Open VPN an open source cross platform clientserver
- Slides: 13
Open. VPN: an open source, cross platform client/server, PKI based VPN. http: //openvpn. net
Some Definitions ● ● ● VPN – Virtual private network, an extension of a private network via an encrypted tunnel over a public network. SSL/TLS – Secure Socket Layer v 3 ~ Transport Layer Security (SSL 3. 1 = TLS 1. 0) Public Key Infrastructure (PKI) - “an arrangement which provides for third-party vetting of, and vouching for, user identities. This is usually carried out by software at a central location together with other coordinated software at distributed locations. ”
Cryptographic Primitives – confidentiality, integrity, authentication, non-repudiation ● ● ● Symmetric encryption – provides confidentiality Message digests – function applied to block of text to produce a fixed length of cipher text, used to verify message integrity Asymmetric encryption – system for encrypting/decrypting and digitally signing messages. Uses public/private key pairs on either side of the connection, provides authentication and non-repudiation
Private IP addresses RFC 1918 Address Allocation for Private Internets February 1996 The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10. 0 - 10. 255 (10/8 prefix) 172. 16. 0. 0 - 172. 31. 255 (172. 16/12 prefix) 192. 168. 0. 0 - 192. 168. 255 (192. 168/16 prefix)
VPN Types ● ● ● Tunnels: PPTP, L 2 TP, IPsec User space: vtun, ssh, Open. VPN SSL application gateways: “clientless” & proprietary
Why Open. VPN? ● ● ● Cross platform client and server versions TLS/SSL openssl library based Easy installation and configuration NAT traversal Interoperates with other vpns, i. e. PPTP, IPSec
Open. VPN PKI ● ● a separate certificate (also known as a public key) and private key for the server and each client a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates.
Open. VPN PKI ● ● Open. VPN supports bidirectional authentication based on certificates, meaning that the client must authenticate the server certificate and the server must authenticate the client certificate before mutual trust is established. Both server and client will authenticate the other by first verifying that the presented certificate was signed by the master certificate authority (CA), and then by testing information in the now-authenticated certificate header, such as the certificate common name or certificate type (client or server).
Open. VPN PKI ● ● ● The server only needs its own certificate/key The server will only accept clients whose certificates were signed by the master CA certificate If a private key is compromised, it can be disabled by adding its certificate to a CRL (certificate revocation list)
References Open. VPN 2. 0 Howto http: //openvpn. net/howto. html Open. VPN and the SSL VPN Revolution http: //www. sans. org/rr/whitepapers/vpns/1459. php
Cross platform vpn
Basic concept of client server architecture
Disadvantages of operating system
Clientserver network
Clientserver model
Clientserver model
Open source electronics prototyping platform
Elearning platform open source
Open source assessment
Ssl vpn vs ipsec
Spispy
Master mind map
Abstract for chat application project
P
