Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

VPN Overview and IPsec Intro

411 views

Published on

Slides for the February 2014 pfSense Hangout video

Published in: Technology
  • Be the first to comment

  • Be the first to like this

VPN Overview and IPsec Intro

  1. 1. VPN Overview and dive into IPsec February 2014
  2. 2. Project News ● Development ○ 2.1.1 ○ 2.2 ● At SCALE this weekend ○ https://www.socallinuxexpo.org ● Next session - March 21 ● Questions at the end
  3. 3. VPN options ● IPsec ● OpenVPN ● PPTP
  4. 4. VPN Comparison - PPTP ● Insecure ● Likely to be NAT-broken ● Just don’t use it!
  5. 5. VPN Comparison - OpenVPN and IPsec IPsec OpenVPN NAT-friendly with NAT-T, Y Y Widely interoperable with other firewalls Y N Client for Windows Shrew Soft, others OpenVPN Client for Android Built into most Android 4.x versions Two options available in Google Play Client for iOS Built into iOS 3.x and newer Available in App Store Client for OS X Built-in Tunnelblick (free) and Viscosity (commercial) available
  6. 6. VPN Selection - Site to Site ● Interoperability with third party devices - IPsec ● One endpoint behind NAT - OpenVPN ● NAT within VPN, both, but OpenVPN most flexible
  7. 7. VPN Selection - Mobile Users ● OpenVPN usually easier to configure ● Depends on devices supported and personal preferences
  8. 8. IPsec Intro - Modes ● Tunnel ● Transport http://diecarvi.wordpress.com/2013/07/04/ipsec-tunnel-and-transport-modes-why-doesnt-transport-mode-work-between-routers/
  9. 9. IPsec and IPv6 ● IPv6 inside IPv6 tunnels ● IPv4 inside IPv4 tunnels ● Mobile clients IPv4-only
  10. 10. IPsec Example Site to Site VPN
  11. 11. IPsec Troubleshooting ● Check Status>IPsec ● Check firewall states ● Deciphering IPsec logs ● Enabling debug logging ● MSS clamping requirements ○ Hanging TCP connections
  12. 12. IPsec Troubleshooting - Packet Capture Six points for tracing traffic
  13. 13. Thanks for attending! Questions? Next session - March 21 Comments, suggestions, feedback welcome to gold@pfsense.org

×