IT training beginning OpenVPN 2 0 9 december 2009
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (10.92 MB, 357 trang )
Beginning OpenVPN 2.0.9
Build and integrate Virtual Private Networks using
OpenVPN
Markus Feilner
Norbert Graf
BIRMINGHAM - MUMBAI
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Beginning OpenVPN 2.0.9
Copyright © 2009 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, without the prior written
permission of the publisher, except in the case of brief quotations embedded in
critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of
the information presented. However, the information contained in this book is sold
without warranty, either express or implied. Neither the authors, Packt Publishing,
nor its dealers or distributors will be held liable for any damages caused or alleged to
be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: December 2009
Production Reference: 1251109
Published by Packt Publishing Ltd.
32 Lincoln Road
Olton
Birmingham, B27 6PA, UK.
ISBN 978-1-847197-06-1
www.packtpub.com
Cover Image by Filippo Sarti ()
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Credits
Author
Editorial Team Leader
Markus Feilner
Co-author
Norbert Graf
Reviewers
Chris Buechler
Akshara Aware
Project Team Leader
Priya Mukherji
Project Coordinator
Zainab Bagasrawala
Ralf Hildebrandt
Acquisition Editor
Proofreaders
Kevin McGowan
Louay Fatoohi
Chris Smith
Development Editor
Swapna Verlekar
Graphics
Nilesh R. Mohite
Technical Editor
Akash Johari
Production Coordinator
Dolly Dasilva
Copy Editor
Leonard D'silva
Cover Work
Dolly Dasilva
Indexer
Hemangini Bari
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
About the Author
Markus Feilner is a Linux professional from Regensburg, Germany and has been
working with open source software since the mid 1990s. His first contact with Unix
was with a SUN cluster and with SPARC workstations at Regensburg University
during his studies of geography, computer science, and GIS. Since the year 2000,
he has published several documents used in Linux training all over Germany.
In 2001, he founded his own Linux consulting and training company, Feilner IT
(). Here, and as trainer, consultant, and systems
engineer at Millenux, Munich, he focused on groupware, collaboration, and
virtualization with Linux-based systems and networks.
He is working as Stellvertretender Chefredakteur at German Linux-Magazine,
where he writes about open source software for both printed and online magazines,
including the Linux Technical Review and the Linux Magazine International
(). He regularly gives speeches and lectures
at conferences in Germany. Security and VPN have never left his focus in his
publications and articles. Together with Packt, he published OpenVPN: Building and
Integrating Virtual Private Networks in 2006 and Scalix: Linux Administrator's Guide
in 2008.
He is interested in anything concerning geography, traveling, photography,
philosophy (especially that of open source software), global politics, soccer,
and literature, but always has too little time for these hobbies.
Markus Feilner supports Linux4afrika—a project bringing Linux computers into
African schools.
For more information, please visit .
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Acknowledgement
I'd like to thank all the people from the OpenVPN project and mailing lists. Thanks
to all the developers and especially to James Yonan for creating such a great
software. Thanks to everyone at Packt for working together through the last few
years (however tough they were). Thank you for your patience, your cooperative
style, and innovative ideas.
And, of course, the most important thank you goes to my co-author Norbert Graf,
who always had the right screenshot or configuration at hand.
Thanks to the fantastic staff at the Regensburg University Clinicum, especially at
station 21 who helped me get well again and cured me from Leukemia. Thanks to the
wonderful city of Regensburg and the great African people all over this continent!
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
About the Co-author
Norbert Graf is a professional IT specialist from Munich with many years of
experience in network security and server virtualization. His special fields of interest
are Linux-based firewalls, VMware, and XEN virtualization.
Since 2002, he has been working as a consultant for an IT company near Munich,
for customers from the healthcare sector like hospitals or pharmaceutical concerns
to small companies.
He made his first experiences with computers with the Commodore C64 learning
to program in basic, followed by an x86 processor PC with DOS and Windows. He
is still working with Windows and Linux networks every day. His field of work
especially includes integrating Linux servers like Proxies or OpenVPN servers in
Microsoft Active Directory infrastructures.
Since 2007, he has published several articles (mostly about Windows and Linux
cooperation) together with Markus Feilner in the German and International
Linux Magazine.
In November 2007, his son Moritz was born and made the whole family very happy.
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
About the Reviewers
Chris Buechler is the co-founder and Chief Technology Officer of BSD Perimeter
LLC, the corporate arm of the pfSense open source firewall distribution. He has more
than a decade of IT experience and holds numerous industry certifications including
CISSP, SSCP, MCSE, and CCNA among others. He served as the contributing author
on security for the book SharePoint 2007: The Definitive Guide from O'Reilly and is the
primary author of a book on pfSense to be published by Reed Media in 2009. He has
presented on security topics at more than a dozen conferences in the US and Canada.
He can be reached at
Ralf Hildebrandt holds a degree in computer science and has been working with
Unix since 1994. His experience with computers dates back to 1984 and a sturdy
old C64. Recently, he changed employer from T-Systems to Charite and became
, thus gaining experience in running large listservers.
Ralf is the co-author of The Book of Postfix.
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Table of Contents
Preface
Chapter 1: VPN—Virtual Private Network
Broadband Internet access and VPNs
How does a VPN work?
What are VPNs used for?
Networking concepts—protocols and layers
Tunneling and overhead
VPN concepts—overview
A proposed standard for tunneling
Protocols implemented on OSI layer 2
Protocols implemented on OSI layer 3
Protocols implemented on OSI layer 4
OpenVPN—a SSL/TLS-based solution
Summary
Chapter 2: VPN Security
VPN security
Privacy—encrypting traffic
Symmetric encryption and pre-shared keys
Reliability and authentication
The problem of complexity in classic VPNs
Asymmetric encryption with SSL/TLS
SSL/TLS security
HTTPS
Understanding SSL/TLS certificates
Trusted certificates
Self-signed certificates
1
7
9
10
12
13
16
17
17
18
19
20
21
21
23
23
24
25
26
26
27
28
29
30
30
32
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Table of Contents
SSL/TLS certificates and VPNs
Generating certificates and keys
Summary
33
34
34
Chapter 3: OpenVPN
35
Chapter 4: Installing OpenVPN on Windows and Mac
55
Chapter 5: Installing OpenVPN on Linux and Unix Systems
67
Advantages of OpenVPN
History of OpenVPN
OpenVPN Version 1
OpenVPN Version 2
The road to version 2.1
Networking with OpenVPN
OpenVPN and firewalls
Configuring OpenVPN
Problems with OpenVPN
OpenVPN compared to IPsec VPN
User space versus kernel space
Sources for help and documentation
The project community
Documentation in the software packages
Summary
Obtaining the software
Installing OpenVPN on Windows
Downloading and starting installation
Selecting the components and location
Finishing installation
Testing the installation—a first look at the panel applet
Installing OpenVPN on Mac OS X (Tunnelblick)
Testing the installation—the Tunnelblick panel applet
Summary
Prerequisites
Installing OpenVPN on SuSE Linux
Using YaST to install software
Installing OpenVPN on Red Hat Fedora using yum
Installing OpenVPN on Red Hat Enterprise Linux
Installing OpenVPN on RPM-based systems
Using wget to download OpenVPN RPMs
Installing OpenVPN and the LZO library with wget and RPM
Using rpm to obtain information on the installed OpenVPN version
35
37
38
41
42
44
46
47
48
49
51
51
52
52
53
55
56
56
57
59
60
62
64
65
67
68
69
72
75
77
78
79
80
[ ii ]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Table of Contents
Installing OpenVPN on Debian and Ubuntu
Installing Debian packages
Using Aptitude to search and install packages
OpenVPN—the files installed on Debian
Installing OpenVPN on FreeBSD
Installing a newer version of OpenVPN on FreeBSD—the ports system
82
84
86
88
88
91
Summary
94
Installing the port system with sysinstall
Downloading and installing a BSD port
Chapter 6: Advanced OpenVPN Installation
91
92
95
Troubleshooting—advanced installation methods
Installing OpenVPN from source code
Building and distributing .deb packages
Building your own RPM file
Enabling Linux kernel TUN/TAP support
95
96
102
104
106
Summary
109
Using menuconfig
Chapter 7: Configuring an OpenVPN Server—The First Tunnel
OpenVPN on Microsoft Windows
Generating a static OpenVPN key
Creating a sample connection
Adapting the sample configuration file provided by OpenVPN
Starting and testing the tunnel
A brief look at Windows OpenVPN network interfaces
Connecting Windows and Linux
File exchange between Windows and Linux
WinSCP
Transferring the key file from Windows to Linux with WinSCP
The second pitfall—carriage return/end of line
107
111
112
113
115
117
119
121
122
123
123
124
126
Configuring the Linux system
Testing the tunnel
127
129
Running OpenVPN automatically
131
Using SuSE's YaST module system services (runlevel)
137
A look at the Linux network interfaces
130
OpenVPN as a server on Windows
OpenVPN as a server on Linux
Runlevels and init scripts on Linux
Using runlevel and init to change and check runlevels
The system control for runlevels
Managing init scripts
131
133
133
134
135
136
[ iii ]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Table of Contents
Troubleshooting firewall issues
Deactivating the Windows XP service pack 2 firewall
Stopping the SuSE firewall
Summary
139
139
141
142
Chapter 8: Setting Up OpenVPN with X.509 Certificates
143
Chapter 9: The Command openvpn and Its Configuration File
165
Creating certificates
Certificate generation on Windows Server 2008 with easy-rsa
Setting variables—editing vars.bat
Creating the Diffie-Hellman key
Building the certificate authority
Generating server and client keys
Distributing the files to the VPN partners
Configuring OpenVPN to use certificates
Using easy-rsa on Linux
Preparing variables in vars
Creating the Diffie-Hellman key and the certificate authority
Creating the first server certificate/key pair
Creating further certificates and keys
Troubleshooting
Summary
Syntax of openvpn
OpenVPN command-line parameters
Using OpenVPN at the command line
Parameters used in the standard configuration file for a static key client
Compressing the data
Controlling and restarting the tunnel
Debugging output—troubleshooting
Configuring OpenVPN with certificates—simple TLS mode
Overview of OpenVPN parameters
General tunnel options
Routing
Controlling the tunnel
Scripting
Modules
Logging
Specifying a user and group
The management interface
Proxies
Encryption parameters
143
144
145
146
147
148
152
154
157
158
158
159
161
162
163
166
166
167
169
169
172
173
175
176
176
179
181
182
182
184
185
186
188
189
[ iv ]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Table of Contents
Testing the crypto system with --test-crypto
SSL information—command line
Server mode
190
191
195
Client mode parameters
201
Server mode parameters
--client-config options
Push options
Important Windows-specific options
New in Version 2.1
Connection profiles
Topology mode
Script-security
Port-sharing
Test
Summary
Chapter 10: Securing OpenVPN Tunnels and Servers
Securing and stabilizing OpenVPN
Authentication
Using authentication methods
Authentication plugins overview
Authentication with tokens
Individual authentication with Pam-per-user
Linux and Firewalls
Debian Linux and Webmin with Shorewall
Installing Webmin and Shorewall
Looking at Webmin
Preparing Webmin and Shorewall for the first start
Preparing the Shoreline firewall
Troubleshooting Shorewall—editing the configuration files
OpenVPN and SuSEfirewall
Routing and firewalls
Configuring a router without a firewall
iptables—the standard Linux firewall tool
Configuring the Windows Firewall for OpenVPN
Summary
Chapter 11: Advanced Certificate Management
Certificate management and security
Installing xca
Using xca
Creating a database
196
199
202
203
204
204
205
206
206
206
207
209
209
212
213
216
217
218
220
221
221
222
223
224
225
228
230
230
230
234
238
239
239
240
240
240
[v]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Table of Contents
Importing a CA certificate
Creating and signing a new server/client certificate
Revoking certificates with xca
Using TinyCA2 to manage certificates
242
244
248
250
Other tools worth mentioning
Summary
255
256
Importing our CA
Using TinyCA2 for CA administration
Creating new certificates and keys
Exporting keys and certificates with TinyCA2
Revoking certificates with TinyCA2
250
251
252
254
255
Chapter 12: OpenVPN GUI Tools
257
Chapter 13: Advanced OpenVPN Configuration
265
Chapter 14: Mobile Security with OpenVPN
287
Chapter 15: Troubleshooting and Monitoring
295
OpenVPN server administration: Webmin's OpenVPN plugin
Client GUIs for Linux
KVpnc
GAdmin-OpenVPN-Client
NetworkManager
Summary
Tunneling a proxy server and protecting the proxy
Scripting OpenVPN—an overview
Using a client configuration directory with per‑client configurations
Individual firewall rules for connecting clients
Distributed compilation through VPN tunnels with distcc
Ethernet bridging with OpenVPN
Automatic installation for Windows clients
Clustering and redundancy
Summary
Anonymous and uncensored Internet Access
OpenVPN on Windows Mobile
Embedded Linux – Maemo
Summary
Testing network connectivity
Checking interfaces, routing, and connectivity on the VPN servers
Debugging with tcpdump and IPTraf
Using OpenVPN protocol and status files for debugging
Scanning servers with Nmap
257
260
260
262
263
264
266
268
270
273
275
277
279
284
285
287
289
292
294
295
298
303
305
307
[ vi ]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Table of Contents
Monitoring tools
ntop
Munin
Nagios
OpenVPNgraph
Summary
Appendix: Internet Resources and More
Index
308
309
310
311
312
313
315
325
[ vii ]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Preface
OpenVPN is an outstanding piece of software that was invented by James Yonan
in the year 2001 and has steadily been improved since then. No other VPN solution
offers a comparable mixture of enterprise-level security, usability, and feature
richness. We have been working with OpenVPN for many years now, and it has
always proven to be the best solution. This book is intended to introduce OpenVPN
software to network specialists and VPN newbies alike. OpenVPN works where
most other solutions fail and exists on almost any platform. Thus, it is an ideal
solution for problematic setups and an easy approach for the inexperienced.
On the other hand, the complexity of classic VPN solutions, especially IPsec, gives
the impression that VPN technology in general is difficult and a topic only for very
experienced (network and security) specialists. OpenVPN proves that this can be
different, and this book aims to document that.
I want to provide both a concise description of OpenVPN's features and an
easy-to-understand introduction for the inexperienced. Though there may be many
other possible ways to success in the scenarios described, the ones presented have
been tested in many setups and have been selected for simplicity reasons.
What this book covers
Chapter 1, VPN—Virtual Private Network, gives a brief overview about what VPNs
are, what security means here, and similar important basics.
Chapter 2, VPN Security, introduces basic security concepts necessary to understand
VPNs and OpenVPN in particular. We will have a look at encryption matters,
symmetric and asymmetric keying, and certificates.
Chapter 3, OpenVPN, discusses OpenVPN, its development, features, resources,
advantages, and disadvantages compared to other VPN solutions, especially IPsec.
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Preface
Chapter 4, Installing OpenVPN on Windows and Mac, shows step-by-step how to
install OpenVPN on clients using Apple or Microsoft products.
Chapter 5, Installing OpenVPN on Linux and Unix Systems, deals with simple
installation on Linux and Unix.
Chapter 6, Advanced OpenVPN Installation, shows you how to get OpenVPN up and
running even when it gets difficult or non-standard.
Chapter 7, Configuring an OpenVPN Server—The First Tunnel, introduces the use of
OpenVPN to build a first tunnel.
Chapter 8, Setting Up OpenVPN with X.509 Certificates, explains us how to use
OpenVPN to build a tunnel using the safe and easily manageable certificates.
Chapter 9, The Command openvpn and Its Configuration File, groups an abundance of
command-line options that OpenVPN has to offer into several tables, which enable
you to search and find the relevant once far more easily.
Chapter 10, Securing OpenVPN Tunnels and Servers, shows how to use several
Firewalls (Windows and Linux) and security-relevant extensions like Authentication
for OpenVPN.
Chapter 11, Advanced Certificate Management, deals with security issues, and
advanced certificate management tools, such as TinyCA or xca, help us understand
and manage a PKI thoroughly.
Chapter 12, OpenVPN GUI Tools, shows you how to choose a suitable client out of
three GUI-tools for OpenVPN for your setup.
Chapter 13, Advanced OpenVPN Configuration, discusses tunneling proxies, pushing
configurations from the server to the client, and many other examples up to clusters
and redundancy.
Chapter 14, Mobile Security with OpenVPN, teaches us how to connect our mobile
device, be it Windows Mobile, an embedded Linux device, or a laptop, to our VPN
and start communicating privately.
Chapter 15, Troubleshooting and Monitoring, will help you in many cases when you
run into network problems, or if anything doesn't work.
Appendix, Internet Resources and More, holds all abbreviations used and all weblinks
found throughout the whole book.
[2]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Preface
What you need for this book
For learning VPN technologies, it may be helpful to have at least two or four PCs.
Virtualization tools like KVM, XEN, or VMware are very helpful here, especially
if you want to test with different operating systems and switch between varying
configurations easily. However, one PC is completely enough to follow the course of
this book.
Two separate networks (connected by the Internet) can provide a useful setup if you
want to test firewall and advanced OpenVPN setup.
Who this book is for
This book is for Newbies and Admins alike. Anybody interested in security and
privacy in the internet, and anybody who wants to have his or her notebook or
mobile phone connect safely to the Internet will learn how to connect to and how
to set up the server in the main branch of his or her company or at home. You will
learn how to build your own VPN, surf anonymously and without censorship,
connect branches over the Internet in a safe way, and learn all the basics on how to
administer and build Virtual Private Networks.
Conventions
In this book, you will find a number of styles of text that distinguish between
different kinds of information. Here are some examples of these styles, and an
explanation of their meaning.
Code words in text are shown as follows: "We can include other contexts through the
use of the include directive."
A block of code will be set as follows:
remote xxx.dyndns.org
(...)
tls-remote "/C=DE/ST=BY/O=Feilner-IT/CN=VPN-Server/
emailAddress="
(...)
resolv-retry 86400
[3]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Preface
When we wish to draw your attention to a particular part of a code block, the
relevant lines or items will be shown in bold:
suse01:/var/log # ldapwhoami -x -h 10.10.10.1 -D
uid=mfeilner,ou=Feilner-it_Users,dc=feilner-it,dc=home -w correct_
password
dn:uid=mfeilner,ou=Feilner-it_Users,dc=feilner-it,dc=home
suse01: # ldapwhoami -x -h 10.10.10.1 -D uid=mfeilner,ou=Feilner-it_
Users,dc=feilner-it,dc=home -w wrong_password
ldap_bind: Invalid credentials (49)
Any command-line input or output is written as follows:
opensuse01:~ # echo "1" > /proc/sys/net/ipv4/ip_forward
opensuse01:~ #
New terms and important words are shown in bold. Words that you see on the
screen, in menus or dialog boxes for example, appear in our text like this: "Start YaST
on your SuSE Linux system and change to the Firewall module, which can be found
in Security and Users".
Warnings or important notes appear in a box like this.
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about
this book—what you liked or may have disliked. Reader feedback is important
for us to develop titles that you really get the most out of.
To send us general feedback, simply drop an email to ,
and mention the book title in the subject of your message.
If there is a book that you need and would like to see us publish, please send
us a note in the SUGGEST A TITLE form on www.packtpub.com or email
If there is a topic that you have expertise in and you are interested in either writing
or contributing to a book, see our author guide on www.packtpub.com/authors.
[4]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
Preface
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to
help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our contents, mistakes
do happen. If you find a mistake in one of our books—maybe a mistake in text or
code—we would be grateful if you would report this to us. By doing so, you can save
other readers from frustration, and help us to improve subsequent versions of this
book. If you find any errata, please report them by visiting ktpub.
com/support, selecting your book, clicking on the let us know link, and entering
the details of your errata. Once your errata are verified, your submission will be
accepted and the errata added to any list of existing errata. Any existing errata can be
viewed by selecting your title from />
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media.
At Packt, we take the protection of our copyright and licenses very seriously. If
you come across any illegal copies of our works in any form on the Internet, please
provide us with the location address or web site name immediately so that we can
pursue a remedy.
Please contact us at with a link to the suspected
pirated material.
We appreciate your help in protecting our authors, and our ability to bring you
valuable content.
Questions
You can contact us at if you are having a problem with
any aspect of the book, and we will do our best to address it.
[5]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
VPN—Virtual Private Network
This chapter will start with networking solutions that were used in the past for
connecting several branches of a company. Technological advances, such as
broadband Internet access, brought about new possibilities and new concepts
for this issue, one of them being the Virtual Private Network (VPN). In this chapter,
you will learn what the term VPN means, how it evolved during the last few
decades, why it is a necessity for modern enterprises, and how typical VPNs work.
Basic networking concepts are necessary to understand the variety of possibilities
that VPNs offer.
Historical: In former times, information exchange between branches of a company
was mainly done by mail, telephone, and later by fax. But today there are
five main challenges for modern VPN solutions that are discussed in this chapter.
The challenges faced by companies are as follows:
•
The general acceleration of business processes and the rising need for fast,
flexible information exchange between all branches of a company have
made 'old-fashioned' mail and even fax services appear to be too slow for
modern requirements.
•
Technologies, such as Groupware, Customer Relationship Management
(CRM), and Enterprise Resource Planning (ERP) are used to ensure
productive teamwork, and every employee is expected to cooperate.
•
Almost every enterprise has several branches in different locations and often
has field and home workers. All of these must be enabled to participate in
internal information exchange without delays.
•
All computer networks have to fulfill security standards to high levels
to ensure data integrity, authenticity, and stability.
•
Secure and flexible access for mobile devices has to be implemented,
including new strategies for laptops and modern smartphones.
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
VPN—Virtual Private Network
These factors have led to the need for sophisticated networking solutions between
companies' offices all over the world. With computer networks connecting all
desktops within a single location, the need for connections between sites has become
more and more urgent.
Many years ago you could only rent dedicated lines between your sites. These lines
were expensive, thus only large companies could afford to connect their branches to
enable worldwide team working. To achieve this fast and expensive connections had
to be installed at every site, costing much more than normal enterprise Internet access.
The concept behind this network design was based on a real network between the
branches of the company. A provider was needed to connect every location and a
physical cable connection between all branches was established. Like the telephone
network, a single dedicated line connecting two partners was used for communication.
Security for this line was achieved by providing a dedicated network—every
connection between branches had to be installed with a leased line. For a company
with four branches (A, B, C, and D), six dedicated lines would then become necessary.
A
B
C
D
Furthermore, Remote Access Servers (RAS) were used for field or home workers,
who would only connect temporarily to the company's network. These people had
to use special dial-in connections (with a modem or ISDN line) and the company
acted as an Internet provider. For every remote worker, a dial-in account had to
be configured and field workers could only connect over this line. The telephone
company provided one dedicated line for every dial-up and the central branch had
to make sure that enough telephone lines were always available.
[8]
This material is copyright and is licensed for the sole use by Alison Voyvodich on 4th December 2009
12593 80th Avenue N, , Seminole, , 33776
