SlideShare a Scribd company logo

Tunnel & vpn1

Download as PPT, PDF
A
ariesubagyo

This document discusses various types of VPN tunnels and VPN configurations using MikroTik RouterOS. It describes how Ethernet over IP (EoIP), VLANs, and Point-to-Point protocols like PPTP and L2TP can be used to securely connect private networks over public networks. It provides instructions for configuring EoIP, VLANs, PPTP clients and servers, and L2TP clients and servers. User authentication and access control methods like local user databases and IP pools are also covered.

1 of 66
Tunnel & VPNTunnel & VPN
VPN BenefitsVPN Benefits  Enable communications between corporateEnable communications between corporate  private LANs overprivate LANs over  Public networksPublic networks  Leased linesLeased lines  Wireless linksWireless links  Corporate resources (e-mail, servers, printers)Corporate resources (e-mail, servers, printers) can be accessed securely by users havingcan be accessed securely by users having granted access rights from outside (home,granted access rights from outside (home, while travelling, etc.)while travelling, etc.)
Jenis Tunnel dan VPNJenis Tunnel dan VPN  IPIPIPIP  EoIPEoIP  PPPoEPPPoE  PPTPPPTP  IPSecIPSec  VlanVlan  L2TPL2TP  OVPNOVPN
VLANVLAN  VLAN is an implementation of the 802.1QVLAN is an implementation of the 802.1Q VLAN protocol for MikroTik RouterOSVLAN protocol for MikroTik RouterOS  A VLAN is a logical grouping that allows endA VLAN is a logical grouping that allows end users to communicate as if they wereusers to communicate as if they were physically connected to a single isolated LAN.physically connected to a single isolated LAN.  As VLAN works on OSI Layer 2,As VLAN works on OSI Layer 2,
Vlan NetworkVlan Network
Konfigurasi VlanKonfigurasi Vlan  On the Router 1On the Router 1  [nico@router1] interface vlan> add name=test[nico@router1] interface vlan> add name=test vlan-id=32 interface=ether1vlan-id=32 interface=ether1  [nico@router1] ip address> add[nico@router1] ip address> add address=10.10.10.1/24 interface=testaddress=10.10.10.1/24 interface=test  [nico@router1] ip address> /ping 10.10.10.1[nico@router1] ip address> /ping 10.10.10.1 10.10.10.1 64 byte pong: ttl=255 time=3 ms10.10.10.1 64 byte pong: ttl=255 time=3 ms 10.10.10.1 64 byte pong: ttl=255 time=4 ms10.10.10.1 64 byte pong: ttl=255 time=4 ms
 On the Router 2On the Router 2  [nico@router2] interface vlan> add name=test1 vlan-[nico@router2] interface vlan> add name=test1 vlan- id=32 interface=ether1id=32 interface=ether1  [nico@router2] ip address> add address=10.10.10.2/24[nico@router2] ip address> add address=10.10.10.2/24 interface=test1interface=test1  [nico@router2] ip address> /ping 10.10.10.2[nico@router2] ip address> /ping 10.10.10.2 10.10.10.2 64 byte pong: ttl=255 time=3 ms10.10.10.2 64 byte pong: ttl=255 time=3 ms 10.10.10.2 64 byte pong: ttl=255 time=4 ms10.10.10.2 64 byte pong: ttl=255 time=4 ms
Ethernet over IPEthernet over IP  MikroTik proprietary protocol.MikroTik proprietary protocol.  Simple in configurationSimple in configuration  Don't have authentication or data encryptionDon't have authentication or data encryption capabilitiescapabilities  Encapsulates Ethernet frames into IP protocolEncapsulates Ethernet frames into IP protocol 47/gre packets, thus EOIP is capable to carry47/gre packets, thus EOIP is capable to carry MAC-addressesMAC-addresses  EOIP is a tunnel with bridge capabilitiesEOIP is a tunnel with bridge capabilities
Membuat Tunnel EoIPMembuat Tunnel EoIP
 Check that you are able to ping remote addressCheck that you are able to ping remote address before creating a tunnel to itbefore creating a tunnel to it  Make sure that your EOIP tunnel will haveMake sure that your EOIP tunnel will have unique MAC-address (it should be fromunique MAC-address (it should be from EF:xx:xx:xx:xx:xx range)EF:xx:xx:xx:xx:xx range)  Tunnel ID on both ends of the EOIP tunnelTunnel ID on both ends of the EOIP tunnel must be the same – it helps to separate onemust be the same – it helps to separate one tunnel from othertunnel from other
EoIP and BridgingEoIP and Bridging  EoIP Interface can be bridged with any otherEoIP Interface can be bridged with any other  EoIP or Ethernet-like interface. Main use ofEoIP or Ethernet-like interface. Main use of EoIP tunnels is to transparently bridge remoteEoIP tunnels is to transparently bridge remote networks.networks.  EoIP protocol does not provide dataEoIP protocol does not provide data encryption,therefore it should be run overencryption,therefore it should be run over encrypted tunnel interface, e.g., PPTP orencrypted tunnel interface, e.g., PPTP or PPPoE, if high security is required.PPPoE, if high security is required.
Konfigurasi EoIPKonfigurasi EoIP
Seting AP di router 1Seting AP di router 1
Create IP addressCreate IP address
Create Eoip InterfaceCreate Eoip Interface
Create BridgeCreate Bridge
Create Bridge PortCreate Bridge Port
View InterfaceView Interface
Konfigurasi Router 2Konfigurasi Router 2  Create station di wlan1Create station di wlan1
Create ip addressCreate ip address
Create EoIPCreate EoIP
Create BridgeCreate Bridge
Create Bridge PortCreate Bridge Port
View interfaceView interface
Tes KonfigurasiTes Konfigurasi  Tambahkan ip address di laptop satu kelasTambahkan ip address di laptop satu kelas dengan ip internetdengan ip internet  Ping gateway melalui network EoIP yang telahPing gateway melalui network EoIP yang telah dibuat.dibuat.
Hasil TesHasil Tes
Workshop EoIPWorkshop EoIP  Create EOIP tunnel with your neighbor(s)Create EOIP tunnel with your neighbor(s) Transfer to /22 private networks – this wayTransfer to /22 private networks – this way youyou  will be in the same network with yourwill be in the same network with your neighbor,and local addresses will remain theneighbor,and local addresses will remain the samesame  Bridge your private networks via EoIPBridge your private networks via EoIP
/32 IP Addresses/32 IP Addresses  IP addresses are added to the tunnel interfacesIP addresses are added to the tunnel interfaces  Use /30 network to save address space, forUse /30 network to save address space, for  example:example:  10.1.6.1/30 and 10.1.6.2/30 from network10.1.6.1/30 and 10.1.6.2/30 from network  10.1.6.0/3010.1.6.0/30  It is possible to use point to point addressing,It is possible to use point to point addressing,  for example:for example:  10.1.6.1/32, network 10.1.7.110.1.6.1/32, network 10.1.7.1  10.1.7.1/32, network 10.1.6.110.1.7.1/32, network 10.1.6.1
EoIP and /30 RoutingEoIP and /30 Routing
EoIP and /32 RoutingEoIP and /32 Routing
Local User DatabaseLocal User Database  PPP ProfilePPP Profile  PPP SecretPPP Secret
Point-to-Point protocol tunnelsPoint-to-Point protocol tunnels  A little bit sophisticated in configurationA little bit sophisticated in configuration  Capable of authentication and data encryptionCapable of authentication and data encryption  Such tunnels are:Such tunnels are:  PPPoE (Point-to-Point Protocol over Ethernet)PPPoE (Point-to-Point Protocol over Ethernet)  PPTP (Point-to-Point Tunneling Protocol)PPTP (Point-to-Point Tunneling Protocol)  L2TP (Layer 2 Tunneling Protocol)L2TP (Layer 2 Tunneling Protocol)  You should create user information beforeYou should create user information before  creating any tunnelscreating any tunnels
PPP SecretPPP Secret  PPP secret (aka local PPP user database) stores PPPPPP secret (aka local PPP user database) stores PPP user access recordsuser access records  Make notice that user passwords are displayed in theMake notice that user passwords are displayed in the plain text – anyone who has access to the router areplain text – anyone who has access to the router are able to see all passwordsable to see all passwords  It is possible to assign specific /32 address to bothIt is possible to assign specific /32 address to both ends of the PPTP tunnel for this userends of the PPTP tunnel for this user  Settings inSettings in /ppp secret/ppp secret user database overrideuser database override correspondingcorresponding /ppp profile/ppp profile settingssettings
PPP SecretPPP Secret
PPP Profile and IP PoolsPPP Profile and IP Pools  PPP profiles define default values for userPPP profiles define default values for user access records stored underaccess records stored under /ppp secret/ppp secret submenusubmenu  PPP profiles are used for more than 1 user soPPP profiles are used for more than 1 user so there must be more than 1 IP address to givethere must be more than 1 IP address to give out - we should use IP pool as “Remoteout - we should use IP pool as “Remote address” valueaddress” value  Value “default” means – if option is comingValue “default” means – if option is coming from RADIUS server it won't be overridedfrom RADIUS server it won't be overrided
PPP ProfilePPP Profile
Change TCP MSSChange TCP MSS  Big 1500 byte packets have problems goingBig 1500 byte packets have problems going trought the tunnels because:trought the tunnels because:  Standard Ethernet MTU is 1500 bytesStandard Ethernet MTU is 1500 bytes  PPTP and L2TP tunnel MTU is 1460 bytesPPTP and L2TP tunnel MTU is 1460 bytes  PPPOE tunnel MTU is 1488 bytesPPPOE tunnel MTU is 1488 bytes  By enabling “change TCP MSS option,By enabling “change TCP MSS option, dynamic mangle rule will be created for eachdynamic mangle rule will be created for each active user to ensure right size of TCP packets,active user to ensure right size of TCP packets, so they will be able to go through the tunnelso they will be able to go through the tunnel
PPTP & L2TPPPTP & L2TP  Point-to-Point Tunnelling ProtocolPoint-to-Point Tunnelling Protocol  PPTP uses TCP port 1723 and IP protocol 47/ GREPPTP uses TCP port 1723 and IP protocol 47/ GRE  There is a PPTP-server and PPTP-clientsThere is a PPTP-server and PPTP-clients  PPTP clients are available for and/or included inPPTP clients are available for and/or included in almost all OSalmost all OS  You must use PPTP and GRE “NAT helpers” toYou must use PPTP and GRE “NAT helpers” to connect to any public PPTP server from your privateconnect to any public PPTP server from your private masqueraded networkmasqueraded network
L2TP TunnelsL2TP Tunnels  PPTP and L2TP have mostly the samePPTP and L2TP have mostly the same functionalityfunctionality  L2TP traffic uses UDP port 1701 only for linkL2TP traffic uses UDP port 1701 only for link establishment, further traffic is using anyestablishment, further traffic is using any available UDP portavailable UDP port  L2TP don't have problems with NATed clientsL2TP don't have problems with NATed clients – it don't required “NAT helpers”– it don't required “NAT helpers”  Configuration of the both tunnels are identicalConfiguration of the both tunnels are identical in RouterOSin RouterOS
L2TP AplicationL2TP Aplication  secure router-to-router tunnels over the Internetsecure router-to-router tunnels over the Internet  linking (bridging) local Intranets or LANs (inlinking (bridging) local Intranets or LANs (in cooperation with EoIP)cooperation with EoIP)  extending PPP user connections to a remote locationextending PPP user connections to a remote location (for example, to separate authentication and Internet(for example, to separate authentication and Internet access points for ISP)access points for ISP)  accessing an Intranet/LAN of a company for remoteaccessing an Intranet/LAN of a company for remote (mobile) clients (employees)(mobile) clients (employees)
Creating PPTP/L2TP ClientCreating PPTP/L2TP Client
Creating PPTP/L2TP serverCreating PPTP/L2TP server
PPTP Client LabPPTP Client Lab  Create PPTP clientCreate PPTP client  Server Address:10.1.2.1Server Address:10.1.2.1  User: adminUser: admin  Password: adminPassword: admin  Add default route = yesAdd default route = yes  Make necessary adjustments to access theMake necessary adjustments to access the internetinternet
Network L2TPNetwork L2TP
Konfigurasi ScriptKonfigurasi Script  On Router 1On Router 1  Enable the L2TP serverEnable the L2TP server  [admin@L2TP-Server] interface l2tp-server[admin@L2TP-Server] interface l2tp-server server> set enabled=yesserver> set enabled=yes  Add a L2TP user:Add a L2TP user:  [admin@L2TP-Server] ppp secret> add[admin@L2TP-Server] ppp secret> add name=james password=pass ... local-name=james password=pass ... local- address=10.0.0.1 remote-address=10.0.0.2address=10.0.0.1 remote-address=10.0.0.2
Konfigurasi ScriptKonfigurasi Script  On Router 2On Router 2  Add a L2TP client:Add a L2TP client:  admin@L2TP-Client] interface l2tp-client> addadmin@L2TP-Client] interface l2tp-client> add user=james password=pass ... connect-user=james password=pass ... connect- to=10.5.8.104to=10.5.8.104
Monitoring L2TP ClientMonitoring L2TP Client  Example of an established connectionExample of an established connection  [admin@MikroTik] interface l2tp-client>[admin@MikroTik] interface l2tp-client> monitor test2monitor test2 status: "connected"status: "connected" uptime: 4m27suptime: 4m27s encoding: "MPPE128 stateless"encoding: "MPPE128 stateless"
User Access ControlUser Access Control  Controlling the HardwareControlling the Hardware  Static IP and ARP entriesStatic IP and ARP entries  DHCP for assigning IP addresses and managingDHCP for assigning IP addresses and managing ARP entriesARP entries  Controlling the UsersControlling the Users  PPPoE requires PPPoE client configurationPPPoE requires PPPoE client configuration  HotSpot redirects client request to the sign-up pageHotSpot redirects client request to the sign-up page  PPTP requires PPTP client configurationPPTP requires PPTP client configuration
PPPoEPPPoE  Point-to-Point Protocol over EthernetPoint-to-Point Protocol over Ethernet  PPPoE works in OSI 2nd (data link) layerPPPoE works in OSI 2nd (data link) layer  PPPoE is used to hand out IP addresses to clientsPPPoE is used to hand out IP addresses to clients based on the user authenticationbased on the user authentication  PPPoE requires a dedicated access concentratorPPPoE requires a dedicated access concentrator (server), which PPPoE clients connect to.(server), which PPPoE clients connect to.  Most operating systems have PPPoE client software.Most operating systems have PPPoE client software. Windows XP has PPPoE client installed by defaultWindows XP has PPPoE client installed by default
PPPoE clientPPPoE client
PPPoE Client LabPPPoE Client Lab  Create PPTP clientCreate PPTP client  Interface: wlan1Interface: wlan1  Service:pppoeService:pppoe  User: adminUser: admin  Password: adminPassword: admin  Add default route = yesAdd default route = yes  Make necessary adjustments to access theMake necessary adjustments to access the internetinternet
PPPoE Client StatusPPPoE Client Status  Check your PPPoE connectionCheck your PPPoE connection  Is the interface enabled?Is the interface enabled?  Is it “connected” and running (R)?Is it “connected” and running (R)?  Is there a dynamic (D) IP address assigned to theIs there a dynamic (D) IP address assigned to the  pppoe client interface in the IP Address list?pppoe client interface in the IP Address list?  What are the netmask and the network address?What are the netmask and the network address?  What routes do you have on the pppoe clientWhat routes do you have on the pppoe client interface?interface?  See the “Log” for troubleshooting!See the “Log” for troubleshooting!
PPPoE Lab with EncryptionPPPoE Lab with Encryption  The PPPoE access concentrator is changed toThe PPPoE access concentrator is changed to use encryption nowuse encryption now  You should use encryption, eitherYou should use encryption, either  change the ppp profile used for the pppoe client tochange the ppp profile used for the pppoe client to default-encryption', or,default-encryption', or,  modify the ppp profile used for the pppoe client tomodify the ppp profile used for the pppoe client to use encryptionuse encryption  See if you get the pppoe connection runningSee if you get the pppoe connection running
PPPoE ServerPPPoE Server  PPPoE server accepts PPPoE clientPPPoE server accepts PPPoE client connections on a given interfaceconnections on a given interface  Clients can be authenticated againstClients can be authenticated against  the local user database (ppp secrets)the local user database (ppp secrets)  a remote RADIUS servera remote RADIUS server  a remote or a local MikroTik User Managera remote or a local MikroTik User Manager databasedatabase  Clients can have automatic data rate limitationClients can have automatic data rate limitation according to their profileaccording to their profile
Creating PPPoE serverCreating PPPoE server
Workshop PPPoEWorkshop PPPoE
KonfigurasiKonfigurasi  Set AP Bridge ModeSet AP Bridge Mode  Set IP AddressSet IP Address  Set IP RouteSet IP Route  Set PPPoE server in Wifi InterfaceSet PPPoE server in Wifi Interface  Set up PPPoE Client ( PPP Secret )Set up PPPoE Client ( PPP Secret )  Set up IP Pool (10.10.10.100-10.10.10.103)Set up IP Pool (10.10.10.100-10.10.10.103)  Set up client windows PPPoESet up client windows PPPoE
PPP interface BridgingPPP interface Bridging  PPP BCP (Bridge Control Protocol)PPP BCP (Bridge Control Protocol)  PPP MP (Multi-link Protocol)PPP MP (Multi-link Protocol)
PPP Bridge Control ProtocolPPP Bridge Control Protocol  RouterOS now have BCP support for allRouterOS now have BCP support for all async. PPP, PPTP, L2TP & PPPoE (not ISDN)async. PPP, PPTP, L2TP & PPPoE (not ISDN) interfacesinterfaces  If BCP is established, PPP tunnel does notIf BCP is established, PPP tunnel does not require IP addressrequire IP address  Bridged Tunnel IP address (if present) doesBridged Tunnel IP address (if present) does not applies to whole bridge – it stays only onnot applies to whole bridge – it stays only on PPP interface (routed IP packets can goPPP interface (routed IP packets can go through the tunnel as usual)through the tunnel as usual)
Setting up BCPSetting up BCP  You must specify bridge option in the ppp profiles onYou must specify bridge option in the ppp profiles on bothboth ends of the tunnel.ends of the tunnel.  The bridgeThe bridge mustmust have manually set MAC address, or at leasthave manually set MAC address, or at least one regular interface in it, because ppp interfaces do not haveone regular interface in it, because ppp interfaces do not have MAC addresses.MAC addresses.
PPP Bridging ProblemPPP Bridging Problem  PPP interface MTU is smaller than standard EthernetPPP interface MTU is smaller than standard Ethernet interfaceinterface  It is impossible to fragment Ethernet frames –tunnelsIt is impossible to fragment Ethernet frames –tunnels must have inner algorithm how to encapsulate andmust have inner algorithm how to encapsulate and transfer Ethernet frames via link with smaller MTUtransfer Ethernet frames via link with smaller MTU  EOIP have encapsulation algorithm enabled byEOIP have encapsulation algorithm enabled by default, PPP interfaces doesn'tdefault, PPP interfaces doesn't  PPP interfaces can utilize PPP Multi-link Protocol toPPP interfaces can utilize PPP Multi-link Protocol to encapsulate Ethernet framesencapsulate Ethernet frames
PPP Multi-link ProtocolPPP Multi-link Protocol  PPP Multi-link Protocol allows to open multiplePPP Multi-link Protocol allows to open multiple simultaneous channels between systemssimultaneous channels between systems  It is possible to split and recombine packets, betweenIt is possible to split and recombine packets, between several channels – resulting in increase the effectiveseveral channels – resulting in increase the effective maximum receive unit (MRU)maximum receive unit (MRU)  To enable PPP Multi-link Protocol you must specifyTo enable PPP Multi-link Protocol you must specify MRRU optionMRRU option  In MS Windows you must enable "Negotiate multi-In MS Windows you must enable "Negotiate multi- link for single link connections" optionlink for single link connections" option
PPP Multi-link ProtocolPPP Multi-link Protocol

Recommended

Npppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDNpppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSD
Giovanni Bechis
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
Uday Bhatia
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)
Suraj Kumar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
Cisco Certified Network Associate
Cisco Certified Network AssociateCisco Certified Network Associate
Cisco Certified Network Associate
Sumit K Das
 

Recommended

Npppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSDNpppd: easy vpn with OpenBSD
Npppd: easy vpn with OpenBSD
Giovanni Bechis
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
Uday Bhatia
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Vpn(4)
Vpn(4)Vpn(4)
Vpn(4)
Suraj Kumar
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
Peter R. Egli
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
Cisco Certified Network Associate
Cisco Certified Network AssociateCisco Certified Network Associate
Cisco Certified Network Associate
Sumit K Das
 
Netflow slides
Netflow slidesNetflow slides
Netflow slides
Jose Manuel Vega Monroy
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
Olivier Bonaventure
 
XMPP, HTTP and UPnP
XMPP, HTTP and UPnPXMPP, HTTP and UPnP
XMPP, HTTP and UPnP
ITVoyagers
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guide
Sopon Tumchota
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
Andriy Berestovskyy
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
Emin Abdul Azeez
 
6lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp016lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp01
mrmr2010i
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
Anna Volynkina
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
Arrive Technologies, Inc.
 
CCNA Routing Protocols
CCNA Routing Protocols CCNA Routing Protocols
CCNA Routing Protocols
Mansour Naslcheraghi
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocols
Varinder Singh Walia
 
Solving QoS multicast routing problem using aco algorithm
Solving QoS multicast routing problem using aco algorithm Solving QoS multicast routing problem using aco algorithm
Solving QoS multicast routing problem using aco algorithm
Abdullaziz Tagawy
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
Reliance Comm
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
Sasank Chaitanya
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
NetProtocol Xpert
 
Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
APNIC
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
Riazehri
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
Netscreen Policy Based Routing
Netscreen Policy Based RoutingNetscreen Policy Based Routing
Netscreen Policy Based Routing
Bart Jansens
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
sandy_vasan
 

More Related Content

What's hot

Netflow slides
Netflow slidesNetflow slides
Netflow slides
Jose Manuel Vega Monroy
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
Olivier Bonaventure
 
XMPP, HTTP and UPnP
XMPP, HTTP and UPnPXMPP, HTTP and UPnP
XMPP, HTTP and UPnP
ITVoyagers
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guide
Sopon Tumchota
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
Andriy Berestovskyy
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
Emin Abdul Azeez
 
6lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp016lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp01
mrmr2010i
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
Anna Volynkina
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
Arrive Technologies, Inc.
 
CCNA Routing Protocols
CCNA Routing Protocols CCNA Routing Protocols
CCNA Routing Protocols
Mansour Naslcheraghi
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocols
Varinder Singh Walia
 
Solving QoS multicast routing problem using aco algorithm
Solving QoS multicast routing problem using aco algorithm Solving QoS multicast routing problem using aco algorithm
Solving QoS multicast routing problem using aco algorithm
Abdullaziz Tagawy
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
Reliance Comm
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
Sasank Chaitanya
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
NetProtocol Xpert
 
Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
APNIC
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
Riazehri
 

What's hot (19)

Netflow slides
Netflow slidesNetflow slides
Netflow slides
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
 
XMPP, HTTP and UPnP
XMPP, HTTP and UPnPXMPP, HTTP and UPnP
XMPP, HTTP and UPnP
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guide
 
IPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP ExplainedIPsec Basics: AH and ESP Explained
IPsec Basics: AH and ESP Explained
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
6lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp016lowpan 110828234426-phpapp01
6lowpan 110828234426-phpapp01
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
 
Tlc 004 - take a sip of sip
Tlc 004 - take a sip of sipTlc 004 - take a sip of sip
Tlc 004 - take a sip of sip
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
 
CCNA Routing Protocols
CCNA Routing Protocols CCNA Routing Protocols
CCNA Routing Protocols
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocols
 
Solving QoS multicast routing problem using aco algorithm
Solving QoS multicast routing problem using aco algorithm Solving QoS multicast routing problem using aco algorithm
Solving QoS multicast routing problem using aco algorithm
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
 
Nat pat
Nat patNat pat
Nat pat
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
 

Viewers also liked

OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
Leonardo Nve Egea
 
Netscreen Policy Based Routing
Netscreen Policy Based RoutingNetscreen Policy Based Routing
Netscreen Policy Based Routing
Bart Jansens
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
sandy_vasan
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
ShortestPathFirst
 
Mikrotik load balansing
Mikrotik load balansingMikrotik load balansing
Mikrotik load balansing
Кирилл Кекер
 
DNS rehabilitation Concept
DNS rehabilitation ConceptDNS rehabilitation Concept
DNS rehabilitation Concept
Alenamudr
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
Chinmay Joshi
 

Viewers also liked (7)

OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
 
Netscreen Policy Based Routing
Netscreen Policy Based RoutingNetscreen Policy Based Routing
Netscreen Policy Based Routing
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
 
Mikrotik load balansing
Mikrotik load balansingMikrotik load balansing
Mikrotik load balansing
 
DNS rehabilitation Concept
DNS rehabilitation ConceptDNS rehabilitation Concept
DNS rehabilitation Concept
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
 

Similar to Tunnel & vpn1

Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private Network
IRJET Journal
 
ACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPNACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPN
Sleek International
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALS
Varinder Singh Walia
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
SMC Networks Europe
 
Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6
Jhoni Guerrero
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
adam_merritt
 
Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocol
Kirti Ahirrao
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
Swarup Kumar Mall
 
Tcp ip tutorial
Tcp ip tutorialTcp ip tutorial
Tcp ip tutorial
PRINCE KUMAR
 
Normas y Estándares
Normas y EstándaresNormas y Estándares
Normas y Estándares
guestc07d512a
 
CCNA
CCNACCNA
CCNA
Abhishek Parihari
 
Configuring the Device as a PPPoE Client on Huawei AR1200
Configuring the Device as a PPPoE Client on Huawei AR1200Configuring the Device as a PPPoE Client on Huawei AR1200
Configuring the Device as a PPPoE Client on Huawei AR1200
Huanetwork
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
Jeff Green
 
Vpn
VpnVpn
Vpn
proser tech
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
masoodnt10
 
Ip sec
Ip secIp sec
Ip sec
Shiva Krishna Chandra Shekar
 
Itn instructor ppt_chapter6_network_layer
Itn instructor ppt_chapter6_network_layerItn instructor ppt_chapter6_network_layer
Itn instructor ppt_chapter6_network_layer
Universitas Teknokrat Indonesia
 
Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6
Hamza Malik
 
L2tp1
L2tp1L2tp1
L2tp1
Shiva Krishna Chandra Shekar
 
Vpn
Vpn Vpn
Vpn
Vikram Rathore
 

Similar to Tunnel & vpn1 (20)

Review on Protocols of Virtual Private Network
Review on Protocols of Virtual Private NetworkReview on Protocols of Virtual Private Network
Review on Protocols of Virtual Private Network
 
ACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPNACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPN
 
BASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALSBASIC TO ADVANCED NETWORKING TUTORIALS
BASIC TO ADVANCED NETWORKING TUTORIALS
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
Network access layer security protocol
Network access layer security protocolNetwork access layer security protocol
Network access layer security protocol
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
Tcp ip tutorial
Tcp ip tutorialTcp ip tutorial
Tcp ip tutorial
 
Normas y Estándares
Normas y EstándaresNormas y Estándares
Normas y Estándares
 
CCNA
CCNACCNA
CCNA
 
Configuring the Device as a PPPoE Client on Huawei AR1200
Configuring the Device as a PPPoE Client on Huawei AR1200Configuring the Device as a PPPoE Client on Huawei AR1200
Configuring the Device as a PPPoE Client on Huawei AR1200
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
 
Vpn
VpnVpn
Vpn
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
Ip sec
Ip secIp sec
Ip sec
 
Itn instructor ppt_chapter6_network_layer
Itn instructor ppt_chapter6_network_layerItn instructor ppt_chapter6_network_layer
Itn instructor ppt_chapter6_network_layer
 
Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6
 
L2tp1
L2tp1L2tp1
L2tp1
 
Vpn
Vpn Vpn
Vpn
 

Recently uploaded

Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
maazsz111
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 

Recently uploaded (20)

Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
SAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloudSAP S/4 HANA sourcing and procurement to Public cloud
SAP S/4 HANA sourcing and procurement to Public cloud
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 

Tunnel & vpn1

  • 2. VPN BenefitsVPN Benefits  Enable communications between corporateEnable communications between corporate  private LANs overprivate LANs over  Public networksPublic networks  Leased linesLeased lines  Wireless linksWireless links  Corporate resources (e-mail, servers, printers)Corporate resources (e-mail, servers, printers) can be accessed securely by users havingcan be accessed securely by users having granted access rights from outside (home,granted access rights from outside (home, while travelling, etc.)while travelling, etc.)
  • 3. Jenis Tunnel dan VPNJenis Tunnel dan VPN  IPIPIPIP  EoIPEoIP  PPPoEPPPoE  PPTPPPTP  IPSecIPSec  VlanVlan  L2TPL2TP  OVPNOVPN
  • 4. VLANVLAN  VLAN is an implementation of the 802.1QVLAN is an implementation of the 802.1Q VLAN protocol for MikroTik RouterOSVLAN protocol for MikroTik RouterOS  A VLAN is a logical grouping that allows endA VLAN is a logical grouping that allows end users to communicate as if they wereusers to communicate as if they were physically connected to a single isolated LAN.physically connected to a single isolated LAN.  As VLAN works on OSI Layer 2,As VLAN works on OSI Layer 2,
  • 6. Konfigurasi VlanKonfigurasi Vlan  On the Router 1On the Router 1  [nico@router1] interface vlan> add name=test[nico@router1] interface vlan> add name=test vlan-id=32 interface=ether1vlan-id=32 interface=ether1  [nico@router1] ip address> add[nico@router1] ip address> add address=10.10.10.1/24 interface=testaddress=10.10.10.1/24 interface=test  [nico@router1] ip address> /ping 10.10.10.1[nico@router1] ip address> /ping 10.10.10.1 10.10.10.1 64 byte pong: ttl=255 time=3 ms10.10.10.1 64 byte pong: ttl=255 time=3 ms 10.10.10.1 64 byte pong: ttl=255 time=4 ms10.10.10.1 64 byte pong: ttl=255 time=4 ms
  • 7.  On the Router 2On the Router 2  [nico@router2] interface vlan> add name=test1 vlan-[nico@router2] interface vlan> add name=test1 vlan- id=32 interface=ether1id=32 interface=ether1  [nico@router2] ip address> add address=10.10.10.2/24[nico@router2] ip address> add address=10.10.10.2/24 interface=test1interface=test1  [nico@router2] ip address> /ping 10.10.10.2[nico@router2] ip address> /ping 10.10.10.2 10.10.10.2 64 byte pong: ttl=255 time=3 ms10.10.10.2 64 byte pong: ttl=255 time=3 ms 10.10.10.2 64 byte pong: ttl=255 time=4 ms10.10.10.2 64 byte pong: ttl=255 time=4 ms
  • 8. Ethernet over IPEthernet over IP  MikroTik proprietary protocol.MikroTik proprietary protocol.  Simple in configurationSimple in configuration  Don't have authentication or data encryptionDon't have authentication or data encryption capabilitiescapabilities  Encapsulates Ethernet frames into IP protocolEncapsulates Ethernet frames into IP protocol 47/gre packets, thus EOIP is capable to carry47/gre packets, thus EOIP is capable to carry MAC-addressesMAC-addresses  EOIP is a tunnel with bridge capabilitiesEOIP is a tunnel with bridge capabilities
  • 9.
  • 11.  Check that you are able to ping remote addressCheck that you are able to ping remote address before creating a tunnel to itbefore creating a tunnel to it  Make sure that your EOIP tunnel will haveMake sure that your EOIP tunnel will have unique MAC-address (it should be fromunique MAC-address (it should be from EF:xx:xx:xx:xx:xx range)EF:xx:xx:xx:xx:xx range)  Tunnel ID on both ends of the EOIP tunnelTunnel ID on both ends of the EOIP tunnel must be the same – it helps to separate onemust be the same – it helps to separate one tunnel from othertunnel from other
  • 12. EoIP and BridgingEoIP and Bridging  EoIP Interface can be bridged with any otherEoIP Interface can be bridged with any other  EoIP or Ethernet-like interface. Main use ofEoIP or Ethernet-like interface. Main use of EoIP tunnels is to transparently bridge remoteEoIP tunnels is to transparently bridge remote networks.networks.  EoIP protocol does not provide dataEoIP protocol does not provide data encryption,therefore it should be run overencryption,therefore it should be run over encrypted tunnel interface, e.g., PPTP orencrypted tunnel interface, e.g., PPTP or PPPoE, if high security is required.PPPoE, if high security is required.
  • 13.
  • 15. Seting AP di router 1Seting AP di router 1
  • 17. Create Eoip InterfaceCreate Eoip Interface
  • 21. Konfigurasi Router 2Konfigurasi Router 2  Create station di wlan1Create station di wlan1
  • 27. Tes KonfigurasiTes Konfigurasi  Tambahkan ip address di laptop satu kelasTambahkan ip address di laptop satu kelas dengan ip internetdengan ip internet  Ping gateway melalui network EoIP yang telahPing gateway melalui network EoIP yang telah dibuat.dibuat.
  • 29. Workshop EoIPWorkshop EoIP  Create EOIP tunnel with your neighbor(s)Create EOIP tunnel with your neighbor(s) Transfer to /22 private networks – this wayTransfer to /22 private networks – this way youyou  will be in the same network with yourwill be in the same network with your neighbor,and local addresses will remain theneighbor,and local addresses will remain the samesame  Bridge your private networks via EoIPBridge your private networks via EoIP
  • 30. /32 IP Addresses/32 IP Addresses  IP addresses are added to the tunnel interfacesIP addresses are added to the tunnel interfaces  Use /30 network to save address space, forUse /30 network to save address space, for  example:example:  10.1.6.1/30 and 10.1.6.2/30 from network10.1.6.1/30 and 10.1.6.2/30 from network  10.1.6.0/3010.1.6.0/30  It is possible to use point to point addressing,It is possible to use point to point addressing,  for example:for example:  10.1.6.1/32, network 10.1.7.110.1.6.1/32, network 10.1.7.1  10.1.7.1/32, network 10.1.6.110.1.7.1/32, network 10.1.6.1
  • 31. EoIP and /30 RoutingEoIP and /30 Routing
  • 32. EoIP and /32 RoutingEoIP and /32 Routing
  • 33. Local User DatabaseLocal User Database  PPP ProfilePPP Profile  PPP SecretPPP Secret
  • 34. Point-to-Point protocol tunnelsPoint-to-Point protocol tunnels  A little bit sophisticated in configurationA little bit sophisticated in configuration  Capable of authentication and data encryptionCapable of authentication and data encryption  Such tunnels are:Such tunnels are:  PPPoE (Point-to-Point Protocol over Ethernet)PPPoE (Point-to-Point Protocol over Ethernet)  PPTP (Point-to-Point Tunneling Protocol)PPTP (Point-to-Point Tunneling Protocol)  L2TP (Layer 2 Tunneling Protocol)L2TP (Layer 2 Tunneling Protocol)  You should create user information beforeYou should create user information before  creating any tunnelscreating any tunnels
  • 35. PPP SecretPPP Secret  PPP secret (aka local PPP user database) stores PPPPPP secret (aka local PPP user database) stores PPP user access recordsuser access records  Make notice that user passwords are displayed in theMake notice that user passwords are displayed in the plain text – anyone who has access to the router areplain text – anyone who has access to the router are able to see all passwordsable to see all passwords  It is possible to assign specific /32 address to bothIt is possible to assign specific /32 address to both ends of the PPTP tunnel for this userends of the PPTP tunnel for this user  Settings inSettings in /ppp secret/ppp secret user database overrideuser database override correspondingcorresponding /ppp profile/ppp profile settingssettings
  • 37. PPP Profile and IP PoolsPPP Profile and IP Pools  PPP profiles define default values for userPPP profiles define default values for user access records stored underaccess records stored under /ppp secret/ppp secret submenusubmenu  PPP profiles are used for more than 1 user soPPP profiles are used for more than 1 user so there must be more than 1 IP address to givethere must be more than 1 IP address to give out - we should use IP pool as “Remoteout - we should use IP pool as “Remote address” valueaddress” value  Value “default” means – if option is comingValue “default” means – if option is coming from RADIUS server it won't be overridedfrom RADIUS server it won't be overrided
  • 39. Change TCP MSSChange TCP MSS  Big 1500 byte packets have problems goingBig 1500 byte packets have problems going trought the tunnels because:trought the tunnels because:  Standard Ethernet MTU is 1500 bytesStandard Ethernet MTU is 1500 bytes  PPTP and L2TP tunnel MTU is 1460 bytesPPTP and L2TP tunnel MTU is 1460 bytes  PPPOE tunnel MTU is 1488 bytesPPPOE tunnel MTU is 1488 bytes  By enabling “change TCP MSS option,By enabling “change TCP MSS option, dynamic mangle rule will be created for eachdynamic mangle rule will be created for each active user to ensure right size of TCP packets,active user to ensure right size of TCP packets, so they will be able to go through the tunnelso they will be able to go through the tunnel
  • 40. PPTP & L2TPPPTP & L2TP  Point-to-Point Tunnelling ProtocolPoint-to-Point Tunnelling Protocol  PPTP uses TCP port 1723 and IP protocol 47/ GREPPTP uses TCP port 1723 and IP protocol 47/ GRE  There is a PPTP-server and PPTP-clientsThere is a PPTP-server and PPTP-clients  PPTP clients are available for and/or included inPPTP clients are available for and/or included in almost all OSalmost all OS  You must use PPTP and GRE “NAT helpers” toYou must use PPTP and GRE “NAT helpers” to connect to any public PPTP server from your privateconnect to any public PPTP server from your private masqueraded networkmasqueraded network
  • 41. L2TP TunnelsL2TP Tunnels  PPTP and L2TP have mostly the samePPTP and L2TP have mostly the same functionalityfunctionality  L2TP traffic uses UDP port 1701 only for linkL2TP traffic uses UDP port 1701 only for link establishment, further traffic is using anyestablishment, further traffic is using any available UDP portavailable UDP port  L2TP don't have problems with NATed clientsL2TP don't have problems with NATed clients – it don't required “NAT helpers”– it don't required “NAT helpers”  Configuration of the both tunnels are identicalConfiguration of the both tunnels are identical in RouterOSin RouterOS
  • 42. L2TP AplicationL2TP Aplication  secure router-to-router tunnels over the Internetsecure router-to-router tunnels over the Internet  linking (bridging) local Intranets or LANs (inlinking (bridging) local Intranets or LANs (in cooperation with EoIP)cooperation with EoIP)  extending PPP user connections to a remote locationextending PPP user connections to a remote location (for example, to separate authentication and Internet(for example, to separate authentication and Internet access points for ISP)access points for ISP)  accessing an Intranet/LAN of a company for remoteaccessing an Intranet/LAN of a company for remote (mobile) clients (employees)(mobile) clients (employees)
  • 44.
  • 46. PPTP Client LabPPTP Client Lab  Create PPTP clientCreate PPTP client  Server Address:10.1.2.1Server Address:10.1.2.1  User: adminUser: admin  Password: adminPassword: admin  Add default route = yesAdd default route = yes  Make necessary adjustments to access theMake necessary adjustments to access the internetinternet
  • 48. Konfigurasi ScriptKonfigurasi Script  On Router 1On Router 1  Enable the L2TP serverEnable the L2TP server  [admin@L2TP-Server] interface l2tp-server[admin@L2TP-Server] interface l2tp-server server> set enabled=yesserver> set enabled=yes  Add a L2TP user:Add a L2TP user:  [admin@L2TP-Server] ppp secret> add[admin@L2TP-Server] ppp secret> add name=james password=pass ... local-name=james password=pass ... local- address=10.0.0.1 remote-address=10.0.0.2address=10.0.0.1 remote-address=10.0.0.2
  • 49. Konfigurasi ScriptKonfigurasi Script  On Router 2On Router 2  Add a L2TP client:Add a L2TP client:  admin@L2TP-Client] interface l2tp-client> addadmin@L2TP-Client] interface l2tp-client> add user=james password=pass ... connect-user=james password=pass ... connect- to=10.5.8.104to=10.5.8.104
  • 50. Monitoring L2TP ClientMonitoring L2TP Client  Example of an established connectionExample of an established connection  [admin@MikroTik] interface l2tp-client>[admin@MikroTik] interface l2tp-client> monitor test2monitor test2 status: "connected"status: "connected" uptime: 4m27suptime: 4m27s encoding: "MPPE128 stateless"encoding: "MPPE128 stateless"
  • 51. User Access ControlUser Access Control  Controlling the HardwareControlling the Hardware  Static IP and ARP entriesStatic IP and ARP entries  DHCP for assigning IP addresses and managingDHCP for assigning IP addresses and managing ARP entriesARP entries  Controlling the UsersControlling the Users  PPPoE requires PPPoE client configurationPPPoE requires PPPoE client configuration  HotSpot redirects client request to the sign-up pageHotSpot redirects client request to the sign-up page  PPTP requires PPTP client configurationPPTP requires PPTP client configuration
  • 52. PPPoEPPPoE  Point-to-Point Protocol over EthernetPoint-to-Point Protocol over Ethernet  PPPoE works in OSI 2nd (data link) layerPPPoE works in OSI 2nd (data link) layer  PPPoE is used to hand out IP addresses to clientsPPPoE is used to hand out IP addresses to clients based on the user authenticationbased on the user authentication  PPPoE requires a dedicated access concentratorPPPoE requires a dedicated access concentrator (server), which PPPoE clients connect to.(server), which PPPoE clients connect to.  Most operating systems have PPPoE client software.Most operating systems have PPPoE client software. Windows XP has PPPoE client installed by defaultWindows XP has PPPoE client installed by default
  • 54. PPPoE Client LabPPPoE Client Lab  Create PPTP clientCreate PPTP client  Interface: wlan1Interface: wlan1  Service:pppoeService:pppoe  User: adminUser: admin  Password: adminPassword: admin  Add default route = yesAdd default route = yes  Make necessary adjustments to access theMake necessary adjustments to access the internetinternet
  • 55. PPPoE Client StatusPPPoE Client Status  Check your PPPoE connectionCheck your PPPoE connection  Is the interface enabled?Is the interface enabled?  Is it “connected” and running (R)?Is it “connected” and running (R)?  Is there a dynamic (D) IP address assigned to theIs there a dynamic (D) IP address assigned to the  pppoe client interface in the IP Address list?pppoe client interface in the IP Address list?  What are the netmask and the network address?What are the netmask and the network address?  What routes do you have on the pppoe clientWhat routes do you have on the pppoe client interface?interface?  See the “Log” for troubleshooting!See the “Log” for troubleshooting!
  • 56. PPPoE Lab with EncryptionPPPoE Lab with Encryption  The PPPoE access concentrator is changed toThe PPPoE access concentrator is changed to use encryption nowuse encryption now  You should use encryption, eitherYou should use encryption, either  change the ppp profile used for the pppoe client tochange the ppp profile used for the pppoe client to default-encryption', or,default-encryption', or,  modify the ppp profile used for the pppoe client tomodify the ppp profile used for the pppoe client to use encryptionuse encryption  See if you get the pppoe connection runningSee if you get the pppoe connection running
  • 57. PPPoE ServerPPPoE Server  PPPoE server accepts PPPoE clientPPPoE server accepts PPPoE client connections on a given interfaceconnections on a given interface  Clients can be authenticated againstClients can be authenticated against  the local user database (ppp secrets)the local user database (ppp secrets)  a remote RADIUS servera remote RADIUS server  a remote or a local MikroTik User Managera remote or a local MikroTik User Manager databasedatabase  Clients can have automatic data rate limitationClients can have automatic data rate limitation according to their profileaccording to their profile
  • 60. KonfigurasiKonfigurasi  Set AP Bridge ModeSet AP Bridge Mode  Set IP AddressSet IP Address  Set IP RouteSet IP Route  Set PPPoE server in Wifi InterfaceSet PPPoE server in Wifi Interface  Set up PPPoE Client ( PPP Secret )Set up PPPoE Client ( PPP Secret )  Set up IP Pool (10.10.10.100-10.10.10.103)Set up IP Pool (10.10.10.100-10.10.10.103)  Set up client windows PPPoESet up client windows PPPoE
  • 61. PPP interface BridgingPPP interface Bridging  PPP BCP (Bridge Control Protocol)PPP BCP (Bridge Control Protocol)  PPP MP (Multi-link Protocol)PPP MP (Multi-link Protocol)
  • 62. PPP Bridge Control ProtocolPPP Bridge Control Protocol  RouterOS now have BCP support for allRouterOS now have BCP support for all async. PPP, PPTP, L2TP & PPPoE (not ISDN)async. PPP, PPTP, L2TP & PPPoE (not ISDN) interfacesinterfaces  If BCP is established, PPP tunnel does notIf BCP is established, PPP tunnel does not require IP addressrequire IP address  Bridged Tunnel IP address (if present) doesBridged Tunnel IP address (if present) does not applies to whole bridge – it stays only onnot applies to whole bridge – it stays only on PPP interface (routed IP packets can goPPP interface (routed IP packets can go through the tunnel as usual)through the tunnel as usual)
  • 63. Setting up BCPSetting up BCP  You must specify bridge option in the ppp profiles onYou must specify bridge option in the ppp profiles on bothboth ends of the tunnel.ends of the tunnel.  The bridgeThe bridge mustmust have manually set MAC address, or at leasthave manually set MAC address, or at least one regular interface in it, because ppp interfaces do not haveone regular interface in it, because ppp interfaces do not have MAC addresses.MAC addresses.
  • 64. PPP Bridging ProblemPPP Bridging Problem  PPP interface MTU is smaller than standard EthernetPPP interface MTU is smaller than standard Ethernet interfaceinterface  It is impossible to fragment Ethernet frames –tunnelsIt is impossible to fragment Ethernet frames –tunnels must have inner algorithm how to encapsulate andmust have inner algorithm how to encapsulate and transfer Ethernet frames via link with smaller MTUtransfer Ethernet frames via link with smaller MTU  EOIP have encapsulation algorithm enabled byEOIP have encapsulation algorithm enabled by default, PPP interfaces doesn'tdefault, PPP interfaces doesn't  PPP interfaces can utilize PPP Multi-link Protocol toPPP interfaces can utilize PPP Multi-link Protocol to encapsulate Ethernet framesencapsulate Ethernet frames
  • 65. PPP Multi-link ProtocolPPP Multi-link Protocol  PPP Multi-link Protocol allows to open multiplePPP Multi-link Protocol allows to open multiple simultaneous channels between systemssimultaneous channels between systems  It is possible to split and recombine packets, betweenIt is possible to split and recombine packets, between several channels – resulting in increase the effectiveseveral channels – resulting in increase the effective maximum receive unit (MRU)maximum receive unit (MRU)  To enable PPP Multi-link Protocol you must specifyTo enable PPP Multi-link Protocol you must specify MRRU optionMRRU option  In MS Windows you must enable "Negotiate multi-In MS Windows you must enable "Negotiate multi- link for single link connections" optionlink for single link connections" option
  • 66. PPP Multi-link ProtocolPPP Multi-link Protocol