Practical Exercise: Host-to-Net VPN with OpenVPN

Similar documents
How to install and run an OpenVPN client on your Windows-based PC

Yealink Technical White Paper. Contents. About VPN Types of VPN Access VPN Technology... 3 Example Use of a VPN Tunnel...

OpenVPN - Front Internal Wiki

Written by Saif ur Rab Monday, 07 December :19 - Last Updated Monday, 27 December :19

VPN (OpenVPN) Setting Guide. Johnny

HOWTO: How to configure VPN SSL roadwarrior to gateway

FreeBSD 8, ipfw and OpenVPN 2.1 server (bridged mode)

Virtual Private Network (VPN) Lab

Using the Raspberry Pi to establish a Virtual Private Network (VPN) Connection to a Home Network

Part 4: Virtual Private Networks

Virtual Private Network with OpenVPN

HOW TO: Implement Secure, Plug and Play, Remote VoIP Extensions w/ 3CX IP PBX, SNOM 370 IP Phones and an OpenVPN Infrastructure

Installing OpenVPN on Ubuntu 10.04

Free Dynamic DNS account you can use one of your choosing I like DynDNS but there's also No-IP and probably others.

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

FreeBSD OpenVPN Server/Routed - Secure Computing Wiki

About VPN Yealink IP Phones Compatible with VPN Installing the OpenVPN Server Configuring the OpenVPN Feature on IP Phones...

OpenVPN. Tom Eastep April 29, 2006 Linuxfest NW

Application Note Startup Tool - Getting Started Guide

Virtual machine W4M- Galaxy: Installation guide

APPLICATION NOTE. How to build pylon applications for ARM

Securepoint Security Systems

How to Create a Basic VPN Connection in Panda GateDefender eseries

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

The Barracuda Network Connector. System Requirements. Barracuda SSL VPN

Parallels Plesk Panel

Using VirtualBox ACHOTL1 Virtual Machines

OpenVPN. Amoocon Felix bytemine GmbH

Load Balancing Trend Micro InterScan Web Gateway

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

Mise en pratique : installation d'openvpn sur OpenWRT

Building a Penetration Testing Virtual Computer Laboratory

Procédure installation Open VPN sur Xivo

OpenVPN Setup Zeroshell By Cristian Benítez

Quick Note 041. Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates.

Quick Note 052. Connecting to Digi Remote Manager SM Through Web Proxy

ALOHA Load-Balancer. Virtual Appliance quickstart guide. Document version: v1.0. Aloha version concerned: v5.0.x

Local Caching Servers (LCS) February 2015

ISERink Installation Guide

How to Backup XenServer VM with VirtualIQ

Smoothwall Web Filter Deployment Guide

SonicWALL SRA Virtual Appliance Getting Started Guide

Installing the SSL Client for Linux

FortiClient SSL VPN Client User s Guide

MacroLan Azure cloud tutorial.

HP SDN VM and Ubuntu Setup

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

Buildroot for Vortex86EX (2016/04/20)

How to configure MAC authentication on a ProCurve switch

Simple, Secure and Flexible VPN solution for home and business

Acano solution. Virtualized Deployment R1.1 Installation Guide. Acano. February B

1 Download & Installation Usernames and... Passwords

CDH installation & Application Test Report

Lab 4 Domain Name System - DNS CMPE 150

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012

Web Application Firewall

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Overview. Author: Seth Scardefield Updated 11/11/2013

Field Installation Guide

Accessing RCS IBM Console in Windows Using Linux Virtual Machine

CounterACT 7.0 Single CounterACT Appliance

Client applications are available for PC and Mac computers and ios and Android mobile devices. Internet

Configuring SSL VPN with Mac OS X and iphone Clients. Configuration tested. Network Diagram

Changing the MAC address on a Guardium Appliance

1. Installation Overview

Source Code Management for Continuous Integration and Deployment. Version 1.0 DO NOT DISTRIBUTE

How to Guide: StorageCraft Cloud Services VPN

Configuring the PIX Firewall with PDM

Beginning OpenVPN 2.0.9

Linux Development Environment Description Based on VirtualBox Structure

13. Configuring FTP Services in Knoppix

OpenVPN - Site-to-Site routed VPN between two

iproute2 and Advanced Linux Routing

Deployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365

ewon-vpn - User Guide Virtual Private Network by ewons

ODP REGIONAL NODE DEPLOYMENT QUICK GUIDE FOR TRAININGS

LAB THREE STATIC ROUTING

Load Balancing Smoothwall Secure Web Gateway

Load Balancing Sophos Web Gateway. Deployment Guide

VMware Identity Manager Connector Installation and Configuration

First Steps after Installation Guide

Load Balancing Bloxx Web Filter. Deployment Guide

Implementing a Secure Home Intranet and VPN Solution Using Linux

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Information Security Training. Assignment 1 Networking

McAfee Web Filter Deployment Guide

VPNC Interoperability Profile

How To Set Up A Vns3 Controller On An Ipad Or Ipad (For Ahem) On A Network With A Vlan (For An Ipa) On An Uniden Vns 3 Instance On A Vn3 Instance On

Change Log. 2 per vices corporation

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19

IP-based Delivery Network via OpenVPN Provider Handbook

Evaluating the Balabit Shell Control Box

Installation Overview

pcanywhere Advanced Configuration Guide

TEL 500 WRITE UP WEEK 8 FREE PBX SIP LAB SUBMITTED TO: PROF. RONNY BULL BY: ANUSHA ALIGAPALLY

How To Industrial Networking

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015

Transcription:

MIECT: Advanced Network Security 2015-16 Practical Exercise: Host-to-Net VPN with OpenVPN Due date: no date V 1.0 1 Introduction The goal of this work is to set up an host-to-net OpenVPN in a network setting involving Linux and Windows systems. To facilitate the deployment of the network setting out of the laboratory, we will use only Linux and Windows Server 2003 virtual machines for implementing it. In this guide we will consider only the exploitation of VirtualBox. 2 Network setting We will use the network settings of Figure 1. For a first experiment, we will use only Linux machines for the both VPN client and server. The VPN client should be implemented by one student, while the Corporate network should be implemented by another student. Figure 1: Network settings and their effective deployment using virtual machines The Corporate network should be an host-only VirtualBox network; VirtualBox already features by default one network of this kind (VirtualBox Host-Only Ethernet Adapter). Initiate the VirtualBox DHCP service for the host-only network with the addresses referred in Figure 1. Hereafter, for simplicity, we will refer each involved machine as VM 1, 2, 3 and 4, according to Figure 1. The interfaces of the virtual machines 1

will also be named as eth??, according to the same figure (also for Windows system, irrespectively of being named differently in those systems). 3 Virtual machines 3.1 Linux virtual machines We will use a Linux live distribution for all Linux hosts. In this guide we will assume the Mint live distribution. Create the virtual machine for VM 1/VM 2 and clone the latter to create VM 3. Don t forget to remove the useless network interfaces, leaving only two: a multi-purpose one (which can be either NAT or bridged, to connect to the outside world if required) and an host-only. For reducing the workload while execution many virtual machines simultaneously, use only, if possible, the console interface of Linux hosts. For shutting down the graphical interface stop the graphical window manager service. In Mint we do so with the following command: service mdm stop 3.2 Windows virtual machines We will use a Windows Server 2003 virtual machine for all Windows hosts. The disk image for the virtual machine will be provided online in the subject s Web page. The Administrator s password is naomelembro. 3.3 Network configuration All virtual machines will get their network interfaces configured by DHCP (IP address and netmask). However, default gateways and extra routes in the Corporate network have to be set manually with the ifconfig command (or a similar one) in Linux machines, or with the network properties windows, in Windows (right click on any network icon on the task bar, chose Open Network Connections, right click on the proper network interface and chose Properties). 4 Set up an OpenVPN VPN Set up the network topology of figure 1. Hereafter we will assume that VM 1 has IP address addr1 and VM 2 has IP address addr2. Before proceeding, check if the two hosts can ping each other. In a separate console execute the following command (replace ethx by the appropriate interface name): tcpdump -n -i ethx 2

4.1 OpenVPN installation In VM 2 (Linux), create a root-owned bash console. Then execute: apt - get install openvpn Do the same in VM 1; then leave VM 1 and focus on VM 2. 4.2 OpenVPN Certification Authority (CA) Usually OpenVPN is used together with another package, easy-rsa, that helps to create the certificates used by the SSL component of OpenVPN. We will also use it in VM 2 (only): apt - get install easy - rsa Then copy the entire /usr/share/easy-rsa directory to another one, say /etc/openvpn: cd / usr / share tar cf - easy - rsa ( cd / etc / openvpn ; tar xf -) cd / etc / openvpn /easy - rsa The file./vars contains a set of definitions (in the form of Shell environment variables) that will be used to create the public key certificates used by the server. Edit these definitions at will, namely the ones referred as changeme and, at the end, set them in the shell environment: source./ vars Next, execute a command to clean all previously set keying material:./ clean - all Then execute the following commands to create the root CA certificate, the OpenVPN server certificate and the OpenVPN server Diffie-Hellman parameters:./ pkitool -- initca All key material, as well as CA management stuff, is stored in directory keys. ls -la keys 4.3 Server keys and certificates In VM 2, in directory /etc/openvpn/easy-rsa, execute the following commands to create the OpenVPN server certificate and the OpenVPN server Diffie-Hellman parameters:./ pkitool -- server VPNServer./ build -dh 3

Again, all key material is stored in directory keys (together with the CA management stuff). ls -la keys Now, copy all the key material files that will be used by the OpenVPN server to the directory where it will look for them: cp keys /ca.crt keys / VPNServer.* keys /dh *. pem / etc / openvpn 4.4 Client keys and certificates For authenticating the client we will also use asymmetric key pairs and certificates, therefore we need to execute the following command in VM 2 (again, in directory /etc/openvpn/easy-rsa):./ pkitool VPNClient But before executing it, we need to set once again the Shell environment variables that will be used by the command to request a public key certificate for the VPN client. To do so, we can copy the vars file to another one (say vars.client), edit it to refer data related with the VPN client, and then execute source./ vars. client before execution the previous command. Note that one fundamental field that should be different in vars.client relatively to vars is the value of KEY CN, since the CA will not issue two certificates for the same CN (Common Name) for the same period of time. Copy the resulting files keys/vpnclient.* to the directory /etc/openvpn of VM 1 (e.g., using a flash pen). 4.5 Server configuration For configuring the OpenVPN server we will copy and edit a sample file provided by the OpenVPN documentation: zcat / usr / share / doc / openvpn / examples / sample - config - files / server. conf.gz > / etc / openvpn / server. conf Edit the configuration file and define properly all the critical stuff (IP addresses, key material, tun/tap, etc.). Once edited, run: service openvpn start service openvpn status Observe the new interface created by OpenVPN: ifconfig 4

4.6 Client configuration In VM 1 edit a text configuration file for configuring a VPN to VM 2 (e.g. vm2.ovpn). Add the following content to the file: client dev tun proto udp remote XXXXXXXX 1194 resolv - retry infinite nobind persist - key persist - tun ca ca. crt cert VPNClient. crt key VPNClient. key comp - lzo where XXXXXXXX should be replaced by the IP address of interface etho of VM 2. Then execute: service openvpn start service openvpn status Observe the new interface created by OpenVPN: ifconfig Finally, ping VM 3. Observe the traffic in the tun0 interface (with tcpdump) while pinging VM 3 from VM 2. Since you are using an IP-routed VPN, you should not observe any related ARPs reaching VM 1. 4.7 Using tap instead of tun Change the tun/tap settings in both client and server. Restart both client and server daemons and repeat the previous ping experiences with the tap0 interface. 4.8 Using OpenVPN in Windows Install an OpenVPN client in a Windows virtual machine and use it as VM 1 to connect to VM 2. 5 References 1. OpenVPN, http://en.wikipedia.org/wiki/openvpn 2. OpenVPN - Open Source VPN, http://openvpn.net 3. How to Setup Linux VPN Server and Client using OpenVPN, http://www. thegeekstuff.com/2013/09/openvpn-setup 4. OpenVPN GUI for Windows, http://openvpn.se 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information