Vpn intro by dongshuzhao
Upcoming SlideShare
Loading in...5
×
 

Vpn intro by dongshuzhao

on

  • 2,065 views

@dongshuzhao同学的vpn系统介绍

@dongshuzhao同学的vpn系统介绍

Statistics

Views

Total Views
2,065
Views on SlideShare
2,065
Embed Views
0

Actions

Likes
2
Downloads
96
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • thanks
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Vpn intro by dongshuzhao Vpn intro by dongshuzhao Presentation Transcript

  • OpenSalon Conference 2 A VPN System with User Authentication and Bandwidth Control 董淑照 Dong Shuzhao Harbin Institute of Technology at Weihai dongshuzhao@gmail.com Oct. 9, 2010
  • Introduction to VPN
  • What is VPN?
  • What is VPN?  A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network.
  • What is VPN?  An IP tunnel between hosts or routers to extend the reach of a subnet.  The tunnel may be encrypted.  Tunnel creation may need authentication process.  Traffic may be subject to accounting, logging and firewalling.
  • Use of VPN  Remote intranet access  For companies, schools  Data encryption  Public networks, Wi-fi  Access control within intranet  Network authentication
  • VPN Solutions  PPTP  Point-to-Point Tunneling Protocol  Security vulnerabilities  L2TP  Layer 2 Tunneling Protocol  Improvement of PPTP  SSL VPN  OpenVPN  Totally application layer protocol
  • Principles of GFW
  • Principles of GFW  IP Block  DNS Tampering  DNS Pollution  Content Filtering  ...
  • IP Block twitter.com 128.242.240.20
  • IP Block  Weakness  Change of IP address  Dynamic IP  Solution  Change a secure DNS server  Modify 'hosts' file
  • DNS Tampering
  • DNS Tampering  Weakness  Only control of DNS servers in Chinese mainland  Solution  Change to a foreign DNS server
  • DNS Pollution
  • DNS Pollution
  • DNS Pollution  Weakness  ?  Solution  ?
  • Content Filtering
  • Content Filtering  Weakness  ?  Solution  ?
  • VPN & GFW
  • VPN & GFW
  • VPN with Routing Table
  • VPN with Routing Table  chnroutes  http://code.google.com/p/chnroutes/  Distinguishing lines  Chinese (mainland) IPs: original route  Foreign Ips: via VPN
  • Implementation of VPN System
  • System Overview
  • Distributed Structure
  • Database Schema
  • User Authentication  saslauthd  pam-mysql  /etc/pam.d/openvpn  DB Fields: username, password, active  OpenVPN  PAM plugin  PPTP VPN  pppd-sql  http://freshmeat.net/projects/pppd-sql
  • Logging  Script hook  connect.sh  Create a new record with begin time, ip, port, etc.  disconnect.sh  Fill back previous record with end time, bandwidth usage, etc.
  • Bandwidth Control  disconnect.sh  Check log and set active to 0 if bandwidth limit exceeded  Lock expired users  cron  /etc/cron.hourly/openvpn  Unlock users whose bandwidth roll back  Lock expired users
  • VPN Control Panel  PHP  jQuery  flexigrid
  • Mailing System  DNS MX Record  Sendmail (or Exim, Qmail...)  Sending in Shell  login alerts, bandwidth alerts, expiration alerts  Sending in PHP  password alerts, invitations, password reset  mail() function in PHP
  • Further Improvements  P2P Prevention  Kernel modules  Real-time User Management  Killing an online user  Disconnect immediately after bandwidth run out  Billing System  Paypal Interface  Alipay Interface
  • THE END