1 [[dns-tool:demo-transfert-ctx]] F927-wiki Trace: start contactlist usefultips topics ipsecvstls nxdomain trafficanalysis demomobike-x demo-transfert-ctx Table of Contents Démonstrateur de Cloud VPN IPsec Description du Contexte Travail à Effectuer Setting the Platform o Installing KVM on Ubuntu (Use this Virtualization method) o What is the IKEv2/IPsec Context Transfer? o Tests o IPsec Environment o Installing StrongSwan with HIGH AVAILABILITY module o Configuring ssh o Configuring IPsec IKEv2/IPsec Context Transfer Tests Démonstrateur de Cloud VPN IPsec L'objectif de ce projet est de réaliser un démonstrateur à l'aide de machines virtuelles où un utilisateur change de manière transparente d'une passerelle à une autre. Description du Contexte Les Réseau d'access Radio ne pourront faire face à la monté grandissante du trafic. Afin d'éviter la surcharge de ces réseaux, les ISPs transfèrent le trafic du Réseau Radio vers des réseaux de type WLAN. Ce mécanisme est connu sous le nom d'offload. Les architectures 3GPP comme iwlan prennent en compte l'offload, et le terminal établit un tunnel IPsec avec une Passerelle de Sécurité située chez l'opérateur. La mobilité est alors gérée par le protocole MOBIKE. Cela signifie que les opérateurs devront gérer des clusters de passerelles VPN, et par exemple, pour de l'équilibrage de charge ou économiser des ressources, l'opérateur souhaite pouvoir déplacer une connexion d'une passerelle vers une autre. À première vue, on pourrait croire à une opération de mobilité, cela y ressemble, à la différence que dans le cas d'une mobilité, le MÊME terminal change d'adresse. Dans notre cas, il s'agit de passerelles IPsec DIFFÉRENTES, ce qui implique un changement d'adresse, mais également un changement de contexte IPsec entre les deux passerelles. Ce changement de contexte s'appuiera sur nos développements basés sur StrongSwan qui permettent d'extraire
2 et d'ajouter un contexte IPsec. Il ne sera aucunement demandé de rentrer dans le code de StrongSwan ni même de coder quoi que ce soit. Travail à Effectuer On se propose dans ce mini projet de réaliser une démonstration avec une application démontrant le changement de passerelle par exemple pour un client connecté à un serveur Streaming Vidéo. La démonstration sera faite à base de machines virtuelles VMware, se qui permettra de l'exposer à des conférences comme l'ietf, ou des séminaires, projets. Les étapes seront comme suit: Configuration d'un Client, Serveur et deux passerelles de Sécurité avec VMware. Mise en place des opérations de transfert de contexte. En fonction du temps on envisagera également le cas d'un changement de serveur plutôt que d'une passerelle. Ce scénario prend son sens dans le cas de l'offload, un utilisateur peut être connecté à un serveur en passant par un serveur qui se trouve dans le cœur de réseau de l'opérateur. Une fois en situation d'offload, le client peut avoir intérêt à se connecter à un autre serveur de contenu. De plus, un opérateur peut également avoir des serveurs dédiés pour un accès via le Réseau Radio et un autre via le réseau WLAN. Dans les deux cas, les serveur devront gérer le transfert de contexte IPsec. La différence avec le cas précédent est le mode utilisé pour IPsec. Dans le cas de la passerelle on utilise le mode tunnel alors que dans le cas de serveur la connexion utilise le mode transport. Orange assurera le suivi du projet par des réunions téléphoniques régulières. Orange apportera sous soutient aussi bien sur les aspects configuration que sur le choix de l'application. Setting the Platform The Platform is composed of a Client and 2 Servers. We will be using Virtual Machines to vitualize both servers. We provide laptops where 1 or 2 virtual machines (VM) are running. There are various ways to build VMs: VMPlayer: is a VMWare product. It is free, and makes possible to build and run a VM. Building a VM is performed from a Linux distribution iso file. The output files are the VM and VMPlayer can run the VM by opening those files. VMPlayer is quite easy to use. However, you need to run one VMPlayer per VM and running more than one VMPlayer on the provided laptop reduces greatly its performances. Furthermore, VMPlayer comes with almost no Network configurations we will need to set up the demo. We will not use this alternative. Workstation: is a VMWare Workstation. It has the VMPlayer features but makes possible to run and manage multiple VMs on a single hardware. This solution is quite straight forward. However it requires some licenses and Workstation is only available for a 30 day free evaluation period. Because of license, we will not use this alternative.
3 VirtualBox: is a SUN project. It is similar to VMPlayer, so we will not use this alternative. KVM: stands for Kernel-based Virtual Machine. It is similar to Workstation but without licenses. We will consider this alternative. Once the VM have been built and can be started, we need to configure the platform so that from the Client, we want to be able to launch command on the various Servers, or to easily download/upload files from one VM to the other. For that purpose, we use SSH (Secure Shell) and SCP (Secure Copy) without password (procedure explaining how to achieve this is explained later). Then we need to set IPsec, which means installing IKEv2/IPsec software (StrongSwan) with the context transfer option. We provide two versions of StrongSwan to be installed in the servers and the client (one version for both VPN Servers and the other version just for the VPN Client). In order to avoid IPsec misconfiguration. We will make a script that, started from the VPN Server, will configure IPsec on all VMs concerned. The platform is then ready for testing. Tests will be performed and this will clearly state what works and what does not work on the platform. This will provide the input to set the demo and further measurements. The following results are expected: 1. A script that automatically configure the platform with IPsec. 2. A script that tests IPsec context transfer in local machine with Ping. 3. A script that tests IPsec context transfer in local machine with Video Streaming. 4. A script that tests IPsec context transfer for one server to another with Ping. 5. A script that tests IPsec context transfer for one server to another with Video Streaming. 6. Scripts to measure the performance (CPU Consumption, time to transfer the context, etc) of all the activities for the context transfer. Installing KVM on Ubuntu (Use this Virtualization method) We would like to install Kernel-based Virutal Machine (KVM) on linux. For this purpose we need first to know if our PC is compatible with this technology. ## 1. Checking compatibility in CPU level. > egrep -c '(vmx svm)' /proc/cpuinfo ## If 0, it means that your CPU doesn't support hardware virtualization. ## If 1 or more it does support, but you still need to make sure that virtualization is enabled in the BIOS. ## We will be working with DELL PRECISION M65 and with DELL LATITUDE E5400 Laptops. ## Once in the BIOS configuration (during start), have a look into POST Behavior->Virtualization, and check enable. ## 2. Checking kvm support.
4 > kvm-ok ## which may provide an output like this: INFO: Your CPU supports KVM extensions ## If you see : INFO: Your CPU does not support KVM extensions ## You can still run virtual machines, but it'll be much slower without the KVM extensions. ## 3. Installing KVMware. ## In order to install KVM and all the packages needed, we can easily install "virt-manager". > sudo apt-get install virt-manager > sudo apt-get install qemu-kvm ## Once installation is finished, the libvirtd-bin package (installed during virt-manager installation) will automatically ## add your username to the libvirtd group. There is no need to be part of the kvm group. ## After the installation, you NEED to log-out of Ubuntu so that your user becomes an effective member of the libvirtd group. ## The members of this group can run virtual machines. ## To check if we became a member of libvirtd, we should see the following response: > groups username adm dialout cdrom plugdev lpadmin admin sambashare libvirtd ## libvirtd confirms that we are already member of the group so we can run VMs. ## 4. Testing > sudo virt-manager ## It should launch the Virtual Machine Manager Interface in order to create a Virtual Machine. Then we are ready to create a VM. What is the IKEv2/IPsec Context Transfer? In order to understand what is the IKEv2/IPsec context transfer, we need to define some concepts. IKEv2 and IPsec are two protocols that work together in order to secure a communication. IKEv2/IPsec are widely used to implement VPN tunnels. They are often configured as a client-to-gateway connection. For example, when we need to access some services (i.e an server, a video streaming, etc), it is possible to do so by establishing a connection through a VPN server (also called VPN gateway). The following figure give us an idea:
5 Sometimes these VPN gateways need to deal with a lot of VPN client connections at the same time. When this occurs, the gateway turns more vulnerable to fail and overloaded. Our aim with this project is to solve this troubles by transferring the IKEv2/IPsec context from one gateway to another (implementing a cluster of 2 VPN gateways). In the following figure, the VPN Server 1 sends the IKEv2/IPsec context to VPN Server 2, and as soon as the VPN
6 Server 1 fails the connection continue working through VPN Server 2. Having a look at the image may help understand: To achieve this, we need first to set the platform and configure StrongSwan.
7 Tests Our tests are based in the transfer of the IKEv2/IPsec context through Secure Shell (ssh) and the command secure copy (scp). We will explain later how to configure ssh in order to not ask the password every time we wish to connect from one gateway to another. 1. First: the initial test will be performed with only one gateway (VPN Server 1), a VLC video streaming server and a VPN Client. We will establish a connection from the VPN client to a VLC video streaming server (watching a video in streaming), passing through a VPN Gateway by establishing a VPN Tunnel with the VPN Server 1. The main idea is to send the IKEv2/IPsec context from VPN Server 1 to other server, but for initial tests we will just re-install the security context in the same VPN Server 1. That's why we will call it LOCAL Test. 2. Second: we will perform the real IKEv2/IPsec context transfer. First, a Video is watched in streaming. We will establish this connection thorugh a VPN Tunnel with VPN Server 1. Then we will transfer the IKEv2/IPsec context to VPN Server 2 and then we will continue the video streaming but this time through the VPN Server 2. We want to show that the video streaming is interrupted but not for a long time. The test are explained in detail in IKEv2/IPsec Context Transfer Test section. IPsec Environment Setting IPsec requires: Installing IKEv2 with context transfer option. IKEv2 is the protocol that enables the Client and the Server to agree on the cryptographic material and to establish the secure communication between the VPN client and the VPN server. For example, if we want to secure a communication on port 80 with IPsec, the VPN Client and the VPN Server have to authenticate each other, to agree which key will be used, and for which traffic the cryptographic operations need to be performed. All those information are stored on the Security Association Database. How the negotiation is handled is defined in the Security Policy Database. The IPsec context transfer has been implemented so that when the VPN server transfers the IPsec/IKEv2 context to another server, the client should be unaware of this change. This modification has been implemented as part of a PhD thesis research, and is still under test. IKEv2 establishes Security Associations according to security policies. For that purpose we will program a script that sets up the different Security Policies on both the VPN Server and the VPN Client and the proper configuration file for StrongSwan. Note: when we refer to VPN Server/Client, it is synonym of IKEv2/IPsec Server/Client. This is because IKEv2/IPsec are mostly implemented as Virtual Private Networks (VPN). Installing StrongSwan with HIGH AVAILABILITY module We provide 3 version for StrongSwan.
8 strongswan daniel.local : this source code concerns only one gateway servers which delete and re-install the IKEv2/IPsec context in the same gateway. It will be used for doing ONLY THE INITIAL tests (LOCAL test, explained in detailed below). It has been uniquely tested on Ubuntu in the last few months. Its name has numbers 232 and 73 because of the IP addresses used while testing this code ( for the gateway and for the client). strongswan-4.3.3: it is a stable source code of Strongswan. It should work with any other IKEv1 and IKEv2 implementation (this is the one used for the client). We can actually use any other version of Strongswan that support IKEv2, but we decided to use this one. strongswan daniel.remote: this source code will be installed on two VPN Servers that transfer a whole IKEv2/IPsec context from one server to the other. It will be installed to run the FINAL tests of IKEv2/IPsec context transfer. Configuring ssh We want that all Virtual Machines (VMs) could login between them without asking a password (this will help future scripts to perform their tasks). Note that this only works for the root user. The following procedure should be done on each virtual machine. This procedure shows how to use unencrypted public keys for logging into a remote SSH server without a password. The basic steps are: 1. Create an RSA key-pair with an empty password (no encryption). 2. Copy the public key to the remote server. 3. Add the public key to the authorized_keys file on the remote server. ## In the local host: cd ~/.ssh ssh-keygen -t rsa # Press enter when it asks you for a passphrase. This will set no passphrase. Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: cd:28:a1:a7:0c:87:86:ae:86:35:27:7c:b8:bd:2a:57 The key's randomart image is: +--[ RSA 2048] o o S o..*+eo..o Oo +.o. oo...
9 # This generates the following files under ~/.ssh/ # 'id_rsa' -- Keep this secret! # 'id_rsa.pub' -- Copy this to Remote # Copy id_rsa.pub to remote host: scp ~/.ssh/id_rsa.pub # //Note: You will still need your password at this point.// ## In the Remote Server: #Append /tmp/id_rsa.pub key to ~/.ssh/authorized_keys: cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys # If you get an error saying "~/.ssh/authorized_keys: No such file or directory" it means that there is no.ssh directory for this user # (this user has never used ssh before). To solve this, simply create an empty.ssh directory with 700 permissions and repeat # the **cat** command. The following will create a.ssh directory: mkdir ~/.ssh chmod 700 ~/.ssh NOTE: We have to add the public key of each Virutal Machine in all the others Virtual Machines. For example, when keys for VPN Server 1 are generated, we have to append the public of VPN Server 1 on VPN Server 2, End Point VPN Client and the Video Streaming Server. Then, we have to create keys on VPN Server 2, End Point Client and the Video Streaming Server also. Configuring IPsec The objective of this section is: Providing scripts that help generate and install the proper configuration files on the various VMs. In fact, IPsec is so sensible to misconfiguration that we need a script that automatically take in charge the IPsec configuration of the platform. At the end of this section we expect a script that configures IPsec on the VMs: VPN Server 1, VPN Server 2 and VPN Client. There is a script that do that already but has some other features. From collect_sysstat_scripts.git/get-sysstat-test.sh, you could take some IPsec related code to set the platform. The shell script will be commented as long as you write it. The script collect_sysstat_scripts.git/get-sysstat-test.sh has been used to test the IPsec performance with an HTTP(S) / FTP server. It generates and install ipsec.conf files on the VMs. To test the script, we suggest you install lighttpd on the server (apt-get install lighttpd) and simply run the script. Then we suggest you add a function that makes the script generate the strongswan.conf file also. The strongswan.conf file determine ntioned in collect_sysstat_scripts.git/etc. The reason
10 is that it specify the log file to be in /var/charon.log which ease debugging. For simplicity, the script will generate the strongswan.conf file and then copy it to /usr/local/etc/strongswan.conf on both Client and Serber. Note that installing StrongSwan from the source code places configuration files in /usr/local/etc directory whereas apt-get install strongswan places the configuration files in /etc. Then we suggest you add the ICMPv4 application. In the collect_captures_scripts-pltfedora.git/ipsec.conf you can find various configuration files. We also suggest you to add a MOBIKE option so that configuration file can have the MOBIKE/MOBIKE-X option set. Here are the files we have used for our tests with MOBIKE-X and ICMPv4. Those configuratio nfiles have been generated on an other platform with fedora and can be found in collect_captures_scripts-plt-fedora.git/ipsec.conf. The use of MOBIKE-X is specified by mobikex=2. At this stage we should be able to set a script that configure IPsec on the client and servers: The script should be based on get-sysstat-test.sh script in the collect_sysstat_scripts.git dirrectory. This script has been used to test the IPsec performance with an HTTP(S) / FTP server. To test the script, we suggest you install lighttpd on the server (apt-get install lighttpd) and simply run the script. Then we suggest you add a function that makes the script generate the strongswan.conf file. An example of this file is mentioned in collect_sysstat_scripts.git/etc. The reason of using this file is because it specifies the StrongSwan's log file to be in /var/charon.log which makes easier to debug. For simplicity, the script will generate the strongswan.conf file and then copy it to /usr/local/etc/strongswan.conf on both VPN Client and VPN Server. Note that installing StrongSwan from the source code places configuration files in '/usr/local/etc' directory whereas 'apt-get install strongswan' places the configuration files under '/etc' directory in linux. Then we suggest you add the ICMPv4 application. In the collect_captures_scripts-pltfedora.git/ipsec.conf you can find various configuration files. We also suggest you to add a MOBIKE option so that configuration file can have the MOBIKE/MOBIKE-X option set. Here are the files we have used for our tests with MOBIKE-X and ICMPv4. Those configuratio nfiles have been generated on an other platform with fedora and can be found in collect_captures_scripts-plt-fedora.git/ipsec.conf. The use of MOBIKE-X is specified by mobikex=2. ## ipsec.conf-client-esp_transport-mobikex-ping # ipsec.conf - strongswan IPsec configuration file config setup crlcheckinterval=180 strictcrlpolicy=no plutostart=no charondebug="dmn 4, mgr 4, ike 4, chd 4, job 4, cfg 4, knl 4, net 4, enc 4, lib 4" conn %default auth=esp authby=psk ike=aes128-aes192-aes256-sha1-modp1536! ikelifetime=60m
11 keylife=10m rekeymargin=3m keyingtries=1 keyexchange=ikev2 mobike=yes mobikex=2 conn p5p1 esp=aes128-aes192-aes256-sha1! right= rightprotoport=icmp left= leftprotoport=icmp #left=%any type=transport auto=route ## ipsec.conf-server-esp_transport-mobikex-ping # ipsec.conf - strongswan IPsec configuration file config setup crlcheckinterval=180 strictcrlpolicy=no plutostart=no charondebug="dmn 4, mgr 4, ike 4, chd 4, job 4, cfg 4, knl 4, net 4, enc 4, lib 4" conn %default auth=esp authby=psk ike=aes128-aes192-aes256-sha1-modp1536! ikelifetime=60m keylife=10m rekeymargin=3m keyingtries=1 keyexchange=ikev2 mobike=yes mobikex=2 conn p5p1 esp=aes128-aes192-aes256-sha1! left= leftprotoport=icmp right= rightprotoport=icmp #right=%any type=transport auto=route IKEv2/IPsec Context Transfer Tests At this stage, the platform is IPsec ready and set up to connect with ssh from one server to the other without asking credentials (passwords). - First Test: Local IKEv2/IPsec test.
12 The idea is to test the IKEv2/IPsec context transfer in one machine. It means that the context will be uninstalled and re-installed in the same machine. So the architecture for this scenario will be as follows: - Second test: Real IKEv2/IPsec Context transfer test:
13 As we have two DELL machines, we will install two Virtual Machines on each PC. The VMs concerning the VPN Servers are going to be installed separately, one on each machine. The Architecture of the scenario will be as follows: Installations and Network configuration: Virtual Machine 1: 1. VPN Server 1: StrongSwan Daniel.context. We need to configure three network interfaces. One to communicate with the Straming Video Server, the second one to establish a dedicated channel with VPN Server 2 and the third one to establish the VPN tunnel with VPN Client. 2. End Point VPN Client: StrongSwan and VLC Video Client. This VM will only need one virtual interface to establish the VPN tunnel. Virtual Machine 2:
14 1. VPN Server 2: StrongSwan Daniel.context. This VM is similar to VPN Server 1. It will need three network interfaces. One to communicate with the Streaming Video Server, the second one to establish a dedicated channel with VPN Server 1 and the third one to establish the VPN tunnel with VPN Client. 2. Streaming Video Server: VLC Streaming Video Server. One network interface to send the video. Scripts: There are some scripts that will be provided in order to configure StrongSwan on the VPN client and VPN servers. By the way, the initial scripts will establish a VPN from the VPN Client to VPN Server 1 in Tunnel mode. These scripts will be executed from the VPN Server 1 and it should automatically configure the tunnel and launch the video streaming between the VPN Client and the VLC Streaming Server. We should start seeing the video on VPN Client. Once the tunnel is established, we need to connect with the VLC Streaming Server. For this purpose we want to watch a video that is being streamed by the VLC Video Streaming Server. Once the video is transmitting, we could use the following commands in a script in order to perform the IKEv2/IPsec context transfer: 1. In VPN Server 1: ipsec get <connection-name> Where <connection-name> is the name of the connection in ipsec.conf. The command 'ipsec get' will generate a file with the information of all IKEv2/IPsec connection (for this test, there is just one connection, VPN Server 1 VPN Client). We need to send the file generated by 'ipsec get' to the VPN Server 2. This is where the context transfer take place. To send this file we could use the command scp: scp PATH/TO/FILE 2. In VPN Server 2: Once the file is transferred to this VM, we should run on this machine the following command: ipsec put <connection-name> Where <connection-name> is the name of the connection in 'ipsec.conf'. This connection will be installed in the StrongSwan database of the VPN Server 2 and then a MOBIKE should take place at this moment in order to notify the VPN Client to change the IP address of the VPN Tunnel. We want to use scripts that test and recover information about how the IKEv2/IPsec context transfer performed. Logged in as: Gustav Mahler (mahler) dns-tool/demo-transfert-ctx.txt Last modified: 2012/08/29 08:56 by dan
15 Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Installing and Scaling out Ubuntu Enterprise Cloud in Virtual Environment Supplement to Guidelines for Building a Private Cloud Infrastructure Zoran Pantić and Muhammad Ali Babar Tech Report TR-2012-154
3CX Phone System Cloud Server Administration Manual Copyright 2013 2014, 3CX Ltd. http://www.3cx.com E mail: email@example.com Information in this document is subject to change without notice. Companies names
INR-410 INR-420 System Administrator s Manual For V3.0.06 Version 2013/11/20 About This Manual Target Audience This manual is intended for System Administrators who are responsible for installing and setting
Appliance Administration Manual v6.21 This document covers all required administration information for Loadbalancer.org appliances Copyright 2014 Loadbalancer.org, Inc. Table of Contents Section A Introduction...7
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method...1 About SSL...1 About SSH...2 About OpenPGP...2 Using FIPS 140-2 Validated Cryptography...2
Tech Note 4 NBAC (NetBackup Access Control) UNIX Quick Install Non HA This section includes the following topics About NBAC (NetBackup Access Control) About NBAC (NetBackup Access Control) Starting Checklist
NVR 3.0 System Administrator s Manual For V3.0.02 Version 2013/03/21 About This Manual Target Audience This manual is intended for System Administrators who are responsible for installing and setting up
Best Practices for Deploying and Managing Linux with Red Hat Network Abstract This technical whitepaper provides a best practices overview for companies deploying and managing their open source environment
NovaBACKUP User Manual NovaStor / May 2014 2014 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without notice.
Cloud Services for Backup Exec Planning and Deployment Guide Chapter 1 Introducing Cloud Services for Backup Exec This chapter includes the following topics: About Cloud Services for Backup Exec Security
IceWarp Unified Communications IceWarp Outlook Sync User Guide Version 10.5 Printed on 20 December, 2012 Contents IceWarp Outlook Sync User Guide 1 Installation... 2 Installation Pre-requisites... 3 Installation
MIGRATION WHITEPAPER MIGRATING FROM MICROSOFT OFFICE TO OPENOFFICE.ORG OR STAROFFICE 9 April, 2009 Copyrights and Trademarks Copyright 2009 Sun Microsystems, Inc. 4150Network Circle, Santa Clara, CA 95054
Acronis Backup & Recovery 11.5 Update 2 Installation Guide Applies to the following editions: Advanced Server Server for Windows Virtual Edition Server for Linux Advanced Server SBS Edition Workstation
MATLAB Distributed Computing Server Cloud Center User s Guide How to Contact MathWorks Latest news: Sales and services: User community: Technical support: www.mathworks.com www.mathworks.com/sales_and_services
Sun StorEdge RAID Manager 6.22 User s Guide Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303-4900 USA 650 960-1300 Fax 650 969-9131 Part No. 806-0478-10 September 1999, Revision A Send comments
Installation and Upgrade Guide Copyright Statement Copyright Acronis International GmbH, 2002-2014. All rights reserved. Acronis and Acronis Secure Zone are registered trademarks of Acronis International
Sun Fire Midframe Server Best Practices for Administration By James Hsieh - Customer Problem Resolution (CPR) Engineering - Americas (formerly HES-CTE) Sun BluePrints OnLine - October 2001 http://www.sun.com/blueprints
Load Balancing Microsoft IIS Deployment Guide rev. 1.4.2 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions Supported...
TeamViewer 7 Manual Remote Control TeamViewer GmbH Kuhnbergstraße 16 D-73037 Göppingen www.teamviewer.com Table of Contents 1 About TeamViewer... 5 1.1 About the software... 5 1.2 About the manual... 5
User's Guide Version 3.4 July 2015 RESTRICTED RIGHTS Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (C)(1)(ii) of the Rights in Technical Data