Chetan LinuxVPN by Ei7wPM6x

VIEWS: 4 PAGES: 22

									      Linux VPN Solutions for SME


                               Linux-Bangalore 2002
                                              4/12/2002
                                           Chetan Kumar S
                                         Wipro Technologies
                                     email: chetan.kumar@wipro.com




Chetan Kumar S, Wipro Technologies                                   Linux-Bangalore 2002
                                     Agenda

        Introduction to VPN.
        Requirements for SME/SOHO.
        VPN-Requirements, Categories and Types.
        VPN technical details
        VPN support on Linux, what does Linux
        offer
        A Cook Book solution.



Chetan Kumar S, Wipro Technologies            Linux-Bangalore 2002
Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
                                Types of VPN
  Where is the operation (or does the tunnel ends)
       CPE based VPN
       Network Based VPN
  Which Layer it operates
       Layer 2/Layer 3 VPN
  Service Based
       Virtual Leased Lines
       Virtual Private Dial Networks
       Virtual Private LAN Segment
       Virtual Private Routed Networks
Chetan Kumar S, Wipro Technologies             Linux-Bangalore 2002
Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
                       What fits for a SME
  CPE based solutions
       Remote offices can connect to main offices
       Multiple remote offices can interconnect
             Either via main offices/directly
  If there are home users, they can use dial-up




Chetan Kumar S, Wipro Technologies                Linux-Bangalore 2002
                                     Why Linux
  Standard based solutions
       Most of the software that are available are standard
       based, so can interoperate with others
  Economical
       Both the capex and opex are cheep.
  Security
       An open software software is more secure !!
  Ease of operation
       No need to learn new router box commands.




Chetan Kumar S, Wipro Technologies               Linux-Bangalore 2002
                                     Why Linux
  Least support from SP
       You can have VPN service without the support of
       your SP.
  Ease of revamping & Flexible
       Whenever a new software comes up just go and
       upgrade.
  24x7 support
       From the open software community.
  There are lots of Linux-VPN SOHO box out
  there.



Chetan Kumar S, Wipro Technologies               Linux-Bangalore 2002
           General VPN Requirements
  Tunneling mechanism
  Data Security
  Network Security
  QoS guarantee
  Opaque transport




Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
               VPN Support On LINUX
   Tunneling
      Support for IPIP tunneling
      Support for PPTP
      Support for GRE
      Support for MPLS




Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
               VPN Support On LINUX
   Data Security
      SSH
      IPSEC

   Network Security
      ipchains based firewall
      IP masquerading
      NAT




Chetan Kumar S, Wipro Technologies   Linux-Bangalore 2002
               VPN Support On LINUX
   QoS
      Support bandwidth management
      Support rate limiting and policing
      Class based Queue
      Lots of scheduling algorithm available




Chetan Kumar S, Wipro Technologies             Linux-Bangalore 2002
               VPN Support On LINUX
   Advanced Routing
      Multiple routing table
        A compile time Advanced Routing option
        Up to 255 routing tables
      Netlink support for associating network interfaces or
      tunnels with routing tables
      TC traffic class for grouping traffic for a particular
      treatment




Chetan Kumar S, Wipro Technologies               Linux-Bangalore 2002
                   Example and Solution


  Local LAN                            Internet


                  GNU/Linux VPN Host




Chetan Kumar S, Wipro Technologies                Linux-Bangalore 2002
                           Example Solution
   Solution outline
         The solution using ssh tunnel over ppp
         ssh provide security
         ppp provide tunneling mechanism
         Use ipchain to get network security
   Things to do
         Configure kernel
         Bring up link on server
         Start client session


Chetan Kumar S, Wipro Technologies                Linux-Bangalore 2002
                   Example and Solution

                                             Application

 IPCHAIN
                                           Network security

       PPP
                                            Tunneling

       SSH
                                     Encryption Data Security
      PPP/
      DSL
      Cable                            Basic Connectivity




Chetan Kumar S, Wipro Technologies                              Linux-Bangalore 2002
                               References
   Building Linux VPN - Oleg Kolesnikov and Brian Hatch
   http://www.buildinglinuxvpns.net/
   The Linux HOWTO pages:
   http://www.caldera.com/LDP/HOWTO/
   The VPN HOWTO:
   http://www.caldera.com/LDP/HOWTO/VPN-HOWTO.html
   The VPN-Masquerading HOWTO
   http://www.caldera.com/LDP/HOWTO/
   OpenSSH homepage: http://www.openssh.com/
   Ipchains HOWTO:
   http://www.caldera.com/LDP/HOWTO/IPCHAINS-
   HOWTO.html
   PoPToP homepage: http://www.moretonbay.com/vpn/pptp.html


Chetan Kumar S, Wipro Technologies                  Linux-Bangalore 2002
                                     Thank
   My Contact info
         Chetan Kumar S
         Wipro Technologies
         chetan.kumar@wipro.com




Chetan Kumar S, Wipro Technologies           Linux-Bangalore 2002

								
To top