SlideShare a Scribd company logo

Low Sost Secure VPN SSTP - MUM ID 2012

Faisal Reza
Faisal Reza
Technology
1 of 57
Download to read offline
Low cost secure VPN MikroTik SSTP over OpenIXP (Indonesian Internet) ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
About Me Faisal Reza, ST. (si_faisal) - Co-founder Asta Informatics - using MikroTik since early 2008 applied in Internet Café, ISP, Enterprise Network, Multifinance, Hotel & many more. - MTCNA, MTCTCE - member of www.forummikrotik.com Specialities : Network Solution & Design, Virtualization ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Asta Informatics Established 2011 • Solution Provider with Green IT principle • System Integrator for Server, Networking, Security and Private Cloud • IP Surveillance System • Broadband services • Free Consultation available More info : www.astainformatics.com AstaInformatics @AstaInformatics ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Typical Configuration on Enterprise Network ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Single Provider Branch Office Disaster Recovery Backup Site Site Project Single Provider Single provider VPN IP / MPLS Service - Data subscription - Voice Cons : - Video - No Backup Connection Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Multi Provider Branch Office Disaster Recovery Backup Site Site Project 1st Provider 2nd If 1st link goes down, switch to 2nd link Provider Subscribe VPN IP / MPLS Service To two different provider Cons : - Only 1 link Active Other link as backup (idle) - High cost Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Lets try different solution Build your Own VPN on public Infrastructure using ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
INDONESIAN INTERNET OpenIXP : Open Internet eXchange Point 1705 Switches NiCE : National interConnection Exchange 1855 Cross Connection IIX : Indonesian Internet eXchange 7276 IP routes 648 ASN (Networks) Peak Traffic 60.000 MB source : http://www.idc.co.id/network.html ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
OpenIXP / NiCE Open Internet eXchange Point National interConnection Exchange • All Provider - Connected In one place • we can buy IIX only connection (cheaper than dedicated VPN + get access to indonesian domestic site ) • Greater Bandwitdh, Cheaper Price • Low Latency inter provider, average < 10 ms • Multi Access option (fiber optic, wireless, microwave, ADSL, 3G, Wimax) • Freedom of choice ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Branch Office Site Project Disaster Recovery Backup Site ISP C ISP B cilent to site OpenIXP ISP B Internet ISP A 3G - Freedom to choose Provider - Domestic (IIX-only) connection is cheaper - Possible to use non-dedicated line (ADSL, GPRS, 3G) – more cheap Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Solution • MikroTik as VPN Server • Because we rely on public infrastructure, security is more considered. • Using Secure Socket Tunnel Protocol (SSTP) with self-signed certificate (SSL) • Site-to-site & Client-to-site are supported • Multi-provider bandwitdh aggregation supported with eoip-tunnel or MPLS/VPLS over SSTP ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
SSTP Secure Socket Tunneling Protocol (SSTP) is the way to transport PPP tunnel over SSL 3.0 channel. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers. http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
1. TCP connection is established from client to server (by default on port 443) 2. SSL validates server certificate. If certificate is valid connection is established otherwise connection is torn down. 3. The client sends SSTP control packets within the HTTPS session which establishes the SSTP state machine on both sides. 5. PPP negotiation over SSTP. Client authenticates to the server and binds IP addresses to SSTP interface 5.SSTP tunnel is now established and packet encapsulation can begin. http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
So, to connect to SSTP Server we need following requirement : 1. TCP Port 443 2. GRE protocol allowed 3. Username 4. Password 5. Valid Certificate (optional) Later, we will configure valid certificate are required to establish secure VPN connection! ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Network Topology ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Simple Diagram R1 LAN 1922.168.2.0/24 R2 R3 LAN LAN 192.168.2.0/24 192.168.3.0/24 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
SSTP Server Service Setup Step 1 : Enable SSTP 1 2 3 4 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 2 : Create user access for R2 2 1 3 4 5 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 3: Create user access for R3 2 1 3 4 5 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
User List R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 3 : Create SSTP Server static interface 1 2 3 10 4 8 6 5 9 7 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
SSTP server interface list R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
SSTP Client Setup R2 5 4 2 1 8 3 6 7 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
SSTP Client Setup R3 5 4 2 1 8 3 6 7 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
R1 R2 R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Test Ping, Success! its now Connected without SSL Certificates R2 R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Generates Certificate • Generates self signed certificate using OpenSSL, FREE! • if not familiar using linux, you can install ubuntu over virtual box, just for generates certificate • #apt-get install openssl ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Steps for generate self-signed SSL Certificate Step 1 : ca.key (CA = Certificate Authority) is the company which issues the SSL Certificate in this case, we use self-signed, our private CA root@reza:~# openssl genrsa -des3 -out ca.key 4096 Generating RSA private key, 4096 bit long modulus ......++ ...............................................................................++ e is 65537 (0x10001) Enter pass phrase for ca.key: mikrotik Verifying - Enter pass phrase for ca.key: mikrotik root@reza:~# ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 2 : ca.crt root@reza:~# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt Enter pass phrase for ca.key: mikrotik You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mikrotik Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Mikrotik Email Address []:admin@test.com ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Certificate Pair for server Step 3 : server.key root@reza:~# openssl genrsa -des3 -out server.key 4096 Generating RSA private key, 4096 bit long modulus .....................................................................................++ ............................................................................................................++ e is 65537 (0x10001) Enter pass phrase for server.key: mikrotik Verifying - Enter pass phrase for server.key:mikrotik root@reza:~# ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 4 : server.csr root@reza:~# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mikrotik Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Mikrotik Email Address []:admin@test.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:mikrotik An optional company name []:Mikrotik ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 5 : server.crt root@reza:~# openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key - set_serial 01 -out server.crt Signature ok subject=/C=ID/ST=Jakarta/L=Jakarta/O=Mikrotik/OU=IT/CN=Mikrotik/emailAddress=ad min@test.com Getting CA Private Key Enter pass phrase for ca.key: mikrotik root@reza:~# ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Generate Client Certificate Pair Step 6 : client.key root@reza:~# openssl genrsa -des3 -out client.key 4096 Generating RSA private key, 4096 bit long modulus .................................................++ .................................................++ e is 65537 (0x10001) Enter pass phrase for client.key: mikrotik Verifying - Enter pass phrase for client.key: mikrotik root@reza ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 7 : client.csr root@reza:~# openssl req -new -key client.key -out client.csr Enter pass phrase for client.key: mikrotik You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mikrotik Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Mikrotik Email Address []:admin@test.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:mikrotik An optional company name []:Mikrotik ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Step 8 : client.crt root@reza:~# openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key - set_serial 01 -out client.crt Signature ok subject=/C=ID/ST=Jakarta/L=Jakarta/O=Mikrotik/OU=IT/CN=Mikrotik/emailAddress=ad min@test.com Getting CA Private Key Enter pass phrase for ca.key: mikrotik Now we have 8 files as below, 6 will be used : -rw-r--r-- 1 root root 2297 2012-10-19 16:03 ca.crt  used -rw-r--r-- 1 root root 3311 2012-10-19 15:59 ca.key  user -rw-r--r-- 1 root root 1960 2012-10-19 16:30 client.crt  used -rw-r--r-- 1 root root 1805 2012-10-19 16:28 client.csr -rw-r--r-- 1 root root 3311 2012-10-19 16:25 client.key  user -rw-r--r-- 1 root root 1960 2012-10-19 16:19 server.crt  used -rw-r--r-- 1 root root 1805 2012-10-19 16:16 server.csr -rw-r--r-- 1 root root 3311 2012-10-19 16:12 server.key used ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Certificate Distribution ca.key ca.crt Server.key Server.crt R1 when use R2 R3 client ca.key ca.key certificate ca.crt ca.crt client.key client.key verification, client.crt client.crt CA certificate must be imported too ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Upload certificate to each Router Upload the certificate file according to certificate distribution using ftp, ssh, file copy etc. R1 R2 R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
IMPORT SERVER CERTIFICATE to MikroTik [admin@R1-LAB] /certificate> import file-name=server.crt R1 passphrase: mikrotik certificates-imported: 1 private-keys-imported: 0 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 [admin@R1-LAB] /certificate> import file-name=server.key passphrase: mikrotik certificates-imported: 0 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 If everything is imported properly then certificate should show up with KR flag. ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Server Certificate ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
R1 Import ca.crt [admin@R1-LAB] /certificate> import file-name=ca.crt passphrase: mikrotik certificates-imported: 1 private-keys-imported: 0 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 [admin@R1-LAB] /certificate> import file-name=ca.key passphrase: mikrotik certificates-imported: 0 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
R2 Client Certificate R3 admin@R2-LAB] /certificate> import file-name=client.crt passphrase: mikrotik certificates-imported: 1 private-keys-imported: 0 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 [admin@R2-LAB] /certificate> import file-name=client.key passphrase: mikrotik certificates-imported: 0 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
R1 Set SSTP Server Using Certificate 1 2 5 3 4 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
R2 Set SSTP Client Using Certificate 1 2 6 3 5 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Before Activate the Cert on Client R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Set certificate, then Secure Connect! R3 4 1 3 2 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Access to LAN segment in each router Using static routing using sstp connected ip address as gateway : suitable for small network [admin@R1-LAB] > ip route add dst-address=192.168.2.0/24 gateway=10.0.1.2 R1 [admin@R1-LAB] > ip route add dst-address=192.168.3.0/24 gateway=10.0.1.6 [admin@R2-LAB] > ip route add dst-address=192.168.1.0/24 gateway=10.0.1.1 R2 [admin@R2-LAB] > ip route add dst-address=192.168.3.0/24 gateway=10.0.1.1 [admin@R2-LAB] > ip route add dst-address=10.0.1.4/30 gateway=10.0.1.1 [admin@R3-LAB] > ip route add dst-address=192.168.1.0/24 gateway=10.0.1.1 R3 [admin@R3-LAB] > ip route add dst-address=192.168.2.0/24 gateway=10.0.1.1 [admin@R3-LAB] > ip route add dst-address=10.0.1.0/30 gateway=10.0.1.1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
using OSPF ove SSTP R1 for Larger Network ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
R1 Routing > OSPF > Instances ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
R1 Routing > OSPF > Networks Routing > OSPF > Neighbours ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Routing > OSPF > Instances R2 Routing > OSPF > Networks Routing > OSPF > Neighbours ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Routing > OSPF > Instances R3 Routing > OSPF > Networks Routing > OSPF > Neighbours ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
All Routing Table R1 R3 R2 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Branch Office Hybrid Provider Site Project Disaster Recovery ISP E Backup Site ISP F ISP C ISP D cilent to site OpenIXP ISP C Internet ISP B 3G ISP A The same concept - Can use bonding eoip-tunnel - Can use bonding vpls interface * not all provider supported because need 1512 MTU Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Interested with this low cost solution but don’t want to dive deep technical things? Let me help you! reza@astainformatics.com www.astainformatics.com ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
Any Question? Please feel free to contact me anytime after the presentation ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
ASTA INFORMATICS – Faisal Reza – www.astainformatics.com Thank You See you in another MUM! Special thanks to Forum Mikrotik Indonesia

Recommended

MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]Faisal Reza
 
MUM Laos 2017 - Choosing Mikrotik for Your Network
MUM Laos 2017 - Choosing Mikrotik for Your NetworkMUM Laos 2017 - Choosing Mikrotik for Your Network
MUM Laos 2017 - Choosing Mikrotik for Your NetworkFaisal Reza
 
Choosing MikroTik for Your Network
Choosing MikroTik for Your NetworkChoosing MikroTik for Your Network
Choosing MikroTik for Your NetworkFaisal Reza
 
Mikrotik load balansing
Mikrotik load balansingMikrotik load balansing
Mikrotik load balansingКирилл Кекер
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Kaveh Khosravi
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRASKHNOG
 
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)Rofiq Fauzi
 

Recommended

MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]Faisal Reza
 
MUM Laos 2017 - Choosing Mikrotik for Your Network
MUM Laos 2017 - Choosing Mikrotik for Your NetworkMUM Laos 2017 - Choosing Mikrotik for Your Network
MUM Laos 2017 - Choosing Mikrotik for Your NetworkFaisal Reza
 
Choosing MikroTik for Your Network
Choosing MikroTik for Your NetworkChoosing MikroTik for Your Network
Choosing MikroTik for Your NetworkFaisal Reza
 
Mikrotik load balansing
Mikrotik load balansingMikrotik load balansing
Mikrotik load balansingКирилл Кекер
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Kaveh Khosravi
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
Introduction to BRAS
Introduction to BRASIntroduction to BRAS
Introduction to BRASKHNOG
 
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)Rofiq Fauzi
 
Workshop IPv6 APJII Jawa Barat
Workshop IPv6 APJII Jawa Barat Workshop IPv6 APJII Jawa Barat
Workshop IPv6 APJII Jawa Barat Faisal Reza
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterKHNOG
 
Mikrotik advanced
Mikrotik advancedMikrotik advanced
Mikrotik advancedguest8423a64e
 
BRAC case study on mikrotik router for NGO network
BRAC case study on mikrotik router for NGO networkBRAC case study on mikrotik router for NGO network
BRAC case study on mikrotik router for NGO networkJobayer Almahmud Hossain (RHCA, RHCDS, RHCSS)
 
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - EnglishAdhie Lesmana
 
MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2Yaser Rahmati
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik TutorialMd Sohrab Hossain Sourav
 
CAPsMANv2 | Wireless APs Controller by MikroTik
CAPsMANv2 | Wireless APs Controller by MikroTikCAPsMANv2 | Wireless APs Controller by MikroTik
CAPsMANv2 | Wireless APs Controller by MikroTikDobri Boyadzhiev
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusDashamir Hoxha
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced trainingJignesh H. Bhalsod
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik SecurityRofiq Fauzi
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884Nisha Qazi
 
Mikrotik basic configuration
Mikrotik basic configurationMikrotik basic configuration
Mikrotik basic configurationTola LENG
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesAidan Venn MSc
 
MTCNA
MTCNAMTCNA
MTCNAgurubelajarmandiri
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerKHNOG
 
Huye Hombre, Huye Diario de un preso Fíes
Huye Hombre, Huye Diario de un preso FíesHuye Hombre, Huye Diario de un preso Fíes
Huye Hombre, Huye Diario de un preso Fíesnuestrocanto
 
Revista be energy, marzo de 2012 reportaje ipur
Revista be energy, marzo de 2012 reportaje ipurRevista be energy, marzo de 2012 reportaje ipur
Revista be energy, marzo de 2012 reportaje ipurIPUR, Asociación de la Industria del Poliuretano Rígido de España
 

More Related Content

What's hot

Workshop IPv6 APJII Jawa Barat
Workshop IPv6 APJII Jawa Barat Workshop IPv6 APJII Jawa Barat
Workshop IPv6 APJII Jawa Barat Faisal Reza
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
 
HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterKHNOG
 
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - EnglishAdhie Lesmana
 
MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2Yaser Rahmati
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 
CAPsMANv2 | Wireless APs Controller by MikroTik
CAPsMANv2 | Wireless APs Controller by MikroTikCAPsMANv2 | Wireless APs Controller by MikroTik
CAPsMANv2 | Wireless APs Controller by MikroTikDobri Boyadzhiev
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusDashamir Hoxha
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik SecurityRofiq Fauzi
 
Mikrotik basic configuration
Mikrotik basic configurationMikrotik basic configuration
Mikrotik basic configurationTola LENG
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesAidan Venn MSc
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerKHNOG
 

What's hot (20)

Workshop IPv6 APJII Jawa Barat
Workshop IPv6 APJII Jawa Barat Workshop IPv6 APJII Jawa Barat
Workshop IPv6 APJII Jawa Barat
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Management
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
 
HOTSPOT on MikroTik Router
HOTSPOT on MikroTik RouterHOTSPOT on MikroTik Router
HOTSPOT on MikroTik Router
 
Mikrotik advanced
Mikrotik advancedMikrotik advanced
Mikrotik advanced
 
BRAC case study on mikrotik router for NGO network
BRAC case study on mikrotik router for NGO networkBRAC case study on mikrotik router for NGO network
BRAC case study on mikrotik router for NGO network
 
MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English MikroTik Basic Training Class - Online Moduls - English
MikroTik Basic Training Class - Online Moduls - English
 
MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik Tutorial
 
CAPsMANv2 | Wireless APs Controller by MikroTik
CAPsMANv2 | Wireless APs Controller by MikroTikCAPsMANv2 | Wireless APs Controller by MikroTik
CAPsMANv2 | Wireless APs Controller by MikroTik
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and Radius
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
Mikrotik basic configuration
Mikrotik basic configurationMikrotik basic configuration
Mikrotik basic configuration
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devices
 
MTCNA
MTCNAMTCNA
MTCNA
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User Manager
 

Viewers also liked

Huye Hombre, Huye Diario de un preso Fíes
Huye Hombre, Huye Diario de un preso FíesHuye Hombre, Huye Diario de un preso Fíes
Huye Hombre, Huye Diario de un preso Fíesnuestrocanto
 
Ma Capital Resources Presentation
Ma Capital Resources PresentationMa Capital Resources Presentation
Ma Capital Resources Presentationrva65
 
Informática
InformáticaInformática
Informáticacharquis
 
r_villalobos_portfolio-EN
r_villalobos_portfolio-ENr_villalobos_portfolio-EN
r_villalobos_portfolio-ENrobvj09
 
Sustainable Times Issue 7
Sustainable Times Issue 7Sustainable Times Issue 7
Sustainable Times Issue 7John Peters
 
Best Practice in PROFIBUS Diagnostics
Best Practice in PROFIBUS DiagnosticsBest Practice in PROFIBUS Diagnostics
Best Practice in PROFIBUS DiagnosticsBernd Kremer
 
Devocional Job - Episodio 7
Devocional Job - Episodio 7Devocional Job - Episodio 7
Devocional Job - Episodio 7IglesiaMuf
 
Presentacion Prensa MBA del Siglo XXI
Presentacion Prensa MBA del Siglo XXIPresentacion Prensa MBA del Siglo XXI
Presentacion Prensa MBA del Siglo XXImbadelsigloxxi
 
Master thesis pascal_mueller05
Master thesis pascal_mueller05Master thesis pascal_mueller05
Master thesis pascal_mueller05guest39ce4e
 

Viewers also liked (20)

Huye Hombre, Huye Diario de un preso Fíes
Huye Hombre, Huye Diario de un preso FíesHuye Hombre, Huye Diario de un preso Fíes
Huye Hombre, Huye Diario de un preso Fíes
 
Revista be energy, marzo de 2012 reportaje ipur
Revista be energy, marzo de 2012 reportaje ipurRevista be energy, marzo de 2012 reportaje ipur
Revista be energy, marzo de 2012 reportaje ipur
 
Goethe werther
Goethe wertherGoethe werther
Goethe werther
 
Ma Capital Resources Presentation
Ma Capital Resources PresentationMa Capital Resources Presentation
Ma Capital Resources Presentation
 
Delha Affairs 1960
Delha Affairs 1960Delha Affairs 1960
Delha Affairs 1960
 
La crítica
La críticaLa crítica
La crítica
 
Integers
IntegersIntegers
Integers
 
Informática
InformáticaInformática
Informática
 
r_villalobos_portfolio-EN
r_villalobos_portfolio-ENr_villalobos_portfolio-EN
r_villalobos_portfolio-EN
 
Sustainable Times Issue 7
Sustainable Times Issue 7Sustainable Times Issue 7
Sustainable Times Issue 7
 
Best Practice in PROFIBUS Diagnostics
Best Practice in PROFIBUS DiagnosticsBest Practice in PROFIBUS Diagnostics
Best Practice in PROFIBUS Diagnostics
 
Devocional Job - Episodio 7
Devocional Job - Episodio 7Devocional Job - Episodio 7
Devocional Job - Episodio 7
 
ISTAO Startup Lab
ISTAO Startup Lab ISTAO Startup Lab
ISTAO Startup Lab
 
Taller1
Taller1Taller1
Taller1
 
Presentacion Prensa MBA del Siglo XXI
Presentacion Prensa MBA del Siglo XXIPresentacion Prensa MBA del Siglo XXI
Presentacion Prensa MBA del Siglo XXI
 
Master thesis pascal_mueller05
Master thesis pascal_mueller05Master thesis pascal_mueller05
Master thesis pascal_mueller05
 
George mead
George meadGeorge mead
George mead
 
Historia de la tecnología
Historia de la tecnologíaHistoria de la tecnología
Historia de la tecnología
 
Phehlane Semenya & Morgan Business Profile
Phehlane Semenya & Morgan Business ProfilePhehlane Semenya & Morgan Business Profile
Phehlane Semenya & Morgan Business Profile
 
EDICIÓN CON PIEDRA ROJA DE LA GOMERA
EDICIÓN CON PIEDRA ROJA DE LA GOMERAEDICIÓN CON PIEDRA ROJA DE LA GOMERA
EDICIÓN CON PIEDRA ROJA DE LA GOMERA
 

Similar to Low Sost Secure VPN SSTP - MUM ID 2012

Eng.Abd Elrhman.doc
Eng.Abd Elrhman.docEng.Abd Elrhman.doc
Eng.Abd Elrhman.docINOGHOST
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Canada
 
Real World Orchestration & Automation
Real World Orchestration & AutomationReal World Orchestration & Automation
Real World Orchestration & AutomationSmall Cell Forum
 
Networking Basics - Sales Account Manager Training
Networking Basics - Sales Account Manager TrainingNetworking Basics - Sales Account Manager Training
Networking Basics - Sales Account Manager TrainingArjun V
 
Palo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPalo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPatrickAng14
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Michael Graves
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Aruba, a Hewlett Packard Enterprise company
 
Peering in an IP World - Technology Requirements (3-nov, 2009)
Peering in an IP World - Technology Requirements (3-nov, 2009)Peering in an IP World - Technology Requirements (3-nov, 2009)
Peering in an IP World - Technology Requirements (3-nov, 2009)steve ulrich
 
LKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsAPNIC
 
Shortest path bridging 802.1 aq
Shortest path bridging 802.1 aqShortest path bridging 802.1 aq
Shortest path bridging 802.1 aqMotty Ben Atia
 
Van-Huynh_Resume_WithSummary
Van-Huynh_Resume_WithSummaryVan-Huynh_Resume_WithSummary
Van-Huynh_Resume_WithSummaryVan Huynh
 
Eng.Abd Elrhman.pdf
Eng.Abd Elrhman.pdfEng.Abd Elrhman.pdf
Eng.Abd Elrhman.pdfINOGHOST
 
Oracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle CloudOracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle Cloudpasalapudi
 
Discovery routing switching_chapter1_part1
Discovery routing switching_chapter1_part1Discovery routing switching_chapter1_part1
Discovery routing switching_chapter1_part1Naqiuddin Akmal
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase
 

Similar to Low Sost Secure VPN SSTP - MUM ID 2012 (20)

Eng.Abd Elrhman.doc
Eng.Abd Elrhman.docEng.Abd Elrhman.doc
Eng.Abd Elrhman.doc
 
Cisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation BranchCisco Intelligent Branch - Enabling the Next Generation Branch
Cisco Intelligent Branch - Enabling the Next Generation Branch
 
Ps Network
Ps NetworkPs Network
Ps Network
 
Real World Orchestration & Automation
Real World Orchestration & AutomationReal World Orchestration & Automation
Real World Orchestration & Automation
 
Networking Basics - Sales Account Manager Training
Networking Basics - Sales Account Manager TrainingNetworking Basics - Sales Account Manager Training
Networking Basics - Sales Account Manager Training
 
Palo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.pptPalo_Alto_Networks_Cust_June_2009.ppt
Palo_Alto_Networks_Cust_June_2009.ppt
 
Wajahat Hussain cv
Wajahat Hussain cvWajahat Hussain cv
Wajahat Hussain cv
 
Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010Acme Packet Presentation Materials for VUC June 18th 2010
Acme Packet Presentation Materials for VUC June 18th 2010
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
E s switch_v6_ch01
E s switch_v6_ch01E s switch_v6_ch01
E s switch_v6_ch01
 
Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...Extending mobility to remote networks with aruba instant, remote APs, and clo...
Extending mobility to remote networks with aruba instant, remote APs, and clo...
 
Peering in an IP World - Technology Requirements (3-nov, 2009)
Peering in an IP World - Technology Requirements (3-nov, 2009)Peering in an IP World - Technology Requirements (3-nov, 2009)
Peering in an IP World - Technology Requirements (3-nov, 2009)
 
LKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure ConnectionsLKNOG 2: Robust and Secure Connections
LKNOG 2: Robust and Secure Connections
 
Shortest path bridging 802.1 aq
Shortest path bridging 802.1 aqShortest path bridging 802.1 aq
Shortest path bridging 802.1 aq
 
Van-Huynh_Resume_WithSummary
Van-Huynh_Resume_WithSummaryVan-Huynh_Resume_WithSummary
Van-Huynh_Resume_WithSummary
 
Eng.Abd Elrhman.pdf
Eng.Abd Elrhman.pdfEng.Abd Elrhman.pdf
Eng.Abd Elrhman.pdf
 
Oracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle CloudOracle E-Business Suite On Oracle Cloud
Oracle E-Business Suite On Oracle Cloud
 
Discovery routing switching_chapter1_part1
Discovery routing switching_chapter1_part1Discovery routing switching_chapter1_part1
Discovery routing switching_chapter1_part1
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Low Sost Secure VPN SSTP - MUM ID 2012

  • 1. Low cost secure VPN MikroTik SSTP over OpenIXP (Indonesian Internet) ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 2. About Me Faisal Reza, ST. (si_faisal) - Co-founder Asta Informatics - using MikroTik since early 2008 applied in Internet Café, ISP, Enterprise Network, Multifinance, Hotel & many more. - MTCNA, MTCTCE - member of www.forummikrotik.com Specialities : Network Solution & Design, Virtualization ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 3. Asta Informatics Established 2011 • Solution Provider with Green IT principle • System Integrator for Server, Networking, Security and Private Cloud • IP Surveillance System • Broadband services • Free Consultation available More info : www.astainformatics.com AstaInformatics @AstaInformatics ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 4. Typical Configuration on Enterprise Network ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 5. Single Provider Branch Office Disaster Recovery Backup Site Site Project Single Provider Single provider VPN IP / MPLS Service - Data subscription - Voice Cons : - Video - No Backup Connection Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 6. Multi Provider Branch Office Disaster Recovery Backup Site Site Project 1st Provider 2nd If 1st link goes down, switch to 2nd link Provider Subscribe VPN IP / MPLS Service To two different provider Cons : - Only 1 link Active Other link as backup (idle) - High cost Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 7. Lets try different solution Build your Own VPN on public Infrastructure using ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 8. INDONESIAN INTERNET OpenIXP : Open Internet eXchange Point 1705 Switches NiCE : National interConnection Exchange 1855 Cross Connection IIX : Indonesian Internet eXchange 7276 IP routes 648 ASN (Networks) Peak Traffic 60.000 MB source : http://www.idc.co.id/network.html ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 9. OpenIXP / NiCE Open Internet eXchange Point National interConnection Exchange • All Provider - Connected In one place • we can buy IIX only connection (cheaper than dedicated VPN + get access to indonesian domestic site ) • Greater Bandwitdh, Cheaper Price • Low Latency inter provider, average < 10 ms • Multi Access option (fiber optic, wireless, microwave, ADSL, 3G, Wimax) • Freedom of choice ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 10. Branch Office Site Project Disaster Recovery Backup Site ISP C ISP B cilent to site OpenIXP ISP B Internet ISP A 3G - Freedom to choose Provider - Domestic (IIX-only) connection is cheaper - Possible to use non-dedicated line (ADSL, GPRS, 3G) – more cheap Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 11. ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 12. Solution • MikroTik as VPN Server • Because we rely on public infrastructure, security is more considered. • Using Secure Socket Tunnel Protocol (SSTP) with self-signed certificate (SSL) • Site-to-site & Client-to-site are supported • Multi-provider bandwitdh aggregation supported with eoip-tunnel or MPLS/VPLS over SSTP ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 13. SSTP Secure Socket Tunneling Protocol (SSTP) is the way to transport PPP tunnel over SSL 3.0 channel. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers. http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 14. 1. TCP connection is established from client to server (by default on port 443) 2. SSL validates server certificate. If certificate is valid connection is established otherwise connection is torn down. 3. The client sends SSTP control packets within the HTTPS session which establishes the SSTP state machine on both sides. 5. PPP negotiation over SSTP. Client authenticates to the server and binds IP addresses to SSTP interface 5.SSTP tunnel is now established and packet encapsulation can begin. http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 15. So, to connect to SSTP Server we need following requirement : 1. TCP Port 443 2. GRE protocol allowed 3. Username 4. Password 5. Valid Certificate (optional) Later, we will configure valid certificate are required to establish secure VPN connection! ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 16. Network Topology ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 17. Simple Diagram R1 LAN 1922.168.2.0/24 R2 R3 LAN LAN 192.168.2.0/24 192.168.3.0/24 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 18. SSTP Server Service Setup Step 1 : Enable SSTP 1 2 3 4 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 19. Step 2 : Create user access for R2 2 1 3 4 5 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 20. Step 3: Create user access for R3 2 1 3 4 5 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 21. User List R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 22. Step 3 : Create SSTP Server static interface 1 2 3 10 4 8 6 5 9 7 R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 23. SSTP server interface list R1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 24. SSTP Client Setup R2 5 4 2 1 8 3 6 7 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 25. SSTP Client Setup R3 5 4 2 1 8 3 6 7 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 26. R1 R2 R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 27. Test Ping, Success! its now Connected without SSL Certificates R2 R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 28. Generates Certificate • Generates self signed certificate using OpenSSL, FREE! • if not familiar using linux, you can install ubuntu over virtual box, just for generates certificate • #apt-get install openssl ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 29. Steps for generate self-signed SSL Certificate Step 1 : ca.key (CA = Certificate Authority) is the company which issues the SSL Certificate in this case, we use self-signed, our private CA root@reza:~# openssl genrsa -des3 -out ca.key 4096 Generating RSA private key, 4096 bit long modulus ......++ ...............................................................................++ e is 65537 (0x10001) Enter pass phrase for ca.key: mikrotik Verifying - Enter pass phrase for ca.key: mikrotik root@reza:~# ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 30. Step 2 : ca.crt root@reza:~# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt Enter pass phrase for ca.key: mikrotik You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mikrotik Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Mikrotik Email Address []:admin@test.com ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 31. Certificate Pair for server Step 3 : server.key root@reza:~# openssl genrsa -des3 -out server.key 4096 Generating RSA private key, 4096 bit long modulus .....................................................................................++ ............................................................................................................++ e is 65537 (0x10001) Enter pass phrase for server.key: mikrotik Verifying - Enter pass phrase for server.key:mikrotik root@reza:~# ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 32. Step 4 : server.csr root@reza:~# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mikrotik Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Mikrotik Email Address []:admin@test.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:mikrotik An optional company name []:Mikrotik ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 33. Step 5 : server.crt root@reza:~# openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key - set_serial 01 -out server.crt Signature ok subject=/C=ID/ST=Jakarta/L=Jakarta/O=Mikrotik/OU=IT/CN=Mikrotik/emailAddress=ad min@test.com Getting CA Private Key Enter pass phrase for ca.key: mikrotik root@reza:~# ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 34. Generate Client Certificate Pair Step 6 : client.key root@reza:~# openssl genrsa -des3 -out client.key 4096 Generating RSA private key, 4096 bit long modulus .................................................++ .................................................++ e is 65537 (0x10001) Enter pass phrase for client.key: mikrotik Verifying - Enter pass phrase for client.key: mikrotik root@reza ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 35. Step 7 : client.csr root@reza:~# openssl req -new -key client.key -out client.csr Enter pass phrase for client.key: mikrotik You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mikrotik Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:Mikrotik Email Address []:admin@test.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:mikrotik An optional company name []:Mikrotik ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 36. Step 8 : client.crt root@reza:~# openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key - set_serial 01 -out client.crt Signature ok subject=/C=ID/ST=Jakarta/L=Jakarta/O=Mikrotik/OU=IT/CN=Mikrotik/emailAddress=ad min@test.com Getting CA Private Key Enter pass phrase for ca.key: mikrotik Now we have 8 files as below, 6 will be used : -rw-r--r-- 1 root root 2297 2012-10-19 16:03 ca.crt  used -rw-r--r-- 1 root root 3311 2012-10-19 15:59 ca.key  user -rw-r--r-- 1 root root 1960 2012-10-19 16:30 client.crt  used -rw-r--r-- 1 root root 1805 2012-10-19 16:28 client.csr -rw-r--r-- 1 root root 3311 2012-10-19 16:25 client.key  user -rw-r--r-- 1 root root 1960 2012-10-19 16:19 server.crt  used -rw-r--r-- 1 root root 1805 2012-10-19 16:16 server.csr -rw-r--r-- 1 root root 3311 2012-10-19 16:12 server.key used ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 37. Certificate Distribution ca.key ca.crt Server.key Server.crt R1 when use R2 R3 client ca.key ca.key certificate ca.crt ca.crt client.key client.key verification, client.crt client.crt CA certificate must be imported too ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 38. Upload certificate to each Router Upload the certificate file according to certificate distribution using ftp, ssh, file copy etc. R1 R2 R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 39. IMPORT SERVER CERTIFICATE to MikroTik [admin@R1-LAB] /certificate> import file-name=server.crt R1 passphrase: mikrotik certificates-imported: 1 private-keys-imported: 0 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 [admin@R1-LAB] /certificate> import file-name=server.key passphrase: mikrotik certificates-imported: 0 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 If everything is imported properly then certificate should show up with KR flag. ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 40. Server Certificate ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 41. R1 Import ca.crt [admin@R1-LAB] /certificate> import file-name=ca.crt passphrase: mikrotik certificates-imported: 1 private-keys-imported: 0 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 [admin@R1-LAB] /certificate> import file-name=ca.key passphrase: mikrotik certificates-imported: 0 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 42. R2 Client Certificate R3 admin@R2-LAB] /certificate> import file-name=client.crt passphrase: mikrotik certificates-imported: 1 private-keys-imported: 0 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 [admin@R2-LAB] /certificate> import file-name=client.key passphrase: mikrotik certificates-imported: 0 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 43. R1 Set SSTP Server Using Certificate 1 2 5 3 4 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 44. R2 Set SSTP Client Using Certificate 1 2 6 3 5 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 45. Before Activate the Cert on Client R3 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 46. Set certificate, then Secure Connect! R3 4 1 3 2 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 47. Access to LAN segment in each router Using static routing using sstp connected ip address as gateway : suitable for small network [admin@R1-LAB] > ip route add dst-address=192.168.2.0/24 gateway=10.0.1.2 R1 [admin@R1-LAB] > ip route add dst-address=192.168.3.0/24 gateway=10.0.1.6 [admin@R2-LAB] > ip route add dst-address=192.168.1.0/24 gateway=10.0.1.1 R2 [admin@R2-LAB] > ip route add dst-address=192.168.3.0/24 gateway=10.0.1.1 [admin@R2-LAB] > ip route add dst-address=10.0.1.4/30 gateway=10.0.1.1 [admin@R3-LAB] > ip route add dst-address=192.168.1.0/24 gateway=10.0.1.1 R3 [admin@R3-LAB] > ip route add dst-address=192.168.2.0/24 gateway=10.0.1.1 [admin@R3-LAB] > ip route add dst-address=10.0.1.0/30 gateway=10.0.1.1 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 48. using OSPF ove SSTP R1 for Larger Network ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 49. R1 Routing > OSPF > Instances ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 50. R1 Routing > OSPF > Networks Routing > OSPF > Neighbours ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 51. Routing > OSPF > Instances R2 Routing > OSPF > Networks Routing > OSPF > Neighbours ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 52. Routing > OSPF > Instances R3 Routing > OSPF > Networks Routing > OSPF > Neighbours ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 53. All Routing Table R1 R3 R2 ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 54. Branch Office Hybrid Provider Site Project Disaster Recovery ISP E Backup Site ISP F ISP C ISP D cilent to site OpenIXP ISP C Internet ISP B 3G ISP A The same concept - Can use bonding eoip-tunnel - Can use bonding vpls interface * not all provider supported because need 1512 MTU Head Office ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 55. Interested with this low cost solution but don’t want to dive deep technical things? Let me help you! reza@astainformatics.com www.astainformatics.com ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 56. Any Question? Please feel free to contact me anytime after the presentation ASTA INFORMATICS – Faisal Reza – www.astainformatics.com
  • 57. ASTA INFORMATICS – Faisal Reza – www.astainformatics.com Thank You See you in another MUM! Special thanks to Forum Mikrotik Indonesia