Vpn intro by dongshuzhao

2,066 views

Published on

@dongshuzhao同学的vpn系统介绍

1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
2,066
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
101
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Vpn intro by dongshuzhao

  1. 1. OpenSalon Conference 2 A VPN System with User Authentication and Bandwidth Control 董淑照 Dong Shuzhao Harbin Institute of Technology at Weihai dongshuzhao@gmail.com Oct. 9, 2010
  2. 2. Introduction to VPN
  3. 3. What is VPN?
  4. 4. What is VPN?  A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network.
  5. 5. What is VPN?  An IP tunnel between hosts or routers to extend the reach of a subnet.  The tunnel may be encrypted.  Tunnel creation may need authentication process.  Traffic may be subject to accounting, logging and firewalling.
  6. 6. Use of VPN  Remote intranet access  For companies, schools  Data encryption  Public networks, Wi-fi  Access control within intranet  Network authentication
  7. 7. VPN Solutions  PPTP  Point-to-Point Tunneling Protocol  Security vulnerabilities  L2TP  Layer 2 Tunneling Protocol  Improvement of PPTP  SSL VPN  OpenVPN  Totally application layer protocol
  8. 8. Principles of GFW
  9. 9. Principles of GFW  IP Block  DNS Tampering  DNS Pollution  Content Filtering  ...
  10. 10. IP Block twitter.com 128.242.240.20
  11. 11. IP Block  Weakness  Change of IP address  Dynamic IP  Solution  Change a secure DNS server  Modify 'hosts' file
  12. 12. DNS Tampering
  13. 13. DNS Tampering  Weakness  Only control of DNS servers in Chinese mainland  Solution  Change to a foreign DNS server
  14. 14. DNS Pollution
  15. 15. DNS Pollution
  16. 16. DNS Pollution  Weakness  ?  Solution  ?
  17. 17. Content Filtering
  18. 18. Content Filtering  Weakness  ?  Solution  ?
  19. 19. VPN & GFW
  20. 20. VPN & GFW
  21. 21. VPN with Routing Table
  22. 22. VPN with Routing Table  chnroutes  http://code.google.com/p/chnroutes/  Distinguishing lines  Chinese (mainland) IPs: original route  Foreign Ips: via VPN
  23. 23. Implementation of VPN System
  24. 24. System Overview
  25. 25. Distributed Structure
  26. 26. Database Schema
  27. 27. User Authentication  saslauthd  pam-mysql  /etc/pam.d/openvpn  DB Fields: username, password, active  OpenVPN  PAM plugin  PPTP VPN  pppd-sql  http://freshmeat.net/projects/pppd-sql
  28. 28. Logging  Script hook  connect.sh  Create a new record with begin time, ip, port, etc.  disconnect.sh  Fill back previous record with end time, bandwidth usage, etc.
  29. 29. Bandwidth Control  disconnect.sh  Check log and set active to 0 if bandwidth limit exceeded  Lock expired users  cron  /etc/cron.hourly/openvpn  Unlock users whose bandwidth roll back  Lock expired users
  30. 30. VPN Control Panel  PHP  jQuery  flexigrid
  31. 31. Mailing System  DNS MX Record  Sendmail (or Exim, Qmail...)  Sending in Shell  login alerts, bandwidth alerts, expiration alerts  Sending in PHP  password alerts, invitations, password reset  mail() function in PHP
  32. 32. Further Improvements  P2P Prevention  Kernel modules  Real-time User Management  Killing an online user  Disconnect immediately after bandwidth run out  Billing System  Paypal Interface  Alipay Interface
  33. 33. THE END

×