Logo en.artbmxmagazine.com

Virtual private network. vpn

Table of contents:

Anonim

A NETWORK is spread over a wide geographic area, sometimes a country or a continent; it contains a collection of machines dedicated to running user programs (applications). In recent years, networks have become a critical factor for any organization. Increasingly, networks transmit vital information, therefore these networks comply with attributes such as security, reliability, geographic reach and cost effectiveness. It has now been shown that networks reduce company expenses in time and money, this has meant a great advantage for organizations, especially those that have remote offices several kilometers away,But it is also true that these remote networks have aroused the curiosity of some people who are dedicated to attacking servers and networks to obtain confidential information. For this reason, network security is of the utmost importance, that is why we hear so much about the famous firewalls and VPNs

What is a VPN?

According to M. N González (2002) Virtual private networks “A VPN is a virtual network that is created within another network, such as the Internet ”. Generally, private networks are created in public networks, in which you want to create a confidential and private environment. The VPN allows you to work as if you were on the local network, it is completely transparent for the user. Once the connection of the virtual private network is established, the data travels encrypted in such a way that only the sender and the receiver are able to read it. In order to perform a VPN, you need a server (or host) that waits for incoming connections, and one or more clients, which connect to the server to form the private network.

It is a Virtual Private Network (VPN), it extends, through an encapsulation process and, where appropriate, encryption, of the data packets to different remote points through the use of public transport infrastructures. Data packets from the private network travel through a tunnel defined in the public network.

VPN connection - Virtual Private Network

Tunnel technology:

Virtual private networks create a tunnel or conduit from one site to another to transfer data, this is known as encapsulation, and the packets are encrypted so that the data is unreadable to strangers.

T

  • Remote access VPN: Consists of users who connect to a company from remote sites using the Internet as an access link. Once authenticated, they have a level of access similar to being within the local network. Point-to-point VPN: This scheme is used to connect remote offices with a central headquarters. The VPN server is permanently connected to the Internet, accepts incoming connections from the sites, and establishes the VPN tunnel. The servers in the remote offices connect to the Internet and through the Internet to the VPN tunnel in the central office. It is used to eliminate traditional point-to-point connections. Internal VPN (over LAN):It works just like a normal VPN network, except within the same local LAN instead of over the Internet. It is used to isolate zones and services of the same internal network. It also serves to enhance the security features of a WiFi wireless network.

C

According to R. Nader Carreón (2007) VPN (Virtual Private Networks) “VPNs consist of hardware and software, and also require another set of components. These components are simple requirements that ensure that the network is secure, available and easy to maintain ”. They are required whether a VPN is provided by a ISP or you have decided to install one yourself.

  • Availability: Applies to both update and access time. Control: Provides training, expertise, meticulous monitoring, and alerting capabilities offered by some managed service providers. A significant consideration is that no matter how large your organization is, you probably only have one VPN; it may have other access points but it will still be a corporate VPN. Compatibility: To use VPN technology and the internet as a means of transport, the internal architecture of a company's network protocol must be compatible with the Native IP of the internet. Security:It's everything in a VPN, from the encryption process you implement and the Authentication Services you choose to the digital signatures and Certificate Authorities they use. It covers the software that implements the encryption algorithms on the VPN device. Reliability: When a company decides to install an ISP's VPN product, it is at the mercy of the ISP.

Data and User Authentication:

Data: It reaffirms that the message has been completely sent and that it has not been altered in any way.

Users - Clients connecting to the VPN.

  • Traffic Overload: In all kinds of technologies there are trade-offs: speed versus performance, security versus flexibility. VPNs fall into the same category when it comes to the size of encrypted packets, the overload is at stake, since if we send several packets, their size increases and therefore bandwidth utilization is affected. Without Repudiation: It is the process of positively identifying the issuer in such a way that it cannot be denied.

V

The main advantages are:

  • Inexpensive remote access cost VPN technology is one of the most secure Information accessibility Simplicity

The main disadvantages:

  • Double dependency on connection stability Lack of knowledge and end user oversights Client computer without Administrator control

Basic requirements of a VPN:

In general, when you want to implement a VPN you have to make sure that it provides:

  • User identification Address management Data encryption Key management Multiple protocol support

User ID:

The VPN must be able to verify the identity of users and restrict access to the VPN to those users who are not authorized. Likewise, you must provide statistical records that show who accessed, what information and when.

Address management:

The VPN must establish a client address on the private network, and it must ensure that private addresses are preserved that way.

Data encoding:

The data to be transmitted through the public network must be previously encrypted so that it cannot be read by unauthorized clients of the network.

Key management:

The VPN must generate and renew encryption keys for the client and the server.

S upport multiple protocols:

The VPN must be able to handle the common protocols used in the public network. These include internet protocol (IP), internet packet exchange (IPX) among others.

Tools of a VPN:

  • VPN GatewaySoftwareFirewallRouterDevices with special software and hardware to provide capacity to the VPN SoftwareThis on a PC or Workstation platform, the software performs all the functions of the VPN.

P

Various network protocols have been implemented for the use of VPNs. These protocols attempt to close all the security "holes" inherent in VPN. These protocols continue to compete for acceptance, as none of them have been more widely accepted than another.

These protocols are as follows:

P oint-to-Point Tunneling Protocol (PPTP): PPTP is a protocol specification developed by various companies. PPTP is typically associated with Microsoft, as Windows includes support for this protocol. The early beginnings of PPTP for Windows contained security features too weak for serious use. That's why Microsoft continues to improve PPTP support.

The best feature of PPTP lies in its ability to support non-IP protocols. However, the main drawback of PPTP is its failure to choose a single standard encryption and authentication: two products that access the PPTP specification can become completely incompatible simply because the data encryption is different.

Layer Two Tunneling Protocol (L2TP): PPTP's main competitor in VPN solutions was L2F, developed by Cisco. In order to improve L2F, the best features of PPTP and L2F were combined to create a new standard called L2TP. L2TP exists at the link level of the OSI model. L2TP, like PPTP, supports non-IP clients, but it also gives problems when defining standard encryption.

Internet Protocol Security (IPsec):

IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution or simply as an encryption scheme for L2TP or PPTP. IPsec exists at the network level in OSI, to extend IP for the purpose of supporting more secure Internet-based services.

VPN servers:

AceVPN: It has servers in 13 countries and a free service accessible by invitations. It is cross-platform: Microsoft Windows, Apple Mac, Linux, iPhone, iPod touch, iPad, Android, etc.

AnchorFree Hotspot VPN: VPN to anonymize traffic in the United States offered by Anchor Free company. Valid for Windows and Mac. Some sites like Hulu detect Anchor Free's servers and block them.

F r e e VPN by WSC: Barely adds 10 to 50 ms latency. Streaming playback against UK and US servers runs smoothly, seamlessly, and playback is instantaneous. It has a simpler design, more servers, and is less intrusive than Anchor Free.

GPass: The GPass service provides free access to VPNs, as well as a very fast proxy that can be used directly from the browser. The service is very popular in China, where Internet censorship is the most common.

Hostizzle: Service that offers you 10 mb for free monthly, and works with Hulu, therefore it means that we have US IP. The only thing is that every month it is necessary to renew the certificate for the connection.

Hotspot Shield: This is possibly the most popular free VPN client in the world. It became popular when Hulu went live. Now, they have VPN services in the United States and the United Kingdom that you can use to protect yourself from WiFi snoopers, identity theft, and censorship. The best thing about Hotspot Shield is that it provides unlimited bandwidth and works on both PC and Mac.

I

A) Installation:

1) Installing the package from the repository:

  • apt-get install openvpn

2) We copy the configuration scripts of the certification authorities to the / etc / openvpn directory:

  • cd / usr / share / doc / openvpn / examples / easy-rsacp -a 2.0 / / etc / openvpn / easy-rsacd / etc / openvpn / easy-rsa

3) Before creating the CA key, you must modify some environment variables:

  • nano vars

Note: The KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters must be set correctly.

4) After configuring the vars file, it is possible to generate the certificate and key for the Certificate Authority (CA):

  • ../vars./clean-all./build-ca

5) Then it is possible to generate the certificate and key for the VPN server:

  • ./build-key-server server

Note: Generate the certificates for the clients (it is important that the client and server certificates are signed by the same CA):

  • ./build-key client1 ./build-key client2 ./build-key client3

Note: Every time the session is restarted, «../var »to set the environment variables again.

Reply 'y' twice to sign and commit the certificate. Finally, the Diffie-Hellman parameters must be generated:

  • ./build-dh

We have already built our PKI (Public Key Infrastructure), that is our public key authentication and encryption infrastructure, the example configuration files should be copied to the / etc / openvpn directory:

  • cp -a / usr / share / doc / openvpn / examples / sample-config-files / / etc / openvpn / B) Server configuration

1) Unzip the server configuration file:

  • cd / etc / openvpn / sample-config-files / gunzip server.conf.gz

2) Edit the server configuration file:

  • nano server.conf

3) Modify the following lines:

proto tcp

; proto udp

ca easy-rsa / keys / ca.crt

cert easy-rsa / keys / server.crt key easy-rsa / keys / server.key dh easy-rsa / keys / dh1024.pem server 10.8.0.0 255.255.255.0

In this way the server will give access to the 10.8.0.0/24 network and will take the IP address

10.8.0.1 (clients will have an IP in the range 10.8.0.2 to 10.8.0.254). If it is necessary to send routing rules to the clients, it must be added (for example to be able to reach the internal network 192.168.1.0/24 that is behind the VPN):

  • push "route 192.168.1.0 255.255.255.0"

4) Finally copy the configuration file to the / etc / openvpn directory:

  • cp server.conf../
  • cd / etc / openvpn
  1. C) Client configuration:

1) Edit the clients configuration file:

  • cd / etc / openvpn / sample-config-filesnano client.conf

2) Modify the following lines:

proto tcp

; proto udp

remote 192.168.122.169 1194

In this example the IP address 192.168.122.169 is the address at which the server listens for requests for connection to the VPN 10.8.0.0/24 on port 1194 (OpenVPN's default port).

3) Package the configuration file together with the certificates and key:

  • cd / etc / openvpnmkdir client1cp sample-config-files / client.conf client1 / cp easy-rsa / keys / ca.crt client1 / cp easy-rsa / keys / client1.crt client1 / client.crtcp easy-rsa / keys / client1.key client1 / client.keyzip -Z deflate -r client1.zip client1 / *

Repeat the procedure for the rest of the clients.

START THE SERVER TO VERIFY CONNECTIVITY

Note: Before starting the server, IP forwarding must be enabled for packet routing to work.

Enable IP forwarding:

  • echo 1> / proc / sys / net / ipv4 / ip_forward

Start the VPN server:

  • cd / etc / openvpn / openvpn server.conf

C o nclusion

Due to the economic advantages offered by virtual private networks, it can be concluded that it is an excellent technology for remote access, since the use of a VPN is an indispensable substitute for expensive traditional long-distance telephone dialing methods. It is also a good alternative solution to traditional WAN implementation methods.

VPNs represent a great solution for companies in terms of data security, confidentiality and integrity and have practically become a major issue in organizations, because it significantly reduces the cost of transferring data from one place to another, The only drawback that VPNs could have is that the security and access policies must first be correctly established because if this is not well defined there can be serious consequences.

A VPN can be used in all types of environments, from large companies with branches in different parts of the country or the world, to small companies with one or two branches in a single city; as well as in the various government agencies that need to exchange information, educational institutions such as universities and in general in any place that needs to share files from a remote location in a secure way.

R Bibliographical efferents and Electronic

To carry out this work, the following Internet page has been consulted, in order to obtain sufficient information:

Download the original file

Virtual private network. vpn
Technology

Editor's choice

Fundamental problems in the financing of higher education in the world

Fundamental problems in the financing of higher education in the world

Environmental problems, economic growth and technological advance. origin, current debate and consequences

Environmental problems, economic growth and technological advance. origin, current debate and consequences

Garbage collection problem in a municipality of Mexico. test

Garbage collection problem in a municipality of Mexico. test

The problem of urban transport in Venezuela

The problem of urban transport in Venezuela

Problems of adolescents in Mexico

Problems of adolescents in Mexico

National problems and presidential disapproval in Peru 2015

National problems and presidential disapproval in Peru 2015

© Copyright en.artbmxmagazine.com, 2024 October | About site | Contacts | Privacy policy.