VPN_2 - Zutao(Tower) Zhu
Download
Report
Transcript VPN_2 - Zutao(Tower) Zhu
VPN Lab 2
Zutao Zhu
04/02/2010
Outline
• How a packet traverse in VPN
• How to write socket program
• Certificate
Packet Flow
Packet Flow
VMware Port Forwarding
• How it works?
Routing Table
• Add route to host
– # route add -host 192.168.1.2 dev eth0:0
– # route add -host 10.20.30.148 gw 10.20.30.40
• Add route to network
– # route add -net 10.20.30.40 netmask
255.255.255.248 eth0 # route add -net 10.20.30.48
netmask 255.255.255.248 gw 10.20.30.41 # route
add -net 192.168.1.0/24 eth1
• Add default route
– # route add default gw 192.168.1.1
Routing Table Flags
•
•
•
•
•
•
•
•
•
•
Flags Possible flags include
U (route is up)
H (target is a host)
G (use gateway)
R (reinstate route for dynamic routing)
D (dynamically installed by daemon or redirect)
M (modified from routing daemon or redirect)
A (installed by addrconf)
C (cache entry)
! (reject route)
IP Forwarding
• One machine has more than one network
adapter
• # sysctl -w net.ipv4.ip_forward=1
• # sysctl net.ipv4.ip_forward
• # vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
Make sure
• You understand how the packets flow
• You need to change the IP address in the
appropriate point
• When debugging, print out the values of
src_ip, src_port, dst_ip, dst_port in the key
points
Socket Programming
• UDP server
– sock = socket(AF_INET, SOCK_DGRAM, 0)
– Set struct sockaddr_in server_addr (which
port you want to use), client_addr
– Bind socket to server_addr
– Enter infinite loop,
recvfrom(sock,recv_data,1024,0, (struct
sockaddr *)&client_addr, &addr_len)
Socket Programming
• UDP client
– sock = socket(AF_INET, SOCK_DGRAM, 0)
– Set struct sockaddr_in server_addr (which
port you want to use), client_addr
– Enter infinite loop,
sendto(sock, send_data, strlen(send_data), 0,
(struct sockaddr *)&server_addr, sizeof(struct
sockaddr))
Certificate
• Create the configuration file
• You need to create your own certificates
when demo
• You can define your VPN server’s
authenticate policy (for the clients)
• Design your small protocol to do the key
exchange
Control and data channels
• Control one : TCP
• Data one : UDP
Key Exchange
• Use TCP channel
• Client changes the session key/IV/etc.
• Client use the new session key to encrypt
the data
• When server is notified, server also
changes the session key for this
communication
• Server can decrypt client’s encrypted data
Reference
• http://www.prasannatech.net/2008/07/sock
et-programming-tutorial.html