm to derive the encryption and hash keys.
To generate Diffie Hellman parameter
./build-dh Diffie Hellman parameters 1.cd /etc/openvpn/easy-rsa
3 ./build-key client1 Client Certificates Security provisions that function against both active and passive attacks
Compatibility with all major operating systems .
High speed (1.4 megabytes per second is typical).
Ability to configure multiple servers to handle numerous connections simultaneously.
All encryption and authentication features of the OpenSSL library.
Advanced bandwidth management.
A variety of tunneling options. Advantages of open vpn 1. VPNs require an in-depth understanding of public network security issues and proper deployment of precautions.
2. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control.
3. VPN technologies from different vendors may not work well together due to immature standards.
4. VPNs need to accommodate protocols other than IP and existing ("legacy") internal network technology. Disadvantages of VPNs Secure remote access for users anywhere, anytime.
Easy setup, configuration, use and maintenance.
Affordable for widespread corporate use.
End-user friendly: There should be no obvious performance problems, no major usage hoops to jump through, no gotchas or other downsides to regular/frequent use.
OBJECTIVE For Cisco routers ISO version 12.2(24).
Linux Ubuntu version 12.10.
Open vpn version 2.2.1 or 2.3.
ASA Firewall ISO Image. RESOURCES http://www.openvpn.eu
Beginning OpenVPN 2.0.9
by Markus Feilner and Norbert Gra
OpenVPN: Virtual Private Network, Pre-Shared Key, Certificate Authority, NetBSD, FreeBSD, OpenBSD, Linux, Solaris (Operating System), Transport Layer Security
by Lambert M. Surhone, Miriam T. Timpledon and Susan F. Marseken REFERENCES THANK YOU