Cheap vpn
-
Upload
swarup-kumar-mall -
Category
Documents
-
view
173 -
download
0
Transcript of Cheap vpn
What is a VPN?
● There are two ways to connect remote sites:– Use a dedicated line (a private network).– Use the Internet.
● Not private, so need to secure the connection.● Want to keep internal network hidden from Internet.● Want to allow two sites to access LAN at each site as if
part of same network.● The secure access using the Internet instead of a dedicated
line is what makes it a Virtual, Private Network.
Why VPNs?
● Connect two sites.● Allow remote access by individual users.
Two Sites
Two Sites – One Virtual Site
Tunnel Technologies
● IPSec● CIPE● PPTP● SSH + PPP
What is SSH?
● Secure Shell (think encrypted telnet).● Allows secure access across the Internet.● Can also provide tunneling of individual ports.
– e.g., Allow X11 to securely pass back to remote system.
● Can act as transport for ppp.
PPP
● Point-to-Point Protocol– Usually used with serial connections.– Provides IP connection between two points.
● Establishes IP address at both ends of connection.● IP traffic can be routed over PPP connection.
Setting up SSH
● Set up shared keys on both systems:– This allows connecting without using the password to
the account on the remote system.– Can use a passphrase for the key or not.– Can use different kinds of keys (e.g., RSA, DSA)– Command is: ssh-keygen– Edit 'authorized_keys' file on each system to enable
access by other system
Setting up PPP
● Make sure pppd is setuid.● Have /etc/pppd/options contain:
– lock– noauth
● Optional: set up /etc/ppp/ip-up.local to establish routing to remote network.
● Make sure to move any ~/.ppprc files out of the way.
Making it simple: footunnel
● A script that does the job of starting the VPN– starts ssh and ppp
● Usage:– footunnel [-u user] [-l local-addr] [-r addr] remotesys
The script: footunnel
● Gets the passphrase for ssh.● Starts pppd
– Starts pppd on remote system via ssh connection, which is the secure transport for the tunnel.
● Monitors the connection.● Cleans up when connection is torn down (i.e.,
stops ssh-agent).
Simple Performance comparison
No VPNtime=6 sec.
Copy w/ VPN Mid-transfer End of transfertime = 58 sec.
File size=17,515 kB
Uses for the script
● Site to site.● Home to work.● Work to home.● Wireless connection.
Wireless Example
Resources
● Book: “Building Linux Virtual Private Networks (VPNs)” - Oleg Kolesnikov, Brian Hatch; published by New Riders
● www.buildinglinuxvpns.com (for above book)
● VPN-HOWTO
● http://vpn.shmoo.com/vpn/FAQ.html
● For IPSec: www.freeswan.org
● For CIPE: http://sites.inka.de/bigred/devel/cipe.html
● For SSH: www.openssh.org
● mahon.cwx.net