SlideShare ist ein Scribd-Unternehmen logo

Presentation vpn

Swarup Kumar Mall
Swarup Kumar Mall
1 von 25
Downloaden Sie, um offline zu lesen
Christian Tettamanti, ing. HES 1
VPN - Virtual Private Network Start date : 01.02.2002 Duration : 1+1 years Christian Tettamanti, ing. HES Stefano Ventura prof. HES Christian Tettamanti ing. HES Pascal Gachet ing. HES Gérald Litzistorf prof. HES Philippe Logean ing. HES Nicolas Sadeg ing. HES 2
VPN - Goals Of The Project VPN Project Christian Tettamanti, ing. HES rce O penSou Phase I Protocols Phase II Authentication Phase III Deployment 3
VPN - Goals Of The Project Phase I Protocols Christian Tettamanti, ing. HES • Phase I – Research and study of remote access solutions – Secure access on internal private network – Interoperability tests – Study of VPN protocols (L2TP, PPTP, IPSec) – LAN-to-LAN and HOST-to-LAN scenarios 4
VPN - Goals Of The Project • Phase I Protocols Christian Tettamanti, ing. HES – PPTP point-to-point tunneling protocol – L2TP layer 2 tunneling protocol – IPSEC IP security protocols • IKE authentication • AH integrity • ESP confidentiality, integrity 5
VPN - Goals Of The Project Phase II Authentication Christian Tettamanti, ing. HES • Phase II – Research and study of secure authentication mechanisms – Study of Public Key Infrastructure (PKI) – Interoperability tests 6
VPN - Goals Of The Project Phase III Deployment Christian Tettamanti, ing. HES • Phase III – Deployment • LAN-to-LAN between EIG and TCOM • HOST-to-LAN at EIVD 7
VPN – Open Source Software Different solutions based on Open Source Christian Tettamanti, ing. HES • Server OS: Slackware Linux • Firewall: Netfilter/iptables enSour ce Op • Gateway VPN: OpenSwan • PKI Authority: OpenCA • VPN Clients: Win2K: SSH Sentinel* Linux: OpenSwan 8 *Free License for universities
VPN – Scenario 1 EIG – Proprietary Solutions EIVD – Open Source Solutions Christian Tettamanti, ing. HES VPN GW VPN GW internet VPN tunnel internet 10.5.0.0/16 10.4.1.0/24 9
VPN – Scenario 2 EIVD – Open Source Solutions Christian Tettamanti, ing. HES Remote Client VPN GW internet VPN tunnel internet VPN Client 10.4.2.20 10.4.1.0/24 10
VPN – Scenario 3 EIG – Proprietary Solutions EIVD – Open Source Solutions Christian Tettamanti, ing. HES VPN GW VPN GW VPN tunnel internet internet el nn tu N VP 10.5.0.0/16 10.4.1.0/24 VPN Client 10.4.2.20 11
VPN – Remote Client Authentication Dynamic IP 193.x.x.x Virtual IP VPN GW Christian Tettamanti, ing. HES 10.4.2.20 internettunnel IPSec internet 10.4.1.0/24 • The remote client authenticates himself on gw VPN • The authentication is based on X.509 certificates • The client acquire a private IP address with DCHP-over-IPSEC • The remote client is part of the internal private network 12
VPN – DHCP-over-IPSec • Internet Draft: draft-ietf-ipsec-dhcp-13.txt ISAKMP SA: Main Mode Auth. Christian Tettamanti, ing. HES DHCP Relay DHCP 10.4.1.0/16 10.4.1.0/16 Server DHCP DISCOVER DHCP SA: Life Time = 20 sec. DHCP 10.4.1.0/16 10.4.1.0/16 Server 10.4.2.20 ESP SA: 10.4.2.20 10.4.0.0/15 13
VPN – NAT-Traversal • Internet Drafts: draft-ietf-ipsec-udp-encaps-03.txt draft-ietf-ipsec-nat-t-03.txt intelligent NAT box Christian Tettamanti, ing. HES ESP and IKE with one client ESP encapsulated in UDP (port 4500) NAT ESP and IKE with n clients 14
VPN – Encountered Problems • PKI – Token Integration Christian Tettamanti, ing. HES • Internet Service Provider (ISP) – Firewalls – Routing • NAT routers – Intelligent Box – Stupid Box • NAT-Traversal • ESP UDP Encapsulation 15
VPN – Gateway VPN Capabilities IKE: Encryption algorithm: aes-256bit Integrity function: SHA-2 Christian Tettamanti, ing. HES DF Group: MODP 1536 (group 5) PKI authentication OK IPSEC – ESP (AH): Encryption algorithm: aes-256bit Integrity function: HMAC-SHA-2 DF Group: MODP 1536 (group 5) Other: DHCP over IPSEC OK NAT-Traversal OK 16
VPN – Final Architecture EIG NIDS Snort PKI OpenCA Christian Tettamanti, ing. HES EIG VPN area GW Clavister FireWall IPtables DC W2K Internet EIVD GW VPN PKI USB Key OpenSwan Protected Area Remote client EIVD VPN area 17
Christian Tettamanti, ing. HES 18
Christian Tettamanti, ing. HES VPN – SSH Sentinell Configuration 19
Christian Tettamanti, ing. HES VPN – PKI Certificate Configuration 20
Christian Tettamanti, ing. HES VPN – SA Life & NAT Configuration 21
Christian Tettamanti, ing. HES VPN – IKE & ESP Configuration 22
Christian Tettamanti, ing. HES 23 VPN – Connection example
VPN – Network Interfaces Before VPN Connection Christian Tettamanti, ing. HES After VPN Connection 24
Christian Tettamanti, ing. HES 25

Empfohlen

Designing.and.implementing.linux
Designing.and.implementing.linuxDesigning.and.implementing.linux
Designing.and.implementing.linuxgavin shaw
 
AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...
AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...
AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...ijfcstjournal
 
IMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHY
IMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHYIMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHY
IMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHYIJNSA Journal
 
Vpn 2
Vpn 2Vpn 2
Vpn 2Swarup Kumar Mall
 
hnd_brand_brand_inventory_2016
hnd_brand_brand_inventory_2016hnd_brand_brand_inventory_2016
hnd_brand_brand_inventory_2016Heikki Nuutinen
 
Vp ns
Vp nsVp ns
Vp nsSwarup Kumar Mall
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2Swarup Kumar Mall
 
Vpn 3
Vpn 3Vpn 3
Vpn 3Swarup Kumar Mall
 

Empfohlen

Designing.and.implementing.linux
Designing.and.implementing.linuxDesigning.and.implementing.linux
Designing.and.implementing.linuxgavin shaw
 
AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...
AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...
AN EVALUATION ON SELFISH BEHAVIOUR ATTACK AND JELLYFISH ATTACKS UNDER AODV RO...ijfcstjournal
 
IMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHY
IMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHYIMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHY
IMPROVING TLS SECURITY BY QUANTUM CRYPTOGRAPHYIJNSA Journal
 
Vpn 2
Vpn 2Vpn 2
Vpn 2Swarup Kumar Mall
 
hnd_brand_brand_inventory_2016
hnd_brand_brand_inventory_2016hnd_brand_brand_inventory_2016
hnd_brand_brand_inventory_2016Heikki Nuutinen
 
Vp ns
Vp nsVp ns
Vp nsSwarup Kumar Mall
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2Swarup Kumar Mall
 
Vpn 3
Vpn 3Vpn 3
Vpn 3Swarup Kumar Mall
 
Vpn
VpnVpn
Vpnproser tech
 
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...Liz Louw
 
Create and Understand IPSec VPN
Create and Understand IPSec VPNCreate and Understand IPSec VPN
Create and Understand IPSec VPNAneel Kanuri
 
Master-Thesis-Qualnet-Projects
Master-Thesis-Qualnet-ProjectsMaster-Thesis-Qualnet-Projects
Master-Thesis-Qualnet-ProjectsPhdtopiccom
 
Katuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfKatuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfSudershan Sundararajan CISSP SSCP
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumPrivacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumNagib Aouini
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project PresentationAndrew McGarry
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
VPN
VPNVPN
VPNKetan Paithankar
 
Ad26188191
Ad26188191Ad26188191
Ad26188191IJERA Editor
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security@zenafaris91
 
CPK Theory And Parctice
CPK Theory And ParcticeCPK Theory And Parctice
CPK Theory And ParcticeZhi Guan
 
Vpn intro by dongshuzhao
Vpn intro by dongshuzhaoVpn intro by dongshuzhao
Vpn intro by dongshuzhaofantasy zheng
 
PPETP: A peer-to-peer streaming protocol
PPETP: A peer-to-peer streaming protocolPPETP: A peer-to-peer streaming protocol
PPETP: A peer-to-peer streaming protocolRiccardo Bernardini
 
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdfKdpKumar
 
Blug talk
Blug talkBlug talk
Blug talkSwarup Kumar Mall
 
Blug Talk
Blug TalkBlug Talk
Blug Talkguestb9d7f98
 
Vpn
VpnVpn
VpnKajal Thakkar
 
Network Programming with Umit project
Network Programming with Umit projectNetwork Programming with Umit project
Network Programming with Umit projectUC San Diego
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyAnisur Rahman
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvpSwarup Kumar Mall
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884Swarup Kumar Mall
 

Weitere ähnliche Inhalte

Ähnlich wie Presentation vpn

he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...Liz Louw
 
Create and Understand IPSec VPN
Create and Understand IPSec VPNCreate and Understand IPSec VPN
Create and Understand IPSec VPNAneel Kanuri
 
Master-Thesis-Qualnet-Projects
Master-Thesis-Qualnet-ProjectsMaster-Thesis-Qualnet-Projects
Master-Thesis-Qualnet-ProjectsPhdtopiccom
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumPrivacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumNagib Aouini
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project PresentationAndrew McGarry
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
CPK Theory And Parctice
CPK Theory And ParcticeCPK Theory And Parctice
CPK Theory And ParcticeZhi Guan
 
Vpn intro by dongshuzhao
Vpn intro by dongshuzhaoVpn intro by dongshuzhao
Vpn intro by dongshuzhaofantasy zheng
 
PPETP: A peer-to-peer streaming protocol
PPETP: A peer-to-peer streaming protocolPPETP: A peer-to-peer streaming protocol
PPETP: A peer-to-peer streaming protocolRiccardo Bernardini
 
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdfKdpKumar
 
Network Programming with Umit project
Network Programming with Umit projectNetwork Programming with Umit project
Network Programming with Umit projectUC San Diego
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyAnisur Rahman
 

Ähnlich wie Presentation vpn (20)

Vpn
VpnVpn
Vpn
 
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...
he Bitcoin Masterclass (Slovenia) Day 1: Multicast and IPv6, Bitcoin and IPv6...
 
Create and Understand IPSec VPN
Create and Understand IPSec VPNCreate and Understand IPSec VPN
Create and Understand IPSec VPN
 
Master-Thesis-Qualnet-Projects
Master-Thesis-Qualnet-ProjectsMaster-Thesis-Qualnet-Projects
Master-Thesis-Qualnet-Projects
 
Katuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdfKatuwal_Arun_flex_get_vpn.pdf
Katuwal_Arun_flex_get_vpn.pdf
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public EthereumPrivacy-preserving techniques using zero knowledge proof in public Ethereum
Privacy-preserving techniques using zero knowledge proof in public Ethereum
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
VPN
VPNVPN
VPN
 
Ad26188191
Ad26188191Ad26188191
Ad26188191
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
CPK Theory And Parctice
CPK Theory And ParcticeCPK Theory And Parctice
CPK Theory And Parctice
 
Vpn intro by dongshuzhao
Vpn intro by dongshuzhaoVpn intro by dongshuzhao
Vpn intro by dongshuzhao
 
PPETP: A peer-to-peer streaming protocol
PPETP: A peer-to-peer streaming protocolPPETP: A peer-to-peer streaming protocol
PPETP: A peer-to-peer streaming protocol
 
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
10 Protocols of VPN IPSec, PPTP, L2TP, MPLS etc. ⋆ IPCisco.pdf
 
Blug talk
Blug talkBlug talk
Blug talk
 
Blug Talk
Blug TalkBlug Talk
Blug Talk
 
Vpn
VpnVpn
Vpn
 
Network Programming with Umit project
Network Programming with Umit projectNetwork Programming with Umit project
Network Programming with Umit project
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 

Mehr von Swarup Kumar Mall

Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156Swarup Kumar Mall
 
Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_Swarup Kumar Mall
 

Mehr von Swarup Kumar Mall (14)

Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
Vpn 3 13_07
Vpn 3 13_07Vpn 3 13_07
Vpn 3 13_07
 
Vpn
VpnVpn
Vpn
 
Doc6 mpls vpn-ppt
Doc6 mpls vpn-pptDoc6 mpls vpn-ppt
Doc6 mpls vpn-ppt
 
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
 
D l table
D l tableD l table
D l table
 
Cheap vpn
Cheap vpnCheap vpn
Cheap vpn
 
Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_
 
Allaboutvpn
AllaboutvpnAllaboutvpn
Allaboutvpn
 
2008 cse
2008 cse2008 cse
2008 cse
 
2008 cse copy
2008 cse copy2008 cse copy
2008 cse copy
 
4 vpn s
4 vpn s4 vpn s
4 vpn s
 
VPN
VPNVPN
VPN
 

Presentation vpn

  • 2. VPN - Virtual Private Network Start date : 01.02.2002 Duration : 1+1 years Christian Tettamanti, ing. HES Stefano Ventura prof. HES Christian Tettamanti ing. HES Pascal Gachet ing. HES Gérald Litzistorf prof. HES Philippe Logean ing. HES Nicolas Sadeg ing. HES 2
  • 3. VPN - Goals Of The Project VPN Project Christian Tettamanti, ing. HES rce O penSou Phase I Protocols Phase II Authentication Phase III Deployment 3
  • 4. VPN - Goals Of The Project Phase I Protocols Christian Tettamanti, ing. HES • Phase I – Research and study of remote access solutions – Secure access on internal private network – Interoperability tests – Study of VPN protocols (L2TP, PPTP, IPSec) – LAN-to-LAN and HOST-to-LAN scenarios 4
  • 5. VPN - Goals Of The Project • Phase I Protocols Christian Tettamanti, ing. HES – PPTP point-to-point tunneling protocol – L2TP layer 2 tunneling protocol – IPSEC IP security protocols • IKE authentication • AH integrity • ESP confidentiality, integrity 5
  • 6. VPN - Goals Of The Project Phase II Authentication Christian Tettamanti, ing. HES • Phase II – Research and study of secure authentication mechanisms – Study of Public Key Infrastructure (PKI) – Interoperability tests 6
  • 7. VPN - Goals Of The Project Phase III Deployment Christian Tettamanti, ing. HES • Phase III – Deployment • LAN-to-LAN between EIG and TCOM • HOST-to-LAN at EIVD 7
  • 8. VPN – Open Source Software Different solutions based on Open Source Christian Tettamanti, ing. HES • Server OS: Slackware Linux • Firewall: Netfilter/iptables enSour ce Op • Gateway VPN: OpenSwan • PKI Authority: OpenCA • VPN Clients: Win2K: SSH Sentinel* Linux: OpenSwan 8 *Free License for universities
  • 9. VPN – Scenario 1 EIG – Proprietary Solutions EIVD – Open Source Solutions Christian Tettamanti, ing. HES VPN GW VPN GW internet VPN tunnel internet 10.5.0.0/16 10.4.1.0/24 9
  • 10. VPN – Scenario 2 EIVD – Open Source Solutions Christian Tettamanti, ing. HES Remote Client VPN GW internet VPN tunnel internet VPN Client 10.4.2.20 10.4.1.0/24 10
  • 11. VPN – Scenario 3 EIG – Proprietary Solutions EIVD – Open Source Solutions Christian Tettamanti, ing. HES VPN GW VPN GW VPN tunnel internet internet el nn tu N VP 10.5.0.0/16 10.4.1.0/24 VPN Client 10.4.2.20 11
  • 12. VPN – Remote Client Authentication Dynamic IP 193.x.x.x Virtual IP VPN GW Christian Tettamanti, ing. HES 10.4.2.20 internettunnel IPSec internet 10.4.1.0/24 • The remote client authenticates himself on gw VPN • The authentication is based on X.509 certificates • The client acquire a private IP address with DCHP-over-IPSEC • The remote client is part of the internal private network 12
  • 13. VPN – DHCP-over-IPSec • Internet Draft: draft-ietf-ipsec-dhcp-13.txt ISAKMP SA: Main Mode Auth. Christian Tettamanti, ing. HES DHCP Relay DHCP 10.4.1.0/16 10.4.1.0/16 Server DHCP DISCOVER DHCP SA: Life Time = 20 sec. DHCP 10.4.1.0/16 10.4.1.0/16 Server 10.4.2.20 ESP SA: 10.4.2.20 10.4.0.0/15 13
  • 14. VPN – NAT-Traversal • Internet Drafts: draft-ietf-ipsec-udp-encaps-03.txt draft-ietf-ipsec-nat-t-03.txt intelligent NAT box Christian Tettamanti, ing. HES ESP and IKE with one client ESP encapsulated in UDP (port 4500) NAT ESP and IKE with n clients 14
  • 15. VPN – Encountered Problems • PKI – Token Integration Christian Tettamanti, ing. HES • Internet Service Provider (ISP) – Firewalls – Routing • NAT routers – Intelligent Box – Stupid Box • NAT-Traversal • ESP UDP Encapsulation 15
  • 16. VPN – Gateway VPN Capabilities IKE: Encryption algorithm: aes-256bit Integrity function: SHA-2 Christian Tettamanti, ing. HES DF Group: MODP 1536 (group 5) PKI authentication OK IPSEC – ESP (AH): Encryption algorithm: aes-256bit Integrity function: HMAC-SHA-2 DF Group: MODP 1536 (group 5) Other: DHCP over IPSEC OK NAT-Traversal OK 16
  • 17. VPN – Final Architecture EIG NIDS Snort PKI OpenCA Christian Tettamanti, ing. HES EIG VPN area GW Clavister FireWall IPtables DC W2K Internet EIVD GW VPN PKI USB Key OpenSwan Protected Area Remote client EIVD VPN area 17
  • 19. Christian Tettamanti, ing. HES VPN – SSH Sentinell Configuration 19
  • 20. Christian Tettamanti, ing. HES VPN – PKI Certificate Configuration 20
  • 21. Christian Tettamanti, ing. HES VPN – SA Life & NAT Configuration 21
  • 22. Christian Tettamanti, ing. HES VPN – IKE & ESP Configuration 22
  • 23. Christian Tettamanti, ing. HES 23 VPN – Connection example
  • 24. VPN – Network Interfaces Before VPN Connection Christian Tettamanti, ing. HES After VPN Connection 24