This document discusses various types of VPN tunnels and VPN configurations using MikroTik RouterOS. It describes how Ethernet over IP (EoIP), VLANs, and Point-to-Point protocols like PPTP and L2TP can be used to securely connect private networks over public networks. It provides instructions for configuring EoIP, VLANs, PPTP clients and servers, and L2TP clients and servers. User authentication and access control methods like local user databases and IP pools are also covered.
Npppd is a VPN daemon in OpenBSD that supports PPTP, L2TP and PPPoE. It can authenticate using local files or RADIUS and tunnel IP packets. Npppd first appeared in OpenBSD 5.3 and its configuration file format has changed over time. Example configurations show how to set up basic and advanced npppd VPN tunnels using PPTP or L2TP with IPsec, and how to monitor active sessions. Future work may include better packet filtering and ARP cache integration.
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
Virtual Private Networks (VPNs) provide security and privacy to private and public networks. There are different types of VPNs including site-to-site for connecting entire networks and remote VPNs for individual remote access. VPNs use encryption techniques like symmetric, asymmetric, and public key infrastructure to securely encrypt data during transmission. SSL/TLS uses public key encryption to establish secure links between servers and clients, while IPsec is a protocol suite that authenticates and encrypts individual IP packets to provide secure IP communications. Diffie-Hellman key exchange allows two parties to jointly establish a shared secret over an insecure channel.
This document provides instructions for configuring a Cisco router to function as a VPN server using different VPN protocols. It discusses the basic configuration of the router interfaces, routing protocols, AAA authentication, virtual templates, VPDN, and IPSec. Key steps include creating local users, configuring interfaces, enabling AAA with local authentication, defining a virtual template, enabling VPDN with PPTP protocol, and configuring IPSec transforms, policies and dynamic crypto maps.
This document summarizes IPsec VPN design options and management. It discusses site-to-site and remote access VPN topologies using IPsec, including full mesh, DMVPN, and IPsec over GRE. It also covers high availability using DPD, HSRP+, and routing protocols. Other topics include split tunneling, device placement with integrated firewalls, and general IPsec management.
Overview of VPN protocols.
VPNs (Virtual Private Networks) are often viewed from the perspective of security with the goal of providing authentication and confidentiality.
However, the primary purpose of VPNs is to connect 2 topologically separated private networks over a public network (typically the Internet).
VPNs basically hook a network logically into another network so that both appear as one private local network.
Security is a possible add-on to VPNs. In many cases it makes perfectly sense to secure the VPNs communication over the unsecure public network.
VPN protocols typically employ a tunnel where data packets of the local network are encapsulated in an outer protocol for transmission over the public network.
The most important VPN protocols are IPSec, PPTP and L2TP. In recent years SSL/TLS based VPNs such as OpenVPN have gained widespread adoption.
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
This document provides instructions for configuring NetFlow versions 5 and 9 on Cisco routers to monitor network traffic. It explains that NetFlow collects IP traffic data, what versions 5 and 9 are, and how to configure each version on a router by specifying the collector server, export port, and interfaces. It also describes how to verify the NetFlow export and how tools like SolarWinds NetFlow Traffic Analyzer analyze exported data to provide network usage insights.
This document discusses network tunneling protocols and tools. It describes how protocols like SSH, GRE, and ICMP can be used to encapsulate other protocols and bypass network restrictions. Examples of network tunneling tools that operate over HTTP, DNS, and ICMP are provided. The document notes both legitimate and malicious uses of tunneling, and outlines challenges in detecting tunneling traffic and payloads.
This document provides a summary of a presentation on Cisco Certified Network Associate (CCNA) certification. It discusses the objectives of CCNA training, including providing skills for a career as a network administrator. The presentation covers networking fundamentals like topologies, protocols, IP addressing and routing. It also describes a project implementing a network for a hotel using concepts like VLANs, DHCP, routing and wireless access points. The conclusion is that the project and CCNA certification enhance networking skills and knowledge.
Npppd is a VPN daemon in OpenBSD that supports PPTP, L2TP and PPPoE. It can authenticate using local files or RADIUS and tunnel IP packets. Npppd first appeared in OpenBSD 5.3 and its configuration file format has changed over time. Example configurations show how to set up basic and advanced npppd VPN tunnels using PPTP or L2TP with IPsec, and how to monitor active sessions. Future work may include better packet filtering and ARP cache integration.
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
Virtual Private Networks (VPNs) provide security and privacy to private and public networks. There are different types of VPNs including site-to-site for connecting entire networks and remote VPNs for individual remote access. VPNs use encryption techniques like symmetric, asymmetric, and public key infrastructure to securely encrypt data during transmission. SSL/TLS uses public key encryption to establish secure links between servers and clients, while IPsec is a protocol suite that authenticates and encrypts individual IP packets to provide secure IP communications. Diffie-Hellman key exchange allows two parties to jointly establish a shared secret over an insecure channel.
This document provides instructions for configuring a Cisco router to function as a VPN server using different VPN protocols. It discusses the basic configuration of the router interfaces, routing protocols, AAA authentication, virtual templates, VPDN, and IPSec. Key steps include creating local users, configuring interfaces, enabling AAA with local authentication, defining a virtual template, enabling VPDN with PPTP protocol, and configuring IPSec transforms, policies and dynamic crypto maps.
This document summarizes IPsec VPN design options and management. It discusses site-to-site and remote access VPN topologies using IPsec, including full mesh, DMVPN, and IPsec over GRE. It also covers high availability using DPD, HSRP+, and routing protocols. Other topics include split tunneling, device placement with integrated firewalls, and general IPsec management.
Overview of VPN protocols.
VPNs (Virtual Private Networks) are often viewed from the perspective of security with the goal of providing authentication and confidentiality.
However, the primary purpose of VPNs is to connect 2 topologically separated private networks over a public network (typically the Internet).
VPNs basically hook a network logically into another network so that both appear as one private local network.
Security is a possible add-on to VPNs. In many cases it makes perfectly sense to secure the VPNs communication over the unsecure public network.
VPN protocols typically employ a tunnel where data packets of the local network are encapsulated in an outer protocol for transmission over the public network.
The most important VPN protocols are IPSec, PPTP and L2TP. In recent years SSL/TLS based VPNs such as OpenVPN have gained widespread adoption.
How to Configure NetFlow v5 & v9 on Cisco RoutersSolarWinds
This document provides instructions for configuring NetFlow versions 5 and 9 on Cisco routers to monitor network traffic. It explains that NetFlow collects IP traffic data, what versions 5 and 9 are, and how to configure each version on a router by specifying the collector server, export port, and interfaces. It also describes how to verify the NetFlow export and how tools like SolarWinds NetFlow Traffic Analyzer analyze exported data to provide network usage insights.
This document discusses network tunneling protocols and tools. It describes how protocols like SSH, GRE, and ICMP can be used to encapsulate other protocols and bypass network restrictions. Examples of network tunneling tools that operate over HTTP, DNS, and ICMP are provided. The document notes both legitimate and malicious uses of tunneling, and outlines challenges in detecting tunneling traffic and payloads.
This document provides a summary of a presentation on Cisco Certified Network Associate (CCNA) certification. It discusses the objectives of CCNA training, including providing skills for a career as a network administrator. The presentation covers networking fundamentals like topologies, protocols, IP addressing and routing. It also describes a project implementing a network for a hotel using concepts like VLANs, DHCP, routing and wireless access points. The conclusion is that the project and CCNA certification enhance networking skills and knowledge.
This document discusses network flows and the NetFlow protocol. It begins by defining network flows as packets or frames that share common properties, such as source/destination IP and port. It then describes how NetFlow works by having network devices generate flows and export them to NetFlow collectors. The document outlines the NetFlow export packet format and different NetFlow versions, focusing on Cisco's implementation including versions 1, 5, 8 and 9. It also discusses how flows are generated, exported, collected and analyzed to monitor network traffic.
The Transmission Control Protocol (TCP) is used by the vast majority of applications to transport their data reliably across the Internet and in the cloud. TCP was designed in the 1970s and has slowly evolved since then. Today's networks are multipath: mobile devices have multiple wireless interfaces, datacenters have many redundant paths between servers, and multihoming has become the norm for big server farms. Meanwhile, TCP is essentially a single-path protocol: when a TCP connection is established, the connection is bound to the IP addresses of the two communicating hosts and these cannot change. Multipath TCP (MPTCP) is a major modification to TCP that allows multiple paths to be used simultaneously by a single transport connection. Multipath TCP circumvents the issues mentioned above and several others that affect TCP. The IETF is currently finalising the Multipath TCP RFC and an implementation in the Linux kernel is available today.
This tutorial will present in details the design of Multipath TCP and the role that it could play in cloud environments. We will start with a presentation of the current Internet landscape and explain how various types of middleboxes have influenced the design of Multipath TCP. Second we will describe in details the connection establishment and release procedures as well as the data transfer mechanisms that are specific to Multipath TCP. We will then discuss several use cases for the deployment of Multipath TCP including improving the performance of datacenters and
mobile WiFi offloading on smartphones. All these use cases are key when both accessing cloud-based services or when providing them. We will end the tutorial with some open research issues.
This tutorial was given at the IEEE Cloud'Net 2012 conference in novembrer 2012.
The pptx version containing animations that are not shown here is available from http://www.multipath-tcp.org
ITVoyagers has created this presentation which gives a basic overview on XMPP, HTTP and UPnP.
Presentation contents following points :
XMPP
Stack
XMPP Network
Stanzas
Jabber Identification (JID)
HTTP
URL Division
HTTP Methods
UPnP
Features
Demerits
Above presentation will help students with their last movement exam preparation.
ITVoyagers is working on creating detail presentation on different concepts from IT/CS.
This document provides details about a firewall workshop guide, including:
- An overview of topics to be covered such as basic routing and firewalls, pfSense installation and configuration, firewall rule configuration, and network monitoring.
- Requirements for workshop participants including computer hardware specs and recommended software.
- Sections within the guide on firewall types like packet filters, application proxies, and dynamic packet filters.
Explains the basics of IPsec: why IPsec, main IPsec protocols (Authentication Header or AH/Encapsulating Security Payload or ESP), modes (tunnel/transport) and ciphers (MD5/AES).
Explains how IPv4 packets are being transformed with IPsec protocols, what are the issues with NAT and what is NAT traversal.
At the very end of the presentation there is a real life example for secure communication between two Linux hosts (using ip xfrm).
IP tables-the linux firewall. This link shows the pdf document that you can download.This is a useful document for the beginners, lays the attention to know more about the topic.
This document provides an overview of 6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks). It discusses key topics such as introduction, related technologies, applications, architecture, protocol stack, link layers, addressing, forwarding and routing, header compression, fragmentation and reassembly, networking issues, security, mobility, application protocols, and implementing 6LoWPAN on single and dual chip systems. The document serves as a technical reference for 6LoWPAN specifications, components, and implementation considerations.
NAT (network address translation) & PAT (port address translation)Netwax Lab
NAT (Network Address Translation) allows private IP networks to connect to the Internet by translating private IP addresses to public IP addresses. It operates on a router, connecting internal and external networks. NAT provides security by hiding internal network addresses and conserving IP addresses. There are various NAT types, including static NAT for one-to-one address mapping, dynamic NAT for mapping private addresses to public addresses from a pool, and NAT overload/PAT for mapping multiple private addresses to a single public address using ports.
SIP (Session Initiation Protocol) is a signaling protocol used to create, manage and terminate sessions in an IP based network. This course is for beginners and aims to give a brief introduction to SIP before one ventures into the long RFC documents.
This document provides an overview and agenda for a session on advanced topics in IP multicast deployment. It discusses tools and techniques for deploying IP multicast, including examples of PIM mode configurations, rendezvous point deployment models, interconnecting PIM domains, label switched multicast, high availability techniques, and multicast in wireless environments. The target audience is network engineers in enterprise and service provider networks.
My Cisco Training Courses @ MFT.Info
in this chapter I focused on Routing protocols in CCNA Technologies , consider that this info has been presented @ Workshop Teaching , So if you wanna know more about this scenarios feedback me to give you LAB Scenarios,
good luck.
This tutorial gives very good understanding on Computer Networks protocols After completing this tutorial, You will find yourself at a moderate level of expertise in knowing Advance Networking protocols (, from where you can take yourself to next levels.
Solving QoS multicast routing problem using aco algorithm Abdullaziz Tagawy
In IP multicasting messages are sent from the source node to all destination nodes. In order to meet QoS requirements an optimizing algorithm is needed. We propose an Ant Colony Optimization algorithm to do so. Ants release a chemical called pheromone while searching for food. They are capable of finding shortest path to their target. This can give an effective optimal solution to our Multicast Routing Problem.
Basics of multicasting and its implementation on ethernet networksReliance Comm
Multicasting allows data to be sent from one source to multiple receivers simultaneously. It provides an efficient way to disseminate information to many recipients. The document discusses IP multicast addressing, the IGMP protocol for joining and leaving multicast groups, multicast routing protocols like DVMRP and PIM, and methods for constructing multicast distribution trees like source-based and shared trees. Multicasting is important for applications like streaming media and teleconferencing that require one-to-many or many-to-many communication.
Multicasting allows data to be sent from one source to multiple receivers simultaneously. It provides an efficient way to disseminate information to many recipients. The document discusses IP multicast addressing, the IGMP protocol for joining and leaving multicast groups, multicast routing protocols like DVMRP and PIM, and methods for constructing multicast distribution trees like source-based and shared trees. Multicasting is important for applications like streaming media and teleconferencing that require one-to-many or many-to-many communication.
Layer 1 Overlay VPNs use dedicated connections like T1/E1 leased lines to connect branches in a secure manner. Layer 2 Overlay VPNs connect branches over multi-access networks like frame relay. Layer 2.5 Overlay VPNs use MPLS, which inserts an MPLS header between layer 2 and 3 headers. Layer 3 Overlay VPNs use IPSec to encrypt data and GRE for routing/multicast over public networks. Layer 4 Overlay VPNs use SSL/TLS to encrypt data at the transport layer for applications like web browsing.
NAT is used to translate private IP addresses to public IP addresses to allow access to the internet. There are different types of NAT including static NAT for one-to-one mapping, dynamic NAT for mapping multiple private addresses to public addresses from a pool, and NAT overload/PAT which maps multiple private addresses to a single public address using port addressing. The document provides configuration examples for static, dynamic, and overload NAT on a Cisco router.
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
BGP Flowspec is a technique for distributing flow specification rules via BGP. It allows an ISP to dynamically distribute filtering and redirection rules to mitigate DDoS attacks. The document discusses several real-world use cases where BGP Flowspec was deployed to successfully block large DDoS attacks in a targeted manner without affecting legitimate traffic. However, interoperability between vendors and scalability challenges remain open issues requiring further work and testing.
The document discusses Virtual Private Networks (VPNs) and provides information about different types of VPNs. It defines a VPN as a secure tunnel between two or more devices that verifies authentication and encrypts data to prevent outsiders from seeing it. The document describes remote access VPNs that allow users to remotely connect to private networks and site-to-site VPNs that connect the networks of multiple office locations. It also gives examples of using VPNs remotely and to bypass censorship or hide one's location. Specific VPN protocols like PPTP and L2TP are explained.
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
This document discusses exploiting changes to DNS server configurations to intercept network traffic. It begins by introducing the speaker and their background in security research. Then it outlines normal exploitation procedures like CSRF, default passwords, and rogue DSLAMs. The document explores using tools like Metasploit, Dnsmasq and Bind to hijack DNS servers and redirect traffic. It discusses obstacles like SSL certificates and ways to improve attacks using features like DNS load balancing. The document demonstrates a proof of concept tool called dns2proxy that can spoof and redirect DNS responses. It also discusses defeating protections like HSTS and exploring attacks using protocols like UDP. In conclusion, the document advocates that improved DNS hijacking using multiple tools can capture more information than
Policy-based routing (PBR) on Juniper NetScreen firewalls allows routing decisions to be based on various packet attributes like source/destination addresses, ports, and protocols. This provides flexibility to redirect traffic in different ways, such as sending all HTTP traffic through a transparent proxy server or distributing traffic across multiple internet connections. The configuration involves creating extended ACLs to match traffic, match groups to group ACLs, action groups to define routing actions, policies to combine matches and actions, and binding policies to interfaces or virtual routers. Keeping PBR configurations simple and leaving room for future policies is recommended.
This document discusses network flows and the NetFlow protocol. It begins by defining network flows as packets or frames that share common properties, such as source/destination IP and port. It then describes how NetFlow works by having network devices generate flows and export them to NetFlow collectors. The document outlines the NetFlow export packet format and different NetFlow versions, focusing on Cisco's implementation including versions 1, 5, 8 and 9. It also discusses how flows are generated, exported, collected and analyzed to monitor network traffic.
The Transmission Control Protocol (TCP) is used by the vast majority of applications to transport their data reliably across the Internet and in the cloud. TCP was designed in the 1970s and has slowly evolved since then. Today's networks are multipath: mobile devices have multiple wireless interfaces, datacenters have many redundant paths between servers, and multihoming has become the norm for big server farms. Meanwhile, TCP is essentially a single-path protocol: when a TCP connection is established, the connection is bound to the IP addresses of the two communicating hosts and these cannot change. Multipath TCP (MPTCP) is a major modification to TCP that allows multiple paths to be used simultaneously by a single transport connection. Multipath TCP circumvents the issues mentioned above and several others that affect TCP. The IETF is currently finalising the Multipath TCP RFC and an implementation in the Linux kernel is available today.
This tutorial will present in details the design of Multipath TCP and the role that it could play in cloud environments. We will start with a presentation of the current Internet landscape and explain how various types of middleboxes have influenced the design of Multipath TCP. Second we will describe in details the connection establishment and release procedures as well as the data transfer mechanisms that are specific to Multipath TCP. We will then discuss several use cases for the deployment of Multipath TCP including improving the performance of datacenters and
mobile WiFi offloading on smartphones. All these use cases are key when both accessing cloud-based services or when providing them. We will end the tutorial with some open research issues.
This tutorial was given at the IEEE Cloud'Net 2012 conference in novembrer 2012.
The pptx version containing animations that are not shown here is available from http://www.multipath-tcp.org
ITVoyagers has created this presentation which gives a basic overview on XMPP, HTTP and UPnP.
Presentation contents following points :
XMPP
Stack
XMPP Network
Stanzas
Jabber Identification (JID)
HTTP
URL Division
HTTP Methods
UPnP
Features
Demerits
Above presentation will help students with their last movement exam preparation.
ITVoyagers is working on creating detail presentation on different concepts from IT/CS.
This document provides details about a firewall workshop guide, including:
- An overview of topics to be covered such as basic routing and firewalls, pfSense installation and configuration, firewall rule configuration, and network monitoring.
- Requirements for workshop participants including computer hardware specs and recommended software.
- Sections within the guide on firewall types like packet filters, application proxies, and dynamic packet filters.
Explains the basics of IPsec: why IPsec, main IPsec protocols (Authentication Header or AH/Encapsulating Security Payload or ESP), modes (tunnel/transport) and ciphers (MD5/AES).
Explains how IPv4 packets are being transformed with IPsec protocols, what are the issues with NAT and what is NAT traversal.
At the very end of the presentation there is a real life example for secure communication between two Linux hosts (using ip xfrm).
IP tables-the linux firewall. This link shows the pdf document that you can download.This is a useful document for the beginners, lays the attention to know more about the topic.
This document provides an overview of 6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks). It discusses key topics such as introduction, related technologies, applications, architecture, protocol stack, link layers, addressing, forwarding and routing, header compression, fragmentation and reassembly, networking issues, security, mobility, application protocols, and implementing 6LoWPAN on single and dual chip systems. The document serves as a technical reference for 6LoWPAN specifications, components, and implementation considerations.
NAT (network address translation) & PAT (port address translation)Netwax Lab
NAT (Network Address Translation) allows private IP networks to connect to the Internet by translating private IP addresses to public IP addresses. It operates on a router, connecting internal and external networks. NAT provides security by hiding internal network addresses and conserving IP addresses. There are various NAT types, including static NAT for one-to-one address mapping, dynamic NAT for mapping private addresses to public addresses from a pool, and NAT overload/PAT for mapping multiple private addresses to a single public address using ports.
SIP (Session Initiation Protocol) is a signaling protocol used to create, manage and terminate sessions in an IP based network. This course is for beginners and aims to give a brief introduction to SIP before one ventures into the long RFC documents.
This document provides an overview and agenda for a session on advanced topics in IP multicast deployment. It discusses tools and techniques for deploying IP multicast, including examples of PIM mode configurations, rendezvous point deployment models, interconnecting PIM domains, label switched multicast, high availability techniques, and multicast in wireless environments. The target audience is network engineers in enterprise and service provider networks.
My Cisco Training Courses @ MFT.Info
in this chapter I focused on Routing protocols in CCNA Technologies , consider that this info has been presented @ Workshop Teaching , So if you wanna know more about this scenarios feedback me to give you LAB Scenarios,
good luck.
This tutorial gives very good understanding on Computer Networks protocols After completing this tutorial, You will find yourself at a moderate level of expertise in knowing Advance Networking protocols (, from where you can take yourself to next levels.
Solving QoS multicast routing problem using aco algorithm Abdullaziz Tagawy
In IP multicasting messages are sent from the source node to all destination nodes. In order to meet QoS requirements an optimizing algorithm is needed. We propose an Ant Colony Optimization algorithm to do so. Ants release a chemical called pheromone while searching for food. They are capable of finding shortest path to their target. This can give an effective optimal solution to our Multicast Routing Problem.
Basics of multicasting and its implementation on ethernet networksReliance Comm
Multicasting allows data to be sent from one source to multiple receivers simultaneously. It provides an efficient way to disseminate information to many recipients. The document discusses IP multicast addressing, the IGMP protocol for joining and leaving multicast groups, multicast routing protocols like DVMRP and PIM, and methods for constructing multicast distribution trees like source-based and shared trees. Multicasting is important for applications like streaming media and teleconferencing that require one-to-many or many-to-many communication.
Multicasting allows data to be sent from one source to multiple receivers simultaneously. It provides an efficient way to disseminate information to many recipients. The document discusses IP multicast addressing, the IGMP protocol for joining and leaving multicast groups, multicast routing protocols like DVMRP and PIM, and methods for constructing multicast distribution trees like source-based and shared trees. Multicasting is important for applications like streaming media and teleconferencing that require one-to-many or many-to-many communication.
Layer 1 Overlay VPNs use dedicated connections like T1/E1 leased lines to connect branches in a secure manner. Layer 2 Overlay VPNs connect branches over multi-access networks like frame relay. Layer 2.5 Overlay VPNs use MPLS, which inserts an MPLS header between layer 2 and 3 headers. Layer 3 Overlay VPNs use IPSec to encrypt data and GRE for routing/multicast over public networks. Layer 4 Overlay VPNs use SSL/TLS to encrypt data at the transport layer for applications like web browsing.
NAT is used to translate private IP addresses to public IP addresses to allow access to the internet. There are different types of NAT including static NAT for one-to-one mapping, dynamic NAT for mapping multiple private addresses to public addresses from a pool, and NAT overload/PAT which maps multiple private addresses to a single public address using port addressing. The document provides configuration examples for static, dynamic, and overload NAT on a Cisco router.
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
BGP Flowspec is a technique for distributing flow specification rules via BGP. It allows an ISP to dynamically distribute filtering and redirection rules to mitigate DDoS attacks. The document discusses several real-world use cases where BGP Flowspec was deployed to successfully block large DDoS attacks in a targeted manner without affecting legitimate traffic. However, interoperability between vendors and scalability challenges remain open issues requiring further work and testing.
The document discusses Virtual Private Networks (VPNs) and provides information about different types of VPNs. It defines a VPN as a secure tunnel between two or more devices that verifies authentication and encrypts data to prevent outsiders from seeing it. The document describes remote access VPNs that allow users to remotely connect to private networks and site-to-site VPNs that connect the networks of multiple office locations. It also gives examples of using VPNs remotely and to bypass censorship or hide one's location. Specific VPN protocols like PPTP and L2TP are explained.
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
This document discusses exploiting changes to DNS server configurations to intercept network traffic. It begins by introducing the speaker and their background in security research. Then it outlines normal exploitation procedures like CSRF, default passwords, and rogue DSLAMs. The document explores using tools like Metasploit, Dnsmasq and Bind to hijack DNS servers and redirect traffic. It discusses obstacles like SSL certificates and ways to improve attacks using features like DNS load balancing. The document demonstrates a proof of concept tool called dns2proxy that can spoof and redirect DNS responses. It also discusses defeating protections like HSTS and exploring attacks using protocols like UDP. In conclusion, the document advocates that improved DNS hijacking using multiple tools can capture more information than
Policy-based routing (PBR) on Juniper NetScreen firewalls allows routing decisions to be based on various packet attributes like source/destination addresses, ports, and protocols. This provides flexibility to redirect traffic in different ways, such as sending all HTTP traffic through a transparent proxy server or distributing traffic across multiple internet connections. The configuration involves creating extended ACLs to match traffic, match groups to group ACLs, action groups to define routing actions, policies to combine matches and actions, and binding policies to interfaces or virtual routers. Keeping PBR configurations simple and leaving room for future policies is recommended.
This document provides an overview of IP routing and routing protocols. It begins with a high-level explanation of how routing works on the internet through IP addressing and packet forwarding. It then discusses the history of routing, from static routing in early networks to the development of dynamic routing protocols. The rest of the document outlines key interior gateway protocols like OSPF and IS-IS, exterior gateway protocols like BGP, and concepts like autonomous systems and routing policy.
This document provides information about load balancing techniques in networking. It discusses several types of load balancing including sub-packet load balancing using MLPPP, per-packet load balancing using bonding, per-connection load balancing using nth, per-address-pair load balancing using ECMP and PCC, custom load balancing using policy routing, and bandwidth-based load balancing using MPLS traffic engineering tunnels. It also provides examples and instructions for configuring various load balancing options in MikroTik RouterOS.
The presentation describes a new manual rehabilitative approach to activate the “Integrated Stabilizing System of the Spine, Chest and Pelvis” and achieve exciting levels of improved function of the locomotor system
This document provides an overview of the Domain Name System (DNS). It discusses what DNS is, why names are used instead of IP addresses, and the history and development of DNS. It describes the hierarchical name space and domain system. It also explains different DNS record types like A, CNAME, MX, and NS records. The document discusses recursive and iterative queries, legal users of domains, and security issues with the traditional DNS system. It provides an overview of how DNSSEC aims to address some of these security issues through digital signing of DNS records.
Review on Protocols of Virtual Private NetworkIRJET Journal
This document discusses various virtual private network (VPN) protocols. It begins by defining what a VPN is - a private network that uses a public network like the internet. It then describes four main VPN protocols: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Secure Sockets Layer (SSL), and OpenVPN. PPTP and L2TP operate at the data link layer and network layer, respectively, to encapsulate and transmit private data via public networks like the internet. SSL operates at the transport layer to allow remote access via standard web browsers. OpenVPN is a transport layer protocol that uses UDP for network applications requiring low latency like voice/video. The document
This tutorial gives very good understanding on Computer Networks After completing this tutorial,You will find yourself at a moderate level of expertise in knowing Advance Networking(CCNA), from where you can take yourself to next levels.
The document discusses TCP/IP networking fundamentals including:
- The TCP/IP protocol suite model with layers for internet, transport, and applications.
- Key protocols like IP, TCP, UDP that operate at each layer.
- IP addressing and routing protocols like RIP and OSPF.
- Network applications that use TCP/IP like HTTP, FTP, SMTP, and DNS.
- Networking services like DHCP, NAT, and firewalls.
- Emerging technologies like IPv6 that expand addressing and add new features.
This document discusses various techniques for transitioning from IPv4 to IPv6, including dual stacking, tunneling, and translation services. It provides examples of configuring dual stacking and manual IPv6 tunnels on Cisco routers to connect isolated IPv6 networks over an IPv4 infrastructure. Dual stacking allows hosts and devices to run both IPv4 and IPv6 simultaneously, while tunneling encapsulates IPv6 packets in IPv4 to enable connectivity across non-IPv6 networks. The document demonstrates establishing an IPv6 tunnel between two routers and routing IPv6 packets over the tunnel using RIPng.
The document provides an overview of IT network design and installation topics covered in a MaxWiFi training course, including network models, IP addressing, NAT, routing, DHCP, VLANs, wireless networking, and Cisco device configuration.
VPN allows remote users to securely connect to a private network over the public Internet. It uses protocols like PPTP and L2TP to encapsulate data and send it through an encrypted tunnel. The VPN server must be configured to assign clients an IP address and authenticate users, while the VPN client needs to be set up to connect to the server and access the private network resources. Encryption protects the data in transit between the client and server.
This document discusses the TCP/IP protocol suite and its layers. It begins by explaining that the OSI model was developed in 1970 as a networking standard, while TCP/IP was developed prior as a stack of protocols. It then notes that TCP/IP layers correspond to the OSI model layers. The document proceeds to describe some of the key protocols in each TCP/IP layer: application layer protocols include HTTP, FTP, SMTP, and Telnet; transport layer protocols are TCP and UDP; and internet layer protocols comprise IP, ARP, RARP, ICMP, and IGMP. Finally, it states that the host to network layers do not specify any special protocols.
This document provides an overview of TCP/IP addressing concepts including:
- IP addresses are divided into network and host portions based on their class (A, B, or C).
- Subnetting allows a network to be divided into multiple subnets using subnet masks to define the network and host portions of IP addresses.
- When planning IP addressing, considerations include determining subnets, assigning addresses to subnets and hosts, and ensuring local and remote hosts can be identified.
The document provides an overview of the CCNA certification and covers topics like internetworking, IP addressing, routing protocols, Cisco IOS, and more. It begins with an introduction to computer networks and protocols. Then it discusses the OSI reference model, IP addressing fundamentals, routing protocols like RIP, IGRP, EIGRP and OSPF, Cisco IOS configuration, and IP routing. The document serves as a study guide for CCNA exam topics at a high level.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
This document defines and compares different types of VPN technologies. It explains that a VPN uses encryption and tunnels to securely transfer private network traffic over a public network like the Internet. The main VPN protocols discussed are PPTP, L2TP, and IPsec. PPTP is a Microsoft-developed protocol that ensures messages between VPN nodes are secure. L2TP combines features of PPTP and L2F protocols. IPsec supports two encryption modes and uses ISAKMP/Oakley for authentication using public keys. Site-to-site and remote access VPNs allow connections between networks and remote computers/devices over the Internet.
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
The document discusses denial of service (DoS) attacks and how to mitigate them. It begins by defining DoS attacks and some common types like Smurf and Fraggle attacks. It then discusses tools like hping that can be used to craft packets for DoS attacks or testing defenses. The document concludes by outlining techniques to prevent networks from being used in DoS amplification attacks and recommends configuring firewalls and filters to detect and block flood traffic.
IPsec is a standardized framework that provides security (encryption, authentication, integrity) for IP communications. It has two modes - Transport mode which encrypts only the payload, and Tunnel mode which encrypts both the header and payload. IPsec uses protocols like AH (Authentication Header) which provides authentication and integrity, and ESP (Encapsulating Security Payload) which provides confidentiality, authentication, and integrity. IPsec implementations can be in end hosts or routers depending on network requirements.
This document covers network layer protocols and routing. It discusses:
- Network layer protocols like IPv4 and IPv6 and their packet headers
- How routers make packet forwarding decisions using routing tables with directly connected and remote network entries
- The basic anatomy of routers including CPU, memory, interfaces, and bootup process
The document discusses network layer protocols and routing. It describes how network layer protocols like IPv4 and IPv6 support communication across networks by addressing devices, encapsulating data, and routing packets. It also explains how routers use routing tables to determine the paths that network traffic should take to reach different destinations and enable connectivity in a network.
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to enable virtual private networks over the public Internet. L2TP merges features of PPTP and L2F to encapsulate PPP frames for transmission over an IP network. The L2TP Access Concentrator terminates the user connection and tunnels individual PPP frames to the L2TP Network Server, which processes the PPP session separately from the physical connection termination point. L2TP allows VPN endpoints to be located on different machines and eliminates possible long-distance charges.
A VPN allows users to securely access a private network over a public network like the internet. It uses authentication, encryption, and tunneling protocols to protect data confidentiality and integrity. VPNs enable remote access for employees and connectivity between branch offices. Common VPN protocols include PPTP, L2TP, and IPSec which use encryption methods to secure data transmission over the VPN tunnel. VPNs provide benefits like reduced costs, flexibility, and scalability compared to private networks.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3Data Hops
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
2. VPN BenefitsVPN Benefits
Enable communications between corporateEnable communications between corporate
private LANs overprivate LANs over
Public networksPublic networks
Leased linesLeased lines
Wireless linksWireless links
Corporate resources (e-mail, servers, printers)Corporate resources (e-mail, servers, printers)
can be accessed securely by users havingcan be accessed securely by users having
granted access rights from outside (home,granted access rights from outside (home,
while travelling, etc.)while travelling, etc.)
3. Jenis Tunnel dan VPNJenis Tunnel dan VPN
IPIPIPIP
EoIPEoIP
PPPoEPPPoE
PPTPPPTP
IPSecIPSec
VlanVlan
L2TPL2TP
OVPNOVPN
4. VLANVLAN
VLAN is an implementation of the 802.1QVLAN is an implementation of the 802.1Q
VLAN protocol for MikroTik RouterOSVLAN protocol for MikroTik RouterOS
A VLAN is a logical grouping that allows endA VLAN is a logical grouping that allows end
users to communicate as if they wereusers to communicate as if they were
physically connected to a single isolated LAN.physically connected to a single isolated LAN.
As VLAN works on OSI Layer 2,As VLAN works on OSI Layer 2,
6. Konfigurasi VlanKonfigurasi Vlan
On the Router 1On the Router 1
[nico@router1] interface vlan> add name=test[nico@router1] interface vlan> add name=test
vlan-id=32 interface=ether1vlan-id=32 interface=ether1
[nico@router1] ip address> add[nico@router1] ip address> add
address=10.10.10.1/24 interface=testaddress=10.10.10.1/24 interface=test
[nico@router1] ip address> /ping 10.10.10.1[nico@router1] ip address> /ping 10.10.10.1
10.10.10.1 64 byte pong: ttl=255 time=3 ms10.10.10.1 64 byte pong: ttl=255 time=3 ms
10.10.10.1 64 byte pong: ttl=255 time=4 ms10.10.10.1 64 byte pong: ttl=255 time=4 ms
7. On the Router 2On the Router 2
[nico@router2] interface vlan> add name=test1 vlan-[nico@router2] interface vlan> add name=test1 vlan-
id=32 interface=ether1id=32 interface=ether1
[nico@router2] ip address> add address=10.10.10.2/24[nico@router2] ip address> add address=10.10.10.2/24
interface=test1interface=test1
[nico@router2] ip address> /ping 10.10.10.2[nico@router2] ip address> /ping 10.10.10.2
10.10.10.2 64 byte pong: ttl=255 time=3 ms10.10.10.2 64 byte pong: ttl=255 time=3 ms
10.10.10.2 64 byte pong: ttl=255 time=4 ms10.10.10.2 64 byte pong: ttl=255 time=4 ms
8. Ethernet over IPEthernet over IP
MikroTik proprietary protocol.MikroTik proprietary protocol.
Simple in configurationSimple in configuration
Don't have authentication or data encryptionDon't have authentication or data encryption
capabilitiescapabilities
Encapsulates Ethernet frames into IP protocolEncapsulates Ethernet frames into IP protocol
47/gre packets, thus EOIP is capable to carry47/gre packets, thus EOIP is capable to carry
MAC-addressesMAC-addresses
EOIP is a tunnel with bridge capabilitiesEOIP is a tunnel with bridge capabilities
11. Check that you are able to ping remote addressCheck that you are able to ping remote address
before creating a tunnel to itbefore creating a tunnel to it
Make sure that your EOIP tunnel will haveMake sure that your EOIP tunnel will have
unique MAC-address (it should be fromunique MAC-address (it should be from
EF:xx:xx:xx:xx:xx range)EF:xx:xx:xx:xx:xx range)
Tunnel ID on both ends of the EOIP tunnelTunnel ID on both ends of the EOIP tunnel
must be the same – it helps to separate onemust be the same – it helps to separate one
tunnel from othertunnel from other
12. EoIP and BridgingEoIP and Bridging
EoIP Interface can be bridged with any otherEoIP Interface can be bridged with any other
EoIP or Ethernet-like interface. Main use ofEoIP or Ethernet-like interface. Main use of
EoIP tunnels is to transparently bridge remoteEoIP tunnels is to transparently bridge remote
networks.networks.
EoIP protocol does not provide dataEoIP protocol does not provide data
encryption,therefore it should be run overencryption,therefore it should be run over
encrypted tunnel interface, e.g., PPTP orencrypted tunnel interface, e.g., PPTP or
PPPoE, if high security is required.PPPoE, if high security is required.
27. Tes KonfigurasiTes Konfigurasi
Tambahkan ip address di laptop satu kelasTambahkan ip address di laptop satu kelas
dengan ip internetdengan ip internet
Ping gateway melalui network EoIP yang telahPing gateway melalui network EoIP yang telah
dibuat.dibuat.
29. Workshop EoIPWorkshop EoIP
Create EOIP tunnel with your neighbor(s)Create EOIP tunnel with your neighbor(s)
Transfer to /22 private networks – this wayTransfer to /22 private networks – this way
youyou
will be in the same network with yourwill be in the same network with your
neighbor,and local addresses will remain theneighbor,and local addresses will remain the
samesame
Bridge your private networks via EoIPBridge your private networks via EoIP
30. /32 IP Addresses/32 IP Addresses
IP addresses are added to the tunnel interfacesIP addresses are added to the tunnel interfaces
Use /30 network to save address space, forUse /30 network to save address space, for
example:example:
10.1.6.1/30 and 10.1.6.2/30 from network10.1.6.1/30 and 10.1.6.2/30 from network
10.1.6.0/3010.1.6.0/30
It is possible to use point to point addressing,It is possible to use point to point addressing,
for example:for example:
10.1.6.1/32, network 10.1.7.110.1.6.1/32, network 10.1.7.1
10.1.7.1/32, network 10.1.6.110.1.7.1/32, network 10.1.6.1
34. Point-to-Point protocol tunnelsPoint-to-Point protocol tunnels
A little bit sophisticated in configurationA little bit sophisticated in configuration
Capable of authentication and data encryptionCapable of authentication and data encryption
Such tunnels are:Such tunnels are:
PPPoE (Point-to-Point Protocol over Ethernet)PPPoE (Point-to-Point Protocol over Ethernet)
PPTP (Point-to-Point Tunneling Protocol)PPTP (Point-to-Point Tunneling Protocol)
L2TP (Layer 2 Tunneling Protocol)L2TP (Layer 2 Tunneling Protocol)
You should create user information beforeYou should create user information before
creating any tunnelscreating any tunnels
35. PPP SecretPPP Secret
PPP secret (aka local PPP user database) stores PPPPPP secret (aka local PPP user database) stores PPP
user access recordsuser access records
Make notice that user passwords are displayed in theMake notice that user passwords are displayed in the
plain text – anyone who has access to the router areplain text – anyone who has access to the router are
able to see all passwordsable to see all passwords
It is possible to assign specific /32 address to bothIt is possible to assign specific /32 address to both
ends of the PPTP tunnel for this userends of the PPTP tunnel for this user
Settings inSettings in /ppp secret/ppp secret user database overrideuser database override
correspondingcorresponding /ppp profile/ppp profile settingssettings
37. PPP Profile and IP PoolsPPP Profile and IP Pools
PPP profiles define default values for userPPP profiles define default values for user
access records stored underaccess records stored under /ppp secret/ppp secret
submenusubmenu
PPP profiles are used for more than 1 user soPPP profiles are used for more than 1 user so
there must be more than 1 IP address to givethere must be more than 1 IP address to give
out - we should use IP pool as “Remoteout - we should use IP pool as “Remote
address” valueaddress” value
Value “default” means – if option is comingValue “default” means – if option is coming
from RADIUS server it won't be overridedfrom RADIUS server it won't be overrided
39. Change TCP MSSChange TCP MSS
Big 1500 byte packets have problems goingBig 1500 byte packets have problems going
trought the tunnels because:trought the tunnels because:
Standard Ethernet MTU is 1500 bytesStandard Ethernet MTU is 1500 bytes
PPTP and L2TP tunnel MTU is 1460 bytesPPTP and L2TP tunnel MTU is 1460 bytes
PPPOE tunnel MTU is 1488 bytesPPPOE tunnel MTU is 1488 bytes
By enabling “change TCP MSS option,By enabling “change TCP MSS option,
dynamic mangle rule will be created for eachdynamic mangle rule will be created for each
active user to ensure right size of TCP packets,active user to ensure right size of TCP packets,
so they will be able to go through the tunnelso they will be able to go through the tunnel
40. PPTP & L2TPPPTP & L2TP
Point-to-Point Tunnelling ProtocolPoint-to-Point Tunnelling Protocol
PPTP uses TCP port 1723 and IP protocol 47/ GREPPTP uses TCP port 1723 and IP protocol 47/ GRE
There is a PPTP-server and PPTP-clientsThere is a PPTP-server and PPTP-clients
PPTP clients are available for and/or included inPPTP clients are available for and/or included in
almost all OSalmost all OS
You must use PPTP and GRE “NAT helpers” toYou must use PPTP and GRE “NAT helpers” to
connect to any public PPTP server from your privateconnect to any public PPTP server from your private
masqueraded networkmasqueraded network
41. L2TP TunnelsL2TP Tunnels
PPTP and L2TP have mostly the samePPTP and L2TP have mostly the same
functionalityfunctionality
L2TP traffic uses UDP port 1701 only for linkL2TP traffic uses UDP port 1701 only for link
establishment, further traffic is using anyestablishment, further traffic is using any
available UDP portavailable UDP port
L2TP don't have problems with NATed clientsL2TP don't have problems with NATed clients
– it don't required “NAT helpers”– it don't required “NAT helpers”
Configuration of the both tunnels are identicalConfiguration of the both tunnels are identical
in RouterOSin RouterOS
42. L2TP AplicationL2TP Aplication
secure router-to-router tunnels over the Internetsecure router-to-router tunnels over the Internet
linking (bridging) local Intranets or LANs (inlinking (bridging) local Intranets or LANs (in
cooperation with EoIP)cooperation with EoIP)
extending PPP user connections to a remote locationextending PPP user connections to a remote location
(for example, to separate authentication and Internet(for example, to separate authentication and Internet
access points for ISP)access points for ISP)
accessing an Intranet/LAN of a company for remoteaccessing an Intranet/LAN of a company for remote
(mobile) clients (employees)(mobile) clients (employees)
50. Monitoring L2TP ClientMonitoring L2TP Client
Example of an established connectionExample of an established connection
[admin@MikroTik] interface l2tp-client>[admin@MikroTik] interface l2tp-client>
monitor test2monitor test2
status: "connected"status: "connected"
uptime: 4m27suptime: 4m27s
encoding: "MPPE128 stateless"encoding: "MPPE128 stateless"
51. User Access ControlUser Access Control
Controlling the HardwareControlling the Hardware
Static IP and ARP entriesStatic IP and ARP entries
DHCP for assigning IP addresses and managingDHCP for assigning IP addresses and managing
ARP entriesARP entries
Controlling the UsersControlling the Users
PPPoE requires PPPoE client configurationPPPoE requires PPPoE client configuration
HotSpot redirects client request to the sign-up pageHotSpot redirects client request to the sign-up page
PPTP requires PPTP client configurationPPTP requires PPTP client configuration
52. PPPoEPPPoE
Point-to-Point Protocol over EthernetPoint-to-Point Protocol over Ethernet
PPPoE works in OSI 2nd (data link) layerPPPoE works in OSI 2nd (data link) layer
PPPoE is used to hand out IP addresses to clientsPPPoE is used to hand out IP addresses to clients
based on the user authenticationbased on the user authentication
PPPoE requires a dedicated access concentratorPPPoE requires a dedicated access concentrator
(server), which PPPoE clients connect to.(server), which PPPoE clients connect to.
Most operating systems have PPPoE client software.Most operating systems have PPPoE client software.
Windows XP has PPPoE client installed by defaultWindows XP has PPPoE client installed by default
55. PPPoE Client StatusPPPoE Client Status
Check your PPPoE connectionCheck your PPPoE connection
Is the interface enabled?Is the interface enabled?
Is it “connected” and running (R)?Is it “connected” and running (R)?
Is there a dynamic (D) IP address assigned to theIs there a dynamic (D) IP address assigned to the
pppoe client interface in the IP Address list?pppoe client interface in the IP Address list?
What are the netmask and the network address?What are the netmask and the network address?
What routes do you have on the pppoe clientWhat routes do you have on the pppoe client
interface?interface?
See the “Log” for troubleshooting!See the “Log” for troubleshooting!
56. PPPoE Lab with EncryptionPPPoE Lab with Encryption
The PPPoE access concentrator is changed toThe PPPoE access concentrator is changed to
use encryption nowuse encryption now
You should use encryption, eitherYou should use encryption, either
change the ppp profile used for the pppoe client tochange the ppp profile used for the pppoe client to
default-encryption', or,default-encryption', or,
modify the ppp profile used for the pppoe client tomodify the ppp profile used for the pppoe client to
use encryptionuse encryption
See if you get the pppoe connection runningSee if you get the pppoe connection running
57. PPPoE ServerPPPoE Server
PPPoE server accepts PPPoE clientPPPoE server accepts PPPoE client
connections on a given interfaceconnections on a given interface
Clients can be authenticated againstClients can be authenticated against
the local user database (ppp secrets)the local user database (ppp secrets)
a remote RADIUS servera remote RADIUS server
a remote or a local MikroTik User Managera remote or a local MikroTik User Manager
databasedatabase
Clients can have automatic data rate limitationClients can have automatic data rate limitation
according to their profileaccording to their profile
60. KonfigurasiKonfigurasi
Set AP Bridge ModeSet AP Bridge Mode
Set IP AddressSet IP Address
Set IP RouteSet IP Route
Set PPPoE server in Wifi InterfaceSet PPPoE server in Wifi Interface
Set up PPPoE Client ( PPP Secret )Set up PPPoE Client ( PPP Secret )
Set up IP Pool (10.10.10.100-10.10.10.103)Set up IP Pool (10.10.10.100-10.10.10.103)
Set up client windows PPPoESet up client windows PPPoE
62. PPP Bridge Control ProtocolPPP Bridge Control Protocol
RouterOS now have BCP support for allRouterOS now have BCP support for all
async. PPP, PPTP, L2TP & PPPoE (not ISDN)async. PPP, PPTP, L2TP & PPPoE (not ISDN)
interfacesinterfaces
If BCP is established, PPP tunnel does notIf BCP is established, PPP tunnel does not
require IP addressrequire IP address
Bridged Tunnel IP address (if present) doesBridged Tunnel IP address (if present) does
not applies to whole bridge – it stays only onnot applies to whole bridge – it stays only on
PPP interface (routed IP packets can goPPP interface (routed IP packets can go
through the tunnel as usual)through the tunnel as usual)
63. Setting up BCPSetting up BCP
You must specify bridge option in the ppp profiles onYou must specify bridge option in the ppp profiles on bothboth
ends of the tunnel.ends of the tunnel.
The bridgeThe bridge mustmust have manually set MAC address, or at leasthave manually set MAC address, or at least
one regular interface in it, because ppp interfaces do not haveone regular interface in it, because ppp interfaces do not have
MAC addresses.MAC addresses.
64. PPP Bridging ProblemPPP Bridging Problem
PPP interface MTU is smaller than standard EthernetPPP interface MTU is smaller than standard Ethernet
interfaceinterface
It is impossible to fragment Ethernet frames –tunnelsIt is impossible to fragment Ethernet frames –tunnels
must have inner algorithm how to encapsulate andmust have inner algorithm how to encapsulate and
transfer Ethernet frames via link with smaller MTUtransfer Ethernet frames via link with smaller MTU
EOIP have encapsulation algorithm enabled byEOIP have encapsulation algorithm enabled by
default, PPP interfaces doesn'tdefault, PPP interfaces doesn't
PPP interfaces can utilize PPP Multi-link Protocol toPPP interfaces can utilize PPP Multi-link Protocol to
encapsulate Ethernet framesencapsulate Ethernet frames
65. PPP Multi-link ProtocolPPP Multi-link Protocol
PPP Multi-link Protocol allows to open multiplePPP Multi-link Protocol allows to open multiple
simultaneous channels between systemssimultaneous channels between systems
It is possible to split and recombine packets, betweenIt is possible to split and recombine packets, between
several channels – resulting in increase the effectiveseveral channels – resulting in increase the effective
maximum receive unit (MRU)maximum receive unit (MRU)
To enable PPP Multi-link Protocol you must specifyTo enable PPP Multi-link Protocol you must specify
MRRU optionMRRU option
In MS Windows you must enable "Negotiate multi-In MS Windows you must enable "Negotiate multi-
link for single link connections" optionlink for single link connections" option