Virtual private networks

Introduction The main characteristic of the period in which we live is the creation and implementation of different information technologies.

The need of different corporations motivates the creation of LAN, WAN, intranet, extranet and of course, the Internet. Businesses connect their branch offices to the head office through WAN networks. Infrastructure can also be installed to allow remote access. But a problem arises when trying to maintain a private network in these conditions: it turns out to be expensive and not very secure in most cases.

virtual-private-networks

A public network like the Internet is infested with malicious users, a system becomes insecure simply by turning it on. The only totally safe system would be one that was turned off, disconnected from any network, tucked inside a titanium safe, surrounded by gas and guarded by non-bribery armed guards. Still I wouldn't bet my life on him "(Gene Spafford), security expert. So it requires a technology that allows the safe and confidential sending of data through a public network such as VPNs (virtual private networks for its acronym in English). This report intends to analyze the way in which the Linda Vista University could implement this technology in its headquarters and campus, to save costs and avoid loss of important data when making transactions.VPNs are gaining momentum every day in businesses and government and educational institutions as they offer a variety of benefits. Security is the main aspect of VPNs, since it is about private information of companies circulating through the Internet, it is then necessary to use encryption and data authentication methods in order to achieve the safe sending of information.

The structuring of this work consists of 3 chapters. the first one consists of the following steps:

Introduction, problem statement, delimitation, definition of terms.

The second is the theoretical framework and is made up of the following sections: virtual private networks, components of a VPN, VoIP, Operating System.

Chapter 3 consists of the proposal and is made up of the following sections: design, diagrams, costs, closing said research project with the conclusion.

Problem Statement

Most companies, institutes, universities, etc., require methods to transmit information in the fastest, safest way, and at a reasonable price. This has led to the need to create and implement new technologies in order to meet the latent needs of organizations in this globalized world. Currently, Linda Vista University has a high cost in telephone calls to other campuses, insecurity when sending sensitive information, as well as the limitation of being on campus to work quickly and correctly.For this reason, in carrying out this research, it is intended to solve the following question: What are the benefits offered by virtual private networks at Linda Vista University for the management of information on all its campuses? Is it feasible to install VoIP service in the Linda Vista University administration offices?

goals

General objective. Know the impact that virtual private networks have on the Linda Vista University, including its campuses (Tuxtla Gutierrez, Chiapas), in terms of costs and time.

Specific objectives.

1. Design a virtual private network for Linda Vista University Design a VoIP server for telephone calls Study success stories in other companies that already use this technology.

Justification

A virtual private network could favor the flow of information from the Linda Vista University which will impact the cost reduction. since at present the means of information that are used are: telephone, electronic mail, Internet. The expected effects of implementing this technology are cost reduction when communicating with the different campuses, greater security when sending private information, greater comfort and accessibility when working from an off-campus location.

Viability

This research is feasible because they have qualified people to make the necessary configurations and programming to make the connection to the VPN server that will be installed, as well as the corresponding technologies to establish communication between the different campus of the Linda Vista University.

Delimitations

The configuration for communication between the various campuses of the Linda Vista University, located in the Nuevo Solistahuacan town corresponding to the northern region of the state of Chiapas, Mexico.

Definition of Terms

1. Authentication - establish the identity of a user for secure e-commerce and VPN transactions.DES (Data Encryption Standard, 3DES) - A secret key NIST standard cryptography method using a 56-bit key (DES) or 168-bit key (3DES) Denial of Service (called DoS) - a hacker attack designed to disable a server or network by flooding it with service requests which prevents legitimate users to access network resources. Encryption - the process of taking all the information that one computer is sending to another and encoding it in a way that only the other computer will be able to decode.Firewall - a security device that controls access from the Internet to a local network using information associated with TCP / IP packets to make decisions about whether to allow or deny access. International Computer Security Association (ICSA) Internet Protocol Security (IPSec) - a robust IETF VPN standard that encompasses authentication and encryption of data traffic over the Internet. called NAT, for its acronym in English Network Address Translation) - a security standard that converts multiple IP addresses on the private local network to one public address that is sent to theInternational Computer Security Association (ICSA) Internet Protocol Security (IPSec) - a robust IETF VPN standard that encompasses authentication and encryption of data traffic over the Internet. called NAT, for its acronym in English Network Address Translation) - a security standard that converts multiple IP addresses on the private local network to one public address that is sent to theInternational Computer Security Association (ICSA) Internet Protocol Security (IPSec) - a robust IETF VPN standard that encompasses authentication and encryption of data traffic over the Internet. called NAT, for its acronym in English Network Address Translation) - a security standard that converts multiple IP addresses on the private local network to one public address that is sent to theNetwork Address Translation) - a security standard that converts multiple IP addresses on the private local network to one public address that is sent to theNetwork Address Translation) - a security standard that converts multiple IP addresses on the private local network to one public address that is sent to the

Internet.

1. Point-to-Point Tunnel Protocol (called PPTP, for its acronym in English

Point-to-Point Tunneling Protocol) - a protocol that is built into Microsoft's Windows operating system that allows secure remote access to corporate networks over the Internet (VPNs).

1. Stateful Packet Inspection - a security device ("firewall"), based on advanced packet filtering technology, which is transparent to users on the local network, does not require client configuration and ensures the broader array of IP protocols Tunnel - the path through which a VPN data packet securely travels through the internal network Virus - malicious software programs that attack applications and files in memory or disks VPN - Virtual Private Network

CHAPTER II

THEORETICAL FRAMEWORK

At present it is increasingly necessary for companies to have offices at a considerable distance from the headquarters, this makes us think of a way to link the different offices of the central office. We can obtain connectivity in different ways with different providers with their corresponding cost variables, and sometimes a lot of insecurity.

Virtual Private Networks

We can define a virtual private network as a union of networks that allows a local network to be extended through a public network so that communication exists as if they were connected to the same local network.

Because a virtual private network works in a public network, the most important issue would be the security of the information that we share since it can be seen by anyone if the necessary measures are not taken. In a public network such as the Internet, there are several people who are always waiting to capture valuable information, because of that a virtual private network must have authentication and encryption mechanisms that allow the user a level of security when sending packets over the Internet.

Basic Components of a VPN

Encryption and security measures are the foundation of Virtual Private Networks. In a way, VPNs are replacing WANs, although they can be operated more easily and have a low cost, but they do not offer appropriate security for companies. - The components that are part of a VPN are:

(Shinder, 2013)

VPN server. It is the Computer that accepts VPN connections from VPN clients. In charge of managing all VPN clients and providing network security.

VPN client. Computer that initiates a VPN connection with a VPN server.

Tunnel. It is the Portion of the connection in which the data is encapsulated. It is the VPN Connection.- Portion of the connection in which the data is encrypted. For secure VPN connections, the data is encrypted and encapsulated in the same portion of the connection. Note: It is possible to tunnel and send the data through the tunnel without encryption. This is not a VPN connection because private data travels through the public or shared network in an unencrypted and easily visible and insecure way.

Tunnel protocols. They are used to manage tunnels and encapsulate private data. There are several tunneling protocols that will be discussed later.

Tunnel data. Data that is generally sent through a point-to-point link.

Transit network. Public or shared network that allows the transit of encapsulated data. The transit network can be the Internet or a private intranet. To simulate a point-to-point link in a VPN, the data is packed with a header that provides the routing information that enables the data to traverse the public network to its destination. To simulate a private link, the data is encrypted to ensure confidentiality. The packets intercepted on the public network cannot be decrypted without the encryption keys. The part of the connection in which private data is encapsulated and encrypted is called the VPN connection.

Internet as a Medium for VPN

Nowadays the VPN is used a lot in companies thanks to the low cost of operations. For example, if a long distance call cost 1.00 a day it would cost 60.00 if working 20 days a month we would have an expense of 1200.00 per person, but if we compare with the 500.00 that some ISPs provide for unlimited Internet access, it is seen clearly a considerable savings when using a VPN. (CISCO, 2013a) - (Caldas, 2007)

Architecture of a VPN

There are two basic types of VPN architectures which are:

1. Remote Access VPN Site-to-site VPN

Remote access VPNs are subdivided into Dial-Up VPN and direct VPN, in turn site-to-site VPNs or also calls VPN LAN to LAN or VPN POP to POP, these are subdivided into VPN extranet and VPN intranet.

Remote access VPN. This type of VPN provides remote access to a corporate intranet or extranet. A remote access VPN saves businesses money because instead of making long distance calls, just establishing a connection with the local ISP. The user only has to make a connection to the company's ISP server, through the Internet, once the user has made a connection, he or she will be able to make use of the resources of the company's private intranet.

VPN Dial-Up. In this type of VPN the user makes a local call to the ISP using the modem, although it is a slower connection it is also the most common, this type of VPN is used more among mobile users, since it is not possible to have a high-speed connection to all the places you travel.

Direct VPN. This type of VPN uses high-speed Internet connection technologies, such as DSL and cable modems, which are already offered by many ISPs. it is mainly used among teleworkers, it is also used to obtain connections from home.

Site-to-site VPN. This alternative to Frame Relay or leased line WAN networks enables companies to bring network resources to branch offices, home offices, and business partner sites. (CISCO, 2013b)

VPN Intranet. An intranet VPN is used for the internal communication of a company, they link the central office with all the branches, they are governed by the same rules as in any private network. A router makes the site-to-site VPN connection that connects two parts of a private network. the VPN server provides a routed connection to the network that the VPN server is connected to. (Shinder, 2004)

VPN Extranet. The feature of VPN Extranet is that it allows service providers to distribute IP multicast content originated from one company site to other company sites. This feature enables service providers to offer the next generation of flexible extranet services, which helps for business partnerships between different customers of the VPN company. (CISCO, 2006)

Requirements of a Virtual Private Network.

To ensure that a virtual private network is secure, available and easy to maintain, it is necessary to meet certain essential requirements that a company must take into account before implementing a Virtual Private Network (Brown, 2001)

These requirements are listed below:

1. AvailabilityControlCompatibilitySecurityInteroperabilityReliabilityData and user authenticationTraffic overloadMaintenanceNon-repudiation

Availability. Availability applies to both update and access time. It is not enough for the user to have authorization to access the corporate servers, if he cannot connect due to network problems, therefore the availability in the physical part of the network must be ensured.

Control. The control must be implemented by the supervisor or administrator of the Virtual Private Network, whether internal or external depending on how the VPN implementation was carried out. We must take into account that no matter how large the organization is, it is possible to have only one VPN, which will make it easier for the administrator of the VPN to control it.

Compatibility. Because when using VPN and internet technologies, these are based on the IP protocol, so the internal architecture of the company's network protocol must be compatible with the IP protocol.

Security. Speaking of security and virtual private network, to some extent you could say that they are synonymous. Security in a VPN covers everything from the encryption process that is implemented to the user authentication services. This security term needs to be carefully considered, since it can be said that a VPN without security is not a VPN.

Interoperability. The interoperability of a virtual private network is very important for the transparency of the connection between the parties involved. Reliability Reliability is one of the important requirements that you must have in a Virtual Private Network, but this reliability is greatly affected in Remote Access VPNs, where it is subject to the reliability of the ISP, since if the ISP service is interrupted the connection also and we will not be able to do anything until the ISP again provides its service to the clients.

Data and User Authentication. Data and user authentication is extremely important within any Virtual Private Network configuration. Data authentication asserts that the data has been delivered to its recipient totally unaltered in any way. User authentication is the process in which only admitted users have access to the network and are not attacked by malicious external users.

Traffic overload. Traffic overload is a problem for any type of network technology, and therefore it is also an unavoidable problem, especially if we have a virtual private network through an ISP. Taking into account that a packet sent in a VPN is encrypted and encapsulated, which significantly increases the traffic overhead on the network.

Maintenance. Maintenance, an aspect that cannot be forgotten. If the virtual private network is implemented with the company's own resources, it is necessary to consider that the maintenance must be supported by the personnel of the systems department, who must be trained for this purpose. If you do not have trained personnel, it is preferable to hire external services that are responsible for the implementation and maintenance of the company's virtual private network.

Without repudiation. It consists of the process of correctly identifying the issuer, in order to be clear about where the request comes from. If it is considered that a VPN is going to be used to contact customers, it is necessary that it be well identified where the request comes from. In order to carry out any commercial transaction (electronic commerce) over the internet, it is necessary that this transaction be a process without repudiation. We can realize that again we are talking about security, one of the fundamental characteristics in a VPN. (Ramírez, 2013)

Advantages of Virtual Private Networks.

The simple fact of talking about virtual private networks, as indicated above, comes to mind the term of security, as well as the low cost that this technology needs to implement it and also its ease of use, (Krause, 2013)., it can be said that the implementation of a virtual private network makes us think about three fundamental and beneficial aspects for our company, which are:

Cost savings. The cost savings of virtual private networks is associated with different factors that influence the transition from an older technology to a virtual private network technology. The elimination of rented lines, like the lines by dialing, are two fundamental factors that will allow savings in the implementation of a VPN, taking into account that eliminating this type of communication also eliminates the costs of the other devices involved, as can be pbx teams, remote access teams. Installation and configuration costs for said remote access equipment will also be eliminated, among other costs.

Benefits for the end user. The end user is greatly benefited, whether it is a user that belongs to the company itself or a client. Nowadays, companies must reach the customer, no matter where the customer is located, that is why it is necessary for the customer to have access to services and no longer do it with long distance telephone communications that are very expensive, but through a local ISP with a more efficient and less expensive link and also a link that will be available 24 hours a day, 365 days a year. Remote users will have the same benefit, facilitating access to company information whenever they want, regardless of where they are.

Disadvantages of Virtual Private Networks

Reliability. The Internet is not 100 percent reliable, and network failures can cut off our VPN's resource.

Trust between venues. If the security of a node or subnet involved in the VPN is compromised, it will affect the security of all components of the VPN.

Interoperability. Given the different solutions available to implement a VPN, we can find incompatibilities between those used in the different nodes of the VPN. (Pena, 2013)

VPN topologies

Just as there are different ways to acquire and implement a VPN architecture, there are also many ways to place this architecture in a VPN topology. The topology tells us the place that corresponds to each device in the configuration of the virtual private network.

Firewall topology . This type of topology is the most common and possibly the easiest to configure for those who have a firewall in place and want only VPN functionality. The typical client / VPN configuration involves a user with a laptop connected to a company server, and there are two components that must be enabled to establish communication:

1. The firewall / VPN device must run some kind of VPN code. Most popular firewall manufacturers using UNIX or Windows will support some kind of encrypted software. The laptop has a VPN stack installed. The VPN stack is between levels 2 (data link) and 3 (network) of the OSI model. (Víctor Hugo Taborda, 2004)

LAN to LAN. This type of topology is the second most commonly used.

This topology is also used between offices and different clients, creating a VPN tunnel between them. If both an NT-based and UNIX-based firewall are used, both will use DES encryption and will be able to communicate with each other.

Firewall to intranet / extranet. Intranets and extranets are the most common Internet services today. In VPN technology these services now have an additional level of encryption. Typically, intranets were used internally by employees, and extranets were used externally by customers. Now, with VPN technology, any service can be accessed internally or externally. This has two conditions: first, there is flexibility for one machine to handle both services and therefore redundancy is reduced; the second condition is security, now there is a way for external users to have access to these servers.

Frames O ATM. VPNs can be configured over a shared infrastructure such as ATM or frame-based network topologies. Businesses that run their own intranets on top of this VPN topology have the same security, manageability, and reliability as their own private networks. This type of topology is generally configured in two ways. The first is IP over a frame / ATM network infrastructure. This combination combines the application layer of IP services on the capacity of an ATM network. Depending on the configuration of the equipment, the IP packets are converted into cells and transferred over an ATM network. The encryption process runs on these packets before conversion to cells, and the cells containing the encrypted IP payload are switched to the final destination.The second option is the Internet Engineering Task Force (IETF) Multiprotocol Label Switching (MPLS) working group. In this network topology, smart switches dynamically forward IP traffic in parallel along with ATM traffic on the same ATM network. A field containing a unique identifier is applied to the packet, which identifies the final destination. The switches in this ATM network examine this field and forward it to its appropriate destination. The security attribute of this is that the packet is only forwarded to its destination, thus avoiding eavesdropping. Any encryption process that can be used here only applies to the data portion, before it is sent to the ATM cloud.smart switches dynamically forward IP traffic in parallel along with ATM traffic on the same ATM network. A field containing a unique identifier is applied to the packet, which identifies the final destination. The switches in this ATM network examine this field and forward it to its appropriate destination. The security attribute of this is that the packet is only forwarded to its destination, thus avoiding eavesdropping. Any encryption process that can be used here only applies to the data portion, before it is sent to the ATM cloud.smart switches dynamically forward IP traffic in parallel along with ATM traffic on the same ATM network. A field containing a unique identifier is applied to the packet, which identifies the final destination. The switches in this ATM network examine this field and forward it to its appropriate destination. The security attribute of this is that the packet is only forwarded to its destination, thus avoiding eavesdropping. Any encryption process that can be used here only applies to the data portion, before it is sent to the ATM cloud.The switches in this ATM network examine this field and forward it to its appropriate destination. The security attribute of this is that the packet is only forwarded to its destination, thus avoiding eavesdropping. Any encryption process that can be used here only applies to the data portion, before it is sent to the ATM cloud.The switches in this ATM network examine this field and forward it to its appropriate destination. The security attribute of this is that the packet is only forwarded to its destination, thus avoiding eavesdropping. Any encryption process that can be used here only applies to the data portion, before it is sent to the ATM cloud.

Hardware VPN. This is a device loaded with encryption software to create a VPN tunnel. Some black boxes come equipped with software that runs on the client to help manage the device, and others can be managed through the Internet browser. Being a hardware device, VPNs installed with these computers are believed to be much faster than the software-based types, as they create faster tunnels on demand and run the encryption process much faster. Although this may be true, not all offer a centralized management feature (Brown, 2001)

VPN / NAT. Although Network Address Translation (NAT) is not a VPN, it should be discussed as many organizations have it in place, and VPN devices are directly affected by NAT processes. Network address translation is the process of changing an IP address (usually an organization's private address) to a routable public IP address. NAT provides a mechanism to hide the private address structure of an organization. Using network address translation is not complicated, but the location of the VPN device is important (Brown, 2001). If you implement NAT on a VPN packet, that packet can be dropped; remember that a VPN is an IP-to-IP configuration. Fig. 5.8 shows the flow of traffic that takes place on a firewall that implements NAT while the VPN device handles user authentication.

These two rules must be followed when using NAT and VPN:

1. For outbound packages. If they have to go through NAT and be part of a VPN, NAT must be applied before the VPN device encrypts the packets for incoming VPN traffic. NAT must be applied after the VPN encryption has been removed from the packet.

Nested VPN tunnels .. Nested VPN tunnels can be thought of as a tunnel within another tunnel. There are many ways to make nested tunnels, one way to use them is when an organization needs to implement point-to-point security (Brown, 2001).

1. The PPTP client performs the encryption process on the data from the application, then sends the encrypted data stream to the firewall / VPN device, which adds DES encryption to the packet. DES encryption can be implemented as part of the IPSec standard. The packet is received by the remote VPN device, which checks the authentication, removes the DES encryption, and sends it to its final destination, which is the PPTP server. PPTP decrypts the PPTP packet and forwards it to higher-level applications. Before two firewall / VPN devices can perform any encryption / decryption process, they must first be configured between them. It is commonly recommended to use IPSec and PPTP in combination.

Load balance and synchronization. VPN technology can be load balanced. Load balancing is the process of distributing VPN processing needs across multiple servers. Synchronization is the process of synchronizing VPN devices. The one arm (parallel) configuration is a typical topology when load balancing and synchronization are used. Thanks to this, VPNs can grow.

VPN switching topology. There are products on the market called VPN switches. They are Layer 3 switches that create tunnels on demand. They have the ability to create and assign tunnel characteristics and switch multiprotocol traffic. They supposedly perform wire-speed multiprotocol routing, encapsulation, and encryption. In addition, they have a useful feature to support a switching based on the network protocol policies. These VPN switches include remote maintenance software that provides planning capability, fault tolerance, and statistical information such as tunnel utilization and quality of service monitoring. The tunnels are configured through a management console and are created and switched on request to the respective destinations.Although they are generally easy to configure and maintain, they are not firewalls. Therefore, they do not offer the protection that a firewall might offer. (Schmidt, 2001)

Voip

Voice over the Internet or VoIP technology, short for Voice over Internet Protocol, is a new way of making and receiving phone calls using a broadband Internet connection instead of a regular phone line.

What is IP Telephony?

IP telephony enables voice communications over Internet Protocol (IP) -based networks. It unifies the multiple delegations that an organization may have (including mobile workers) in a single converged network. It also promises cost savings by combining voice and data in the same network that can be centrally maintained, as well as saving the high fees charged for calls between delegations.

General VoIP Concepts

From a technical point of view, the traditional telephone network (PSTN) has not had a great evolution since its invention in the late 19th century. At the same time, there is a growing trend to send the voice signal in digital form, in packets over the data network, instead of using the conventional telephone network (PSTN). This shows that the convergence of voice and data towards the same network is and will be a reality of the 21st century. The group of resources that make it possible for the voice signal to travel through the Internet using the IP protocol is called Voice over IP (VoIP). It is a technology with a very high growth, in which many companies bet. The main advantage of this type of service is that it avoids the high telephony charges (mainly long distance) that are typical of the PSTN network.The reduction in costs is mainly due to the use of the same network to transport voice and data; especially when users do not use the full capacity of their network, which can be used for VoIP at no great additional cost. Another benefit to be highlighted is the wide range of commercial solutions that allow the construction of telephone networks with additional services, such as voice mailbox, Voice-mail, conference calls, interactive voice server (IVR), automatic call distribution, among others. At the same time, communities of programmers were created in order to develop Open Source VoIP solutions. Open Source programs were very successful in business and university environments due to their efficiency, which made them competitive, in many areas,relative to existing proprietary solutions. These Open Source programs sought to avoid the problems inherent to traditional proprietary systems with what they achieved; minimize costs, improve flexibility, maintenance and equipment support, as well as allow each user to have control of their own system. The development of open source applications makes possible easy and economical access to VoIP communication systems and associated information (manuals, tutorials, HowTo, official URLs, forums, etc.), which facilitates the implementation of these systems.as well as allowing each user to have control of their own system. The development of open source applications makes possible easy and economical access to VoIP communication systems and associated information (manuals, tutorials, HowTo, official URLs, forums, etc.), which facilitates the implementation of these systems.as well as allowing each user to have control of their own system. The development of open source applications makes possible easy and economical access to VoIP communication systems and associated information (manuals, tutorials, HowTo, official URLs, forums, etc.), which facilitates the implementation of these systems.

It is possible to have access to a PBX telephone exchange (Asterisk), to which VoIP users are connected through softphones, both available in Open Source. With this, an implementation can be made where telephone extensions and voice mailboxes are assigned to these users, with which they can communicate with each other or leave voice messages in case the recipient is not available. In addition, it is possible to add more advanced functionality that allows the voice message to be sent to the recipient's email with a certain format. This requires the use of a mail server, also available in Open Source.

Network architecture for VoIP. The Standard itself defines three fundamental elements in its structure:

1. Terminals: they are the substitutes for current telephones. They can be implemented in both software and hardware. Gatekeepers: they are the center of the entire VoIP organization, and are the substitute for the current centrals. Normally they implement by software, if they exist, all the communications that go through it.

1. Gateways: it is the link with the traditional telephone network, acting in a transparent way for the user. With these three elements, the structure of the VoIP network could be the connection of two branches of the same company. The advantage is immediate: all communications between delegations are completely free. This same scheme could be applied to providers, with the consequent savings that this entails. VoIP protocols: these are the languages ​​that the different VoIP devices will use for their connection. This part is important since the effectiveness and complexity of the communication will depend on it. o In order of seniority (from oldest to newest): 323 - Protocol defined by the ITU-T; SIP - Protocol defined by the IETF; Megaco (Also known as H.248) and MGCP - Control protocols;UNIStim - Protocol owned by Nortel (Avaya); Skinny Client Control Protocol - Protocol owned by Cisco; MiNet - Protocol owned by Mitel; CorNet-IP - Protocol owned by Siemens; IAX - Original protocol for communication between Asterisk PBXs (It is a standard for the other data communication systems, it is currently in its version 2, IAX2); Skype - proprietary peer-to-peer protocol used in the Skype application; IAX2 - Protocol for communication between Asterisk PBXs replacing IAX;Skype - A proprietary peer-to-peer protocol used in the Skype application; IAX2 - Protocol for communication between Asterisk PBXs replacing IAX;Skype - A proprietary peer-to-peer protocol used in the Skype application; IAX2 - Protocol for communication between Asterisk PBXs replacing IAX;

1. Jingle - Open protocol used in XMPP technology; MGCP- Cisco proprietary protocol; weSIP- Protocol free license from VozTelecom.

As we have seen, VoIP presents a great number of advantages, both for companies and for ordinary users. The question would be why has this technology not yet been implemented? Next we will analyze the apparent reasons why VoIP has not yet prevailed over conventional telephony.

VoIP parameters. This is the main problem with the penetration of both VoIP and all IP applications today. Guaranteeing the quality of service over the Internet, which only supports "best effort" and may have bandwidth limitations on the route, is currently not possible; therefore, there are various problems in terms of guaranteeing the quality of the service.

Codecs. The voice has to be encrypted in order to be transmitted over the IP network. For this, codecs are used that guarantee the encoding and compression of the audio or video for its subsequent decoding and decompression before generating a usable sound or image. Depending on the Codec used in the transmission, more or less bandwidth will be used. The amount of bandwidth used is usually directly proportional to the quality of the transmitted data. Among the most used codecs in VoIP are G.711, G.723.1 and G.729 (specified by ITU-T).

These Codecs have the following encoding bandwidths:

1. 711: 56 or 64 Kbps bit-rate 722: 48, 56 or 64 Kbps bit-rate 723: 5.3 or 6.4 Kbps bit-rate 728: 16 Kbps bit-rate 729: 8 or 13 Kbps bit-rate.

This does not mean that it is the bandwidth used, since it is necessary to add the traffic of, for example, the Codec G729 uses 31.5 Kbps of bandwidth in its transmission.

Delay or latency. Once the transit delays and the processing delay have been established, the conversation is considered acceptable below 150 ms, which is 1.5 tenths of a second and would already produce significant delays.

Quality of service. To improve the level of service, it has aimed to reduce the bandwidths used, for this purpose it has worked under the following initiatives:

1. Silence suppression provides more efficiency when transmitting voice, since bandwidth is better utilized by transmitting less information. Header compression applying RTP / RTCP standards. For the QoS quality of service measurement, there are four parameters such as bandwidth, time delay (delay), delay variation (jitter) and packet loss. To solve this type of inconvenience, in a network you can implement three basic types of QoS: Best effort: (in English, best effort) This method simply sends packets as it receives them, without applying any real specific task. That is, it does not have any priority for any service, it just tries to send the packages in the best way. Integrated Services:This system's main function is to pre-agree a path for the data that need priority, in addition this architecture is not scalable, due to the amount of resources it needs to be reserving the bandwidth of each application. RSVP (Resource Reservation Protocol) was developed as the mechanism to program and reserve the bandwidth required for each of the applications that are transported by the network. Differentiated Services: This system allows each network device to have the possibility of managing the packets individually, in addition each router and switch can configure its own QoS policies, to make its own decisions about the delivery of the packets. Differentiated services use 6 bits in the IP header (DSCP Differentiated Services Code Point).The services for each DSCP are the following: The prioritization of packets that require lower latency. The current trends are: PQ (Priority Queuing): This prioritization mechanism is characterized by defining 4 queues with high, medium, normal and low priority, In addition, it is necessary to determine which are the packets that are going to be in each of these queues However, if these are not configured, they will be assigned by default to normal priority. On the other hand, as long as there are packets in the high queue, no packet with medium priority will be served until the high queue is empty, like this for the other types of queue.WFQ (Weighted fair queuing): This method divides the traffic in flows, it provides a fair amount of bandwidth to the active flows in the network,low-volume flows will be sent faster. That is, WFQ prioritizes those applications with lower volume, these are associated as more sensitive to delay (delay) such as VoIP. On the other hand, it penalizes those that it does not associate as real-time applications such as FTP. CQ (Custom Queuing): This mechanism assigns a percentage of available bandwidth for each type of traffic (voice, video and / or data), it also specifies the number of packets per queue. Queues are attended according to Round Robin (RR). The RR method assigns the bandwidth to each of the different types of traffic on the network. With this method it is not possible to prioritize traffic since all the queues are treated in the same way. The implementation of IPv6, which provides more addressing space and the possibility of tunneling.

Advantage.The main advantage of this type of service is that it avoids the high telephony charges (mainly long distance) that are usual in the companies of the Public Switched Telephone Network (PSTN). Some cost savings are due to using the same network to carry voice and data, especially when users have unused all the capacity of an existing network which they can use for VoIP at no additional cost. VoIP to VoIP calls between any provider are generally free in contrast to VoIP to PSTN calls which generally cost the VoIP user. The development of codecs for VoIP (aLaw, G.729, G.723, etc.) has allowed voice to be encoded into smaller and smaller data packets. This results in voice over IP communications requiring very low bandwidths.Along with the permanent advance of ADSL connections in the residential market, this type of communication is being very popular for international calls. There are two types of PSTN to VoIP service: "Direct Inward Dialing" (DID) and "Access Numbers". DID connects the caller directly to the VoIP user, while Access Numbers require the caller to enter the extension number of the VoIP user. Access Numbers are usually charged as a local call for the caller from the PSTN and free for the VoIP user. These prices can be up to 100 times cheaper than the prices of a local operator.this type of communication is being very popular for international calls. There are two types of PSTN to VoIP service: "Direct Inward Dialing" (DID) and "Access Numbers". DID connects the caller directly to the VoIP user, while Access Numbers require the caller to enter the extension number of the VoIP user. Access Numbers are usually charged as a local call for the caller from the PSTN and free for the VoIP user. These prices can be up to 100 times cheaper than the prices of a local operator.this type of communication is being very popular for international calls. There are two types of PSTN to VoIP service: "Direct Inward Dialing" (DID) and "Access Numbers". DID connects the caller directly to the VoIP user, while Access Numbers require the caller to enter the extension number of the VoIP user. Access Numbers are usually charged as a local call for the caller from the PSTN and free for the VoIP user. These prices can be up to 100 times cheaper than the prices of a local operator.while Access Numbers require the latter to enter the extension number of the VoIP user. Access Numbers are usually charged as a local call for the caller from the PSTN and free for the VoIP user. These prices can be up to 100 times cheaper than the prices of a local operator.while Access Numbers require the latter to enter the extension number of the VoIP user. Access Numbers are usually charged as a local call for the caller from the PSTN and free for the VoIP user. These prices can be up to 100 times cheaper than the prices of a local operator.

Disadvantages.

1. Call quality. It is a little lower than the telephone, since the data travels in packets, that is why there may be some loss of information and delay in transmission. The problem in itself of VoIP is not the protocol but the IP network, since it was not designed to give any kind of guarantees. Another downside is latency, as when the user is talking and another user is listening, having 200ms (milliseconds) of transmission pause is not appropriate. When using VoIP, you must control the use of the network to ensure quality transmission. Data Theft. A cracker can access the VoIP server and stored voice data and the telephone service itself to listen to conversations or make free calls by users. Virus in the system.In the event that a virus infects a computer on a VoIP server, the telephone service may be interrupted. Other equipment that is connected to the system may also be affected. ID spoofing and specialized hoaxes. If one is not well protected, they can suffer fraud through identity theft.

Asterisk.Asterisk is an Open Source software that provides telephone exchange (PBX) functionalities. It was originally created for Linux systems, currently there are versions for OpenBSD, FreeBSD, Mac OS X, Solaris and Windows systems. Likewise, Linux continues to be the one with the most support. It allows the connection of analog telephones (for which it is necessary to use FXO or FXS telephone electronic cards), digital telephones, IP terminals and softphones since it supports many VoIP protocols such as SIP, IAX, H.323 and MGCP. voicemail, creation of extensions, mailserver, sending voice messages to e-mail, conference calls, IVR, automatic call distribution, among others. At the same time,each user can create their own functionalities through the creation of a dialplan or by adding modules in programming languages ​​supported by Linux.

Dialplan. It is the heart of the Asterisk system, it defines how calls will be handled. It consists of a set of instructions or steps that Asterisk must follow and is completely customizable. The dialplan is configured in the file extension.conf. The following concepts are handled within it: contexts, extensions, priority and applications.

Contexts. Dialplans are separated into sections called contexts. The context is one of the parameters that is specified when defining a channel, so it is the starting point for the dialplan to connect to it. One of the most important uses of context is security. It allows establishing a communication (for example long distance) without being available to other users. Extensions that are defined within a context cannot interact (unless allowed) with an extension from another context. It is determined with its name between and has a maximum length of 79 characters. All the instructions below your name are part of it (until the beginning of a new one).

Extensions. In the world of communications, an extension refers to the number that identifies the ring of a certain telephone. In Asterisk it is much more than that. The extension is what tells Asterisk what steps to follow when that extension is required. The syntax of an extension is the word exten followed by the equal sign and the greater sign, as shown below: exten => This expression is followed by the extension number (which can be a combination of numbers and letters), the priority (each extension is composed of several steps, which are executed in the order established by the priority), and by the application (or command) that is the one that performs the action. Therefore an extension has the following syntax: exten => number, priority, application ()

Priority. The priority is a number that indicates the order in which the extension steps are performed. Generally, priority is 1 (in the first step to be executed) and then an n that means "next", the previous priority +1. This is so that you can add intermediate steps to an existing numbering plan without having to manually renumber priorities, which can become cumbersome. Here's an example: exten => 123,1, Answer () exten => 123, n, do something exten => 123, n, do something else exten => 123, n, Hangup () Labels can be placed priority so that you can refer to it not only by its number. To do this, place the label in curved parentheses after the priority number. exten => 123, n (label), app ()

Applications. Applications are those that specify a specific action on the channel, for example, play a certain sound, accept an entry tone, end a call, etc. There are some applications that do not require additional information (arguments) such as Answer () and Handup (). There are others to which arguments are due or can be passed. These should be placed in parentheses after the application name. If there are several arguments, they are separated with commas ",".

Softphones. A softphone is a software that provides functionalities of a conventional telephone. It generally operates in a Voice over IP environment. It is based on a signaling protocol, which can be standardized (SIP, H.323, IAX) or proprietary. There are several softphones available, some of these are: sjphone, X-Lite, Ekiga, kphone and kiax.

FreepVox. FreePBX offers a GUI Html interface (graphical user interface) for managing an Asterisk-based IP PBX, very easy to use but with great capacity. It is also based on the Open Source GPL. It allows you to easily configure an Asterisk system, meeting the requirements of both small and large companies. You can maintain the user and extension databases, as well as all the value-added functions. To name the most important:

1. Dialplan for incoming and outgoing calls IVR (Interactive Digital Receptionist) - Automatic attendant Time conditions - Management of incoming calls according to time and date Call groups (Ring Groups): Round-Robin, all at the same time, etc.Follow- me.ACD - Queue and agent system. Call monitoring. 8. Voice mail system. Music on hold. Conference room. Call recording (only recommended for small volumes).

Operating system

According to IT World (Information Technology) several situations will increase the number of Ubuntu server edition installations including:

The availability of Ubuntu Server to be able to download the CDs. Extensive documentation available, most maintained by the community. The cost is much lower if you compare it with solutions from RedHat or Novell (other Linux developers). People's concern about the uncertain future of Solaris, the former operating system of Sun Microsystems, now owned by Oracle. The 6-month update cycle and the support of the LTS (Extended Technical Support) versions of up to 5 years for the server edition, are alternatives not offered by other providers, and with the arrival of Landscape Canonical (group in charge of the development of Ubuntu) makes available to any company or organization the ability to centrally manage, update (patches or updates) both Ubuntu Servers and Desktops,as well as cloud computing services using Amazon's EC2 (web service that provides computing capacity with modifiable size in the cloud). The options that the distribution provides to simplify the installation and configuration of services such as Apache or Postfix in which they save valuable administrator time. The technical support that is available to solve any problem that arises, a huge active community that provides documents, forums, bug reports that, without lying, hardly any other community can match. There is also a commercial support option from Canonical with which you can face any event that occurs.The options that the distribution provides to simplify the installation and configuration of services such as Apache or Postfix in which they save valuable administrator time. The technical support that is available to solve any problem that arises, a huge active community that provides documents, forums, bug reports that, without lying, hardly any other community can match. There is also a commercial support option from Canonical with which you can face any event that occurs.The options that the distribution provides to simplify the installation and configuration of services such as Apache or Postfix in which they save valuable administrator time. The technical support that is available to solve any problem that arises, a huge active community that provides documents, forums, bug reports that, without lying, hardly any other community can match. There is also a commercial support option from Canonical with which you can face any event that occurs.bug reports that, without lying, hardly any other community can match. There is also a commercial support option from Canonical with which you can face any event that occurs.bug reports that, without lying, hardly any other community can match. There is also a commercial support option from Canonical with which you can face any event that occurs.

It should be noted that the fact of having the support of Canonical, Ubuntu generates a certain guarantee at the time of your choice between Linux servers.

CHAPTER III

PROPOSAL

This report intends to design a form of connection between the Linda Vista University campuses, saving on communications, making available to professors and administrators as well as students who require valuable information anywhere they are, using the Networks Virtual Private, as well as providing a communication line with the internet as a means of transmission, Design

A PPTP VPN server will be mounted on Ubuntu Server. In this way we will not have to resort to using third party services when we need to navigate safely from public sites. a server is also configured for VoIP with the GPL Asterisk licensed software.

Basic requirements:

1. PC with Ubuntu Server 12.04.3 LTS Internet connection Have a static IP address, Have the PPTP port (1723 TCP and 1723 UDP) open

Operating system

Since one of the objectives is to save economic resources, the operating system that will be used will be a Linux distribution: ubuntu server. as it provides the necessary characteristics for the proper functioning of the server. The terminal will be used, it comes by default in the ubuntu server distribution, since it does not have a native graphical interface. If desired, a graphical interface can be included, however, for the purpose of optimizing resources, no interface will be used.

Code

To configure a VPN server with the PPTP protocol, you have to configure the pc with a static ip. To do this, edit the following script: sudo nano / etc / network / interfaces, comment on the line "iface eth0 inet dhcp" and write below

iface eth0 inet static

address (machine address) netmask (Subnet mask) gateway (default gateway) dns − nameservers (the ISP's preferred dns) is saved and the network interface is restarted with

/ etc / init. d / networking restart

Installing Packages

In the terminal we type the following command:

sudo apt − get install pptpd apt-get detects that in order to install the pptpd package it also needs the bcrelay package. Before taking any action, ask for our approval. Since we agree, we press the "S" key and then ENTER to start the download and subsequent installation of the packages.

Setting

Once the process is finished, the PPTP server will start automatically, but it is not configured yet, for which we will execute: sudo nano / etc / pptpd. conf

After executing it, the nano editor will appear in the same terminal. Using the cursors we go down to the very end and insert, as if it were the notepad, the lines

localip 10.10.10.1

remoteip 10.10.10.100 −200, 10.10.10.245

Explanation:. First line: We specify what will be the IP address of our server within the VPN. To avoid conflict with “home” IP addresses, we have selected a different address range. Second line: Specify the range of addresses that we will use to assign to clients. In the part before the “,” (comma) we have specified a range and behind a simple address. With this we wanted to show you the two possible ways to specify customer addresses, that is, they can simply specify a range. To save the changes we press "Control + O" and to exit "Control + X".

Adding Users

Now we are going to add users to our VPN. To do this, we will modify the chap-secrets file: sudo nano / etc / ppp / chap-secrets as we see in image 1.

Now we save and exit, you already know "Control + O" and "Control + X"

Configuring Iptables

Up to this point we already have everything related to our VPN configured, it only remains to configure the Ubuntu firewall to allow access to incoming connections and redirect traffic. For the configuration to be kept with

every reboot we will modify the rc.local script: sudo nano rc.local

We go to the end of the file and insert BEFORE the last line the following:

iptables −t nat −A POSTROUTING −s 10.10.10.0/24 −o eth0 −j MASQUERADE as we see in image 2.

Explanation:. 10.10.10.0/24: Range of addresses that we chose when we were configuring PPTPD. eth0: Name of the network interface. In our case it is cable, if it were WiFi it would receive the name of wlan0. Once the changes are made, we close and save as before.

Now we are going to proceed to activate the IP forwarding, for this we are going to modify

the file / etc / sysctl.conf: sudo nano /etc/sysctl.conf We look for the line:

# net. ipv4. ip_forward = 1

# net. ipv4. ip_forward = 1 net. ipv4. ip_forward = 1

We save the changes and close the file. we can see the example in figure 3.

Although at first we could apply the changes without having to restart the computer, we think it is interesting to verify that after restarting everything continues to work perfectly. So we are going to restart the computer from the terminal itself:

Sudo reboot

VPN Server Tester

To test the server, a new VPN connection will be started for this we can go to start and type VPN configure a virtual private network connection (VPN) it will ask for the server data see image 4

The next step is to enter the user data. as we see in the image ? many machines have the problem when trying to access the internet, which can be fixed in the following way:

edit the ip-up script, for this it is edited with the following command:

Sudo nano / etc / ppp / ip − up and at the end the following line is written:

/ sbin / ifconfig $ 1 mtu 1400

save with "Control + O" and to exit "Control + X".

then the pptpd-options script is edited with the following code:

sudo nano / etc / ppp / pptpd − options and on the line

# ms − dns 1 0. 0. 0. 1 # ms − dns 1 0. 0. 0. one

the comments are removed and the ISP dns are added, save with "Control + O" and to exit "Control + X". and reboot the machine with:

Sudo reboot

VoIP server

As mentioned in the theoretical framework, the VoIP service will be performed with the asterisk system that will be installed on the same VPN server. The configurations required to install that server are listed below:

Asterisk installation . In order to install the ASTERISK service we must do it by typing the following command in the console:

sudo apt − get install asterisk

We wait for the installation to complete and proceed to configure the server. NOTE: A compressed version of ASTERISK is also available on its website, which is compiled and installed, we do not use it because sometimes the server does not work correctly due to the lack of dependencies, that is, the difference between installing by console and by tablet is that the console installs all the necessary dependencies, which the compressed version does not do.

Editing the following files. File /etc/asterisk/manager.conf We write in console: sudo nano / etc / asterisk / manager. conf

We must erase everything written, and replace it with the following:

enabled = yes webenabled = yes

port = 5038

secret = asterisk

deny = 0. 0. 0. 0/0. 0. 0. 0

permit = 0. 0. 0. 0/0. 0. 0. 0 read = system, call, log, verbose, agent, user, config, dtmf, reporting, cdr, dialplan write = system, call, agent, user, config, command, reporting, originate Explanation:

1. Enable the asterisk "manager" Enable web access to the "manager" to manage our PBX Define the access port for the "manager" Create the user "admin" with the password "asterisk" Allow access to the manager from any IP Set the permissions of the user. ^to dmin »for reading (read) and writing (write)

save with "Control + O" and to exit "Control + X".

the following file is http.conf and the following command is typed:

sudo nano / etc / asterisk / http. conf

The following is added to the end of the file:

enabled = yes bindaddr = 0.0.0.0 bindport = 8088

enablestatic = yes

redirect = / / static / config / index. html would be as we see in image 7 save with "Control + O" and to

exit "Control + X".

Installation and configuration of FreepVx. Now we are going to install ASTERISKGUI as a web administrator. NOTE: The most recent version at the time of doing this tutorial is: asterisk-gui-2.1.0- rc1.tar.gz. Then we copy the file path and execute the following in the console:

sudo wget http: / / downloads. asterisk. org / pub / telephony / asteriskgui / releases / a st er is k - gu sudo cp asterisk −gui −2.1.0− rc1. tar. gz / usr / src / sudo tar xvfz asterisk −gui −2.1.0− rc1. tar. gz sudo ln −s / usr / src / asterisk −gui −2.1.0− rc1 asterisk −gui sudo cd asterisk −gui sudo./ configure sudo make sudo make install sudo make checkconfig

at the end the asterisk service is restarted

Sudo service asterisk restart

NOTE: Every time we make a modification we must restart the ASTERISK. If we install the ASTERISK by tablet, the service will not appear.

Now we open the browser and write the following in the address bar:

http: / /: 8088

If we do not know the IP of our server we carry out the following command in the console: ifconfig.

We write the user and password configured in the file /etc/asterisk/manager.conf

FreepVx configuration in HTML GUI interface. Plans, users and voicemail are configured. The first and second steps must be performed in that order, since users cannot be created without having plans. we can see a screenshot of the main page of this interface in image 8

1. Create a plan To create a plan we must click on the option Dial Plans in the left menu and click on NewDialPlan, a window will open that is shown in image 9

The name of the plan is written and SAVE is written. Note that we enable all options (including VOICEMAIL). NOTE: More plans can be added according to criteria.

1. Create users Now we will proceed to create users, for this, click on Users in the left menu. Then on Create New User and image 10 Configuration explanation is displayed: Extension: It is the SIP number for the user, This value cannot be modified, initializes in (6000) and is auto numeric, that is, it increases by 1 when adding a new user (6001, 6002, 6003,….). CallerIdName: It is the user name for the line, it can be text or number (User name). DialPlan: We select the plan that we have previously configured. CallerIdNumber: A user reference number to identify it on the network. Enable VoiceMail for this User: Enables the voicemail option for the user. VoiceMail Access PIN Code (optional): This is a numeric code for the user to access their voicemail.SIP / IAX Password: It is the password for the user (not the administrator). It is similar to setting up an email account, then we press Save.Configure voicemail To configure voicemail we access VoiceMail from the left menu.

In this we must write in Extension for Checking messages the voice mailbox number, enabling all checks, we must also configure: Max greeting: the maximum waiting time, in seconds. Maximum messages per folder: The maximum number of messages per folder. Max message time: The maximum duration of the message. Min message time: The minimum duration of the message. Once configured, we press Save. we can see an example of the interface in image 11

IMPORTANT: Once all the configurations have been made, we must apply the changes, that is, the fact of saving each configuration does not mean that the server has carried out the operations, for this we go up to the highest part of the browser we click on Apply Changes

Diagrams

The proposal includes connecting via VPN to the Linda Vista University campuses. As shown in image 5 we can connect from anywhere in the world having an Internet connection, as well as include a VoIP server in the server which we can see in the following image: 6

Costs

The licenses are described below:

Hardware

Computer. The proposed computer has the following characteristics: DELL Optiplex 780 Desktop

1. Intel R Core ^TM 2 Duo Processor E7500 (3M Cache, 2.93 GHz, 1066 MHz FSB) Memory 6GB of RAM Non-ECC dual-channel 1066MHz DDR3 SDRAM; occupied 2 of 4 DIMMs supports up to 16GB max. 500GB Hard Drive Monitor: Dell E190 19 ″ LCD flat panel Intel R Q45 Express chipset chipset with ICH10DO Video card Integrated Intel R Graphics Media Accelerator 45003 Integrated 10/100/1000 Ethernet LAN connectivity Intel 82567LM Desktop Power: 255W Standard PSU; ENERGY STAR R compliant, Active PFC

software

The software used is free of charge and is listed below.

1. ubuntu server 12.04.2: It is an operating system based on Linux and it is distributed as free and free software PPTPD: It is a server software that allows the administration of a server VPNwebmin: It is a system configuration tool accessible via web for OpenSolaris, GNU / Linux and other Unix systems

1. Asterisk: is a free software program (under the GPL license) that provides functionalities of a telephone exchange (PBX) FreepVx: FreePBX offers a GUI Html interface (graphical user interface) for administration of an Asterisk-based IP exchange, very easy to use. use but with large capacity. It is also based on the Open Source GPL.

CHAPTER IV

CONCLUSION

In this work, a proposal for a virtual private network for the Linda Vista University was presented, trying to obtain the maximum benefits for it by reducing the cost of the University's infrastructure. It is also intended that the use of conventional telephony can be reduced and migrated to VoIP telephony, directly impacting the budget savings in telephone calls in the schools.

CHAPTER V

IMAGES (See PDF)

Figure 1. Adding users for VPN server

Figure 2. Modifying the rc.local script:

Figure 3. Modifying the /etc/sysctl.conf script:

Figure 4. VPN server connection - server data

Figure 5. Connection diagram

Figure 6. VoIP connection diagram

Figure 7. VoIP configuration example, the http.conf file

Figure 8. Screenshot of FreepVx in HTML GUI interface

Figure 9. Screenshot of FreepVx in the HTML GUI interface setting up a plan

Figure 10. Screenshot of FreepVx in the GUI HTML interface configuring a user

Figure 11. Screenshot of FreepVx in the GUI HTML interface configuring voicemail

REFERENCE LIST

• Brown, S. (2001). Implementation of virtual private networks. McGraw-Hill Interamericana Editores, SA de CV Caldas, EAB (2007). Basic components for a secure network under vpn. Inventum Magazine, 1 (3), 36.CISCO. (2006). Support multicast vpn extranet configuration. Consulted on December 04, 2006, at http://www.cisco.com/en/US/docs/ios/12_2sb/feature/ guide / extvpnsb.htmlCISCO. (2013a). Cisco vpn client. Consulted on 25-09-2013, at http://www.lugro.org.ar / sites / default / files / introvpn.pdfCISCO. (2013b). Vpn. Consulted on JULY 25, 2013, at http://www.cisco.com/ web / ES / solutions / es / vpn / index.html Krause, J. (2013). Microsoft directoccess = automatic vpn! Accessed 02-19-2013, at http://technet.microsoft.com/en-us/security/jj991832.aspxPena, TF (2013). Advantages of a VPN. Consulted on 02-28-2008, at http://www.ac.usc.es / docencia / ASRII / Tema_4html / node19.html Ramírez, AM (2013). Study of technologies in secure connectivity and simulation of ipsec technology for communication networks. Accessed 09-252005, at http://www.publicaciones.urbe.edu/index.php/telematique/article/ viewArticle / 777/1871 Schmidt, J. (2001). Security in microsoft windows 2000 (1.^a ed.). Pearson Prentice Hall Shinder, D. (2004). Compare vpn options. Retrieved June 10, 2004, from http://www.windowsecurity.com/articles-tutorials/firewalls_and _VPN / VPN-Options.htmlShinder, D. (2013). Comparing vpn options. Accessed 06-10-2004, at http://www.windowsecurity.com/articles-tutorials/firewalls_and_VPN/ VPN-Options.html Victor Hugo Taborda, CAD (2004). Compare vpn options. Retrieved July 25, 2013, from

Download the original file