2005 mtsc uc-7400 thomas cheng aug-2005. 09/13topic 14:00-15:20 universal communicator – part i...

2005 MTSC UC-74002005 MTSC UC-7400

Thomas Cheng

Aug-2005

0913 Topic

1400-1520Universal Communicator ndash Part I

1520-1540 Coffee Break

1540-1700 Universal Communicator ndash Part II

1700-1800 UC Exam

1800 Dinner

2005 MTSC UC-74002005 MTSC UC-7400

2005 MTSC UC-74002005 MTSC UC-7400

UC-7400 Series Introduction1 Comparisons2 New functions and Features

iptables Introduction Hands-On

OpenVPN Introduction Hands-On

Live Demo

UC Family ComparisonsUC Family Comparisons

Hardware and Software

Hardware ComparisonHardware Comparison

(UC-74107420 Hardware V12)

UC-7420 UC-7410 UC-7408 UC-7110

CPU Intel Xscale IXP-422 266MHz ARM9 32-bit 166MHz

RAM 128MB 16MB

Flash 32MB 8MB

LAN 10100 Mbps x 2

RS-232422485 8 2

Serial Protection 15 KV ESD for all signal

Flow Control RTSCTS XONXOFF

Speed 50 bps to 9216 Kbps

DIDO NA NA DI x8DO x 8 NA

USB 20 Hosts 2 NA NA NA

USB 10 Client 1 1 1 NA

PCMCIA Cardbus x 1 NA Cardbus x 1 NA

Compact Flash 1 NA 1 NA

LCM 128 x 64 dots 128 x 64 dots NA NA

Keypad 5 5 NA NA

Real Time Clock Yes

Buzzer Yes

Reset Button HW Reset x 1 Reset to default x 1 Reset to default x 1

Software ComparisonSoftware ComparisonUC-7400 Series UC-7110

Boot Loader Redboot V192 Moxa Proprietary Boot Loader

Kernel MontaVista Linux 2418 uClinux Kernel 2422

Protocol Stack ARPCHAPPAPIPv4ICMPTCP

UDPDHCPFTPTelnetSNMPv1v3

HTTPNTPNFSSMTPPPP

SSHv1020SSLOpenVPN

ARPCHAPPAPIPv4ICMPTCP

UDPDHCPFTPTelnetSNMPv1

HTTPNTPNFSSMTPPPP

Flash File System JFFS2 JFFS2

OS Shell Command bash V205 mash V0604

Linux normal command utility Busybox V0604 Busybox V0604

Web Apache 2042 Boa 09316

Secure shell sshd V120 NA

Network file system NFS Server V22 NA

Virtual private network OpenVPN V20 NA

OpenSSL OpenSSL V096 NA

Tool Chain Linux Windows Linux

UC-7400 V15 FirmwareUC-7400 V15 Firmware

New Functions and Features Introduction

Firmware Version V11 V143 V15

Serial port 2304 Kbps 2304 Kbps 9216 Kbps (with HW V12)

WLAN 80211b

(Prism2025)

80211b (Prism2025)

80211b (Prism2025) 80211g

USB Host NA Mass Storage PNP Mass Storage PNP

USB Client NA NA NA

Reset to Factory Default button NA NA Yes (with HW V12)

Share Memory NA NA Yes

Protocol stacks and utilities

Arp (utility) NA Yes Yes

iptable NA NA Yes

OpenVPN NA NA Yes

WatchDog API NA NA Yes

Crontable NA NA Yes

upfirm NA Yes Yes

backupuf NA Yes Yes

backupfs bf Yes Yes NA

minicom Yes Yes Replace by tip

Directory Change

var User File System

User File System Change to ramdisk

Apache root document usrhtml usrhtml usrwww



New Feature Introductionbull WatchDog supportbull Support Cron function on system bull UART and special baud rate supportbull System Image Backup utility ldquoupfirmbull 80211g wireless card supportbull Support tool chain on Windows platform

including GCC Glibc and Insight (GDB debug tool)

bull iptables supportbull OpenVPN support

Watch Dog Timer (Watch Dog Timer (WDT)WDT)

1 Introduction

The WDT works like a watch dog function You can enable it or disable it When the user enables WDT but the application does not acknowledge it the system will reboot You can set the ack time from a minimum of 50 msec to a maximum of 60 seconds

2 How the WDT works

The sWatchDog is enabled when the system boots up The kernel will auto ack it The user application can also enable ack When the user does not ack it will let the system reboot

3 The user API

The user application must include ltmoxadevicehgt and link moxaliba

CrontabCrontab

1 Introduction Daemon to Execute Scheduled Commands

2 Descriptionbull Start Cron from the directory etcrcdrclocal bull Modify the file etccrondcrontab to set up your scheduled

applications Crontab files have the following format

3 Example

bull How to add ntpdate (synchronize time) in Cronbull Everyday 510 system will synchronize the time from NTP Server

(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)

Dow (Week) User command

0-59 0-23 1-31 1-12 0-6 (0 is Sunday)

vi etccrondcrontab m h dom mon dow user command10 5 root usrsbinntpdate 19216801 sbinhwclock -w

UART and special baud rate supportUART and special baud rate support

1 Introductionbull The normal tty device node is located at devttyM0 hellip ttyM7

and the modem tty device node is located at devcum0 hellip cum7

bull UC-7400 supports Linux standard termios controlbull Moxa UART Device API allows you to configure ttyM0 to

ttyM7 as RS-232 RS-422 2-wire RS-485 and 4-wire RS4852 The FunctionYou must include ltmoxadevicehgtdefine RS232_MODE 0define RS485_2WIRE_MODE 1define RS422_MODE 2define RS485_4WIRE_MODE 3

Function bull MOXA_SET_OP_MODEbull MOXA_GET_OP_MODE


3 Special baud rate supportbull There are two Moxa private ioctl commands for setting up

special baud rates

Function bull MOXA_SET_SPECIAL_BAUD_RATEbull MOXA_GET_SPECIAL_BAUD_RATE

bull If you use this ioctl to set a special baud rate the termios cflag will be B4000000 in which case the B4000000 define will be different

bull If the baud rate you get from termios (or from calling tcgetattr()) is B4000000 you must call ioctl with MOXA_GET_SPECIAL_BAUD_RATE to get the actual baud rate

Upgrading the FirmwareUpgrading the Firmware

New utility Upfirm


1 Introduction UC-7400rsquos bios kernel mini file system and user file system

are combined into one firmware file which can be downloaded from Moxarsquos website (wwwmoxacom)

bull The name of the firmware file has the form

uc7400-xxxfrm with xxx indicating the firmware

version

ATTENTIONATTENTIONbull Upgrading the firmware will erase all data on the Flash ROM


2 Descriptionbull In V143 or later version firmware UC-7400 new add a

utility upfirmldquo

bull The utility upfirm is designed for upgrading the firmware (include boot-loader kernel mini file system user file system and configuration)

bull If your firmware version is early than V143 you can find the utility from Moxa Website

How to upgrade firmwareHow to upgrade firmware

Step1 Type the following commands to enable the RAM disk

upramdisk

cd mntramdisk

Step2 Download firmware file into ramdisk from Moxa website

Step3 Use the upfirm command to upgrade the kernel and root file system

upfirm uc7400-xxxfrm

(Reference next slide to see upfirm procedure)

rootMoxamntramdisk upfirm UC7420-15frm

Upgrade firmware utility version 10To check source firmware file contextThe source firmware file conext is OKThis step will destroy all your firmwareDo you want to continue it (YN) YMTD device [devmtd6] erase 128 Kibyte 20000 ndash 100 completeWait to write file Compleleted 100Now upgrade the new configuration fileUpgrade the firmware is OKPlease press any key to reboot system

Press any key to Press any key to reboot systemreboot system

Note DO NOT power off UC until the Ready LED is ON again It will take much time for the first boot up after upgrading the firmware

Setting up the Network InterfacesSetting up the Network Interfaces

IEEE80211g

ConfigureConfigure 80211g Wireless LAN80211g Wireless LAN

rootMoxa vi etcnetworkinterfaces

80211g Gigabyte Cardbus wireless card

iface eth0 inet static

address 1921685127

network 19216850

netmask 2552552550

broadcast 1921685255

Step1 Unplug the CardBus Wireless LAN card first

Step2 Configure the default IP setting profile

vi etcnetworkinterfaces

ConfigureConfigure 80211g Wireless LAN 80211g Wireless LAN

vi etcWirelessRT2500START2500STAdat

Copy this file to etcWirelessRT2500START2500STAdat

This file is a binary file and will be read on loading rt2500o module

Use vi -b RT2500STAdat to modify settings according to your need

1) set NetworkType to Adhoc for using Adhoc-mode otherwise using Infrastru

2) set Channel to 0 for auto-select on Infrastructure mode

3) set SSID for connecting to your Accss-point

4) AuthMode can be OPEN SHARED WPAPSK WPANONE

5) EncrypType can be NONE WEP TKIP AES

for more information refer to the Readme file

Step3 Configure the WLAN parameters


Configuring 80211g Wireless LANConfiguring 80211g Wireless LAN

bull The settings in etcWirelessRT2500START2500STAdat

CountryRegionmdashSets the channels for your particular country regionWirelessModemdashSets the wireless modeSSIDmdashSets the softAP SSIDNetworkTypemdashSets the wireless operation modeChannelmdashSets the channelAuthModemdashSets the authentication modeEncrypTypemdashSets encryption typeDefaultKeyIDmdashSets default key IDKey1Str Key2Str Key3Str Key4StrmdashSets strings Key1 to Key4TxBurstmdashWPA pre-shared keyWpaPskmdashEnables or disables TxBurstTurboRatemdashEnables or disables TurboRateBGProtectionmdashSets 11b11g protection (this function is for engineering testing only)ShortSlotmdashEnables or disables the short slot timeTxRatemdashSets the TxRateRTSThresholdmdashSets the RTS thresholdFragThresholdmdashSets the fragment threshold

Developing Your ApplicationDeveloping Your Application

Windows Tool Chain

AgendaAgenda

1) Windows Tool Chain Introduction

2) Development Process

3) Debugging with GDB

Windows Tool Chain IntroductionWindows Tool Chain Introduction

UC-7400rsquos Windows Tool Chain is a cross development environment that simulates the Linux root file system allowing users to develop applications on a Windows PC

The following topics are covered in this appendixbull 1048713 Introductionbull 1048713 Installation Procedurebull 1048713 Using the BASH Shellbull 1048713 GDB debug toolmdashInsight

Windows Tool ChainWindows Tool Chain

1 Operating System Windows 2000 or Windows XP

2 Minimum of 500 MB Hard Disk space

3 CD-ROM or equivalent

4 Ethernet to connect with UC-7400

5 Be able to login as administrator

6 Use a Windows username without spaces

7 You will be using a BASH shell window to enter commands

8 In addition for editing text files such as configuration files you should use vi editor (Unix editor) Do NOT use WordPad (Windows editor) which could cause problems when the files are transferred to a bona fide Linux environment

Developing ProcessDeveloping Process

Step1 Setting up the Development Environment on PC

Step2 Coding Compiling and Debugging on Windows Tool Chain

Step3 Deploying the Program to UC

x86

IXP-422

Step1 Setting up Developing EnvironmentStep1 Setting up Developing Environment

Install Windows Tool Chain on PC Windows 2KXPInstallation Tipsbull Default Install Path CUCCUCbull Default Text File Type Unix (Recommended)Unix (Recommended)

Utilitiesbull Moxa Bash Shellbull GDB debug toolmdashInsight

bull httpsourcesredhatcominsight

bull This process could take from 5 to 30 minutes depending on the speed of your system

x86

Code with CC++ Program on Moxa Bash Shell (PC Windows Tool Chain)

Compilelink the Source Codes with Tool-chain bull Compiler path setting

PATH=usrlocalmxscalebbinbull Compiling Helloc

Step2 Coding Compiling and DebuggingStep2 Coding Compiling and Debugging

Step3 Deployment Step3 Deployment

Upload the program to UCbull ftp 1921683127bull ftpgt binarybull ftpgt put hello-release

Running the program (At UC-7400 site)bull chmod +x hello-releasebull hello-release

chmod +x hello-release chmod +x hello-release

hello-release hello-release

HelloHello

Ethernet

PC Moxa Bash Shell 1 Compile with -ggdb 3 Insight Tool (GDB Client) 4 Target remote

UC 2 GDB Debug Server

Debugging with GDBDebugging with GDB

gdbserver 19216831272000 hello-debug gdbserver 19216831272000 hello-debug


chmod +x hello-debug

gdbserver 19216831272000 hello-debug

Process hello-debug created pid = 206

Step1 PC Moxa Bash Shell Compile the program with ndashggdb option then upload to UC

Step2 UC Called hello-debug with command


Step3 PC Insight Run GDB clientbull Open hello-debug filebull Connect to target

bull GCB ServerTCPbull 1921683200bull 2000


iptables Introductioniptables Introduction

AgendaAgenda

1) Quick View of iptables

2) Rules Chains Tables

3) Usage of iptables

4) Hands-ON Practice

1 Quick View of iptables1 Quick View of iptables

A User-space Command to setupmaintain the ldquoNetfilterrdquo sub-system of Kernel

ldquoNetfilterrdquo manages only the packet headers not the content

iptables is currently one of many FirewallNAT solutions to be an administration tool for set up maintain and inspect the tables of IP packet filter rules in the Linux kernel


Several different tables may be defined Each table contains a number of built-in chains and may also contain user-defined chains

Each chain is a list of rules which can match a set of packets Each rule specifies what to do with a packet that matches This is called a ldquotargetrdquo which may be a jump to a user-defined chain in the same table


3rd generation firewall on Linuxndash ldquoipfwadmrdquo on Linux Kernel V20Xndash ldquoipchainsrdquo on Linux Kernel V22Xndash ldquoipchainsrdquo ldquoiptablesrdquo on Linux Kernel V24Xndash ldquoiptablesrdquo on Linux Kernel V26X

Supports basic packet filtering as well as connection state tracking

UC-71107400 support only ldquoiptablesrdquo

AgendaAgenda

1) Firewall NAT and iptables




2) Rules Chains and Tables2) Rules Chains and Tables

2-1 First Match

2-2 Three Major Tables

2-3 Processing Packets

2-4 State Machine

2-1 First Match ndash The Highest Priority2-1 First Match ndash The Highest Priority

Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes

2-1 First Match 2-1 First Match

On WWW Server reject the attack from IP = 1921681100Rule 1 Drop the packets from 1921681100Rule 2 Accept WWW request packets from all the hostsRule 3 Drop all the none-WWW packets

Rule 1 Accept WWW request packets from all the hosts Rule 2 Drop the packets from 1921681100Rule 3 Drop all the none-www packets

1921681100 is able to use the WWW service or to attack WWW service port

2-2 Three 2-2 Three Major TablesMajor Tables

1) Filter Table

2) NAT Table

3) Mangle Table

2-2-1 Filter Table2-2-1 Filter Table

Mainly used for filtering packets The place that we actually take action against packets

and look at what they contain and ACCEPT DROP REJECT LOG them depending on their content

1 INPUT chain ndash packets enter the local host

2 OUTPUT chainndash packets output from the local host

3 FORWARD chainndash forward packets to other hosts

2-2-2 NAT Table2-2-2 NAT Table

Be used for NAT on different packets

to translate the packets source field or destination field

1) PREROUTING chain ndash to transfer the dst IP address (DNAT)

2) POSTROUTING chainndash this works after routing process and before Ethernet device process to transfer the source IP address (SNATMASQUARED)

3) OUTPUT chainndash to work for local producing packets

2-2-3 Mangle Table2-2-3 Mangle Table

This table is mainly be used for

mangling packets In other words you may freely use the mangle matches etc that could be used to change TOS (Type Of Service) and TTL fields It can also ldquoMARKrdquo the packets

1 PREROUTING chain

2 POSTROUTING chain

3 INPUT OUTPUT and FORWARD chain

2-3 Processing Packets2-3 Processing Packets

2-3-1 Destination Local Host

2-3-2 Source Local Host

2-3-3 Forward Packets

2-3-4 State Machine

2-3-1 Destination Local Host2-3-1 Destination Local Host


Incoming Packets

NAT Table PREROUTING

Local Process

Filter Table INPUT

2-3-2 Source Local Host2-3-2 Source Local Host


NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT

NAT Table POSTROUTING

Send Out Packets

2-3-3 Forwarded Packets2-3-3 Forwarded Packets



Local Resource


Other Hosts

Incoming Packets

Filter Table FORWARD

2-4 State Machine2-4 State Machine

AgendaAgenda





3) Usage of iptables3) Usage of iptables

3-1 Load iptables Modules

3-2 Define Default Policy

3-3 Structure of a Rule

3-4 Save Restore Rules

3-1 Load iptables Modules3-1 Load iptables Modules

Note ipchains and iptables are not compatible

3-1 Load iptables Module3-1 Load iptables Module

Check the Current Tablesiptables [-t tables] [-L] [-n]

Default Policy

3-1 Install iptables3-1 Install iptables

Clear Current Policy

3-2 Define Default Policy3-2 Define Default Policy

iptables ndasht filter nat mangle

ndashP INPUT OUTPUT FORWARD PREROUTING POSTROUTING

ACCEPT DROP


3-3 Structure of a Rule3-3 Structure of a Rule

3-3-1 Add Insert Delete an Replace Rules

3-3-2 Direction

3-3-3 Matches

3-3-4 Targets

3-3-1 Add Insert Delete and Replace3-3-1 Add Insert Delete and Replace


AI DR

ndash direction match target

3 major things needed

to be considered

ndashj

3-3-2 Direction ndash Chains3-3-2 Direction ndash Chains

a filter Table INPUT

OUTPUT

FORWARD

b nat Table PREROUTING

POSTROUTING

OUTPUT

c mangle table hellip

1 -p [proto] tcp udp icmp all

2 -s [IP] -d [IP]

3 --sport [port] --dport [port]

4 -m state --state [state] NEW ESTABLISHED INVALID RELATED

5 -m multiport [p1p2hellipp15]

6 -i [iface] -o [oface]

7 hellipetc

3-3-3 Matches - Conditions3-3-3 Matches - Conditions

3-3-4 Targets - Actions3-3-4 Targets - Actions

a filter Table ACCEPT DROP

QUEUE RETURN target extensions --LOG --ULOG --REJECT - -MIRROR

b nat table SNAT (only in POSTROUTING)

DNAT (only in PREROUTINGOUTPUT)

MASQUERADE (POSTROUTING)

REDIRECT (only in PREROUTING)


3-4 Save Restore Rules3-4 Save Restore Rules

It is highly recommended to use a script file to maintain the Netfilter rule instead of using this exported file (it is not a standard script file) Please refer to the Hands-ON practice

AgendaAgenda




4) Hands-ON Practice 1) Packet Filter2) NAT Machine

4-1 Packet Filter ndash Rules of filter table4-1 Packet Filter ndash Rules of filter table

Example 1 ndash Accept all the packets incoming from lo interface

Example 2 ndash Accept all the TCP packets incoming from

IP = 19216801

iptables ndasht filter ndashA INPUT ndashi lo ndashj ACCEPT

iptables ndasht filter ndashA INPUT ndashi eth0 ndashp tcp

ndashs 19216801 ndashj ACCEPT


Example 3 ndash Accept all the TCP packets incoming from the network

1921681024

Example 4 ndash Drop all the TCP packets incoming from IP = 192168125


ndashs 1921681024 -j ACCEPT


ndashs 192168125 ndashj DROP


Example 5 ndash Drop all the Incoming TCP packets with dst Port = 21

(forbid FTP Connection from eth0)

Example 6 ndash Accept TCP packets incoming from IP 192168024 to

local port number 137138 and 139


ndash ndashdport 21 ndashj DROP

iptables ndasht filter ndashA INPUT ndashi eth0 ndashp tcp ndashs

192168024 ndash ndashdport 137139 ndashj ACCEPT


Example 7 ndash Log all the IncomingOutgoing TCP packets with tofrom

Port = 25 (Log SMTP Service)

iptables ndasht filter ndashA INPUT ndashp tcp ndash ndashdport 25 ndashj LOG

Note UC7110 does not support the target ldquoLOGrdquo


Example 8 ndash Drop all the [syn] packets from IP = 192168100200

Example 9 ndash Drop all the packets from MAC = aabbccddeeff

iptables ndasht filter ndashA INPUT ndashp tcp ndashi eth0

ndashs 192168100200 ndash ndashsyn ndashj DROP

iptables ndasht filter ndashA INPUT ndashp all

ndashm mac-source aabbccddeeff ndashj DROP

Example 10 ndash Does not response to ldquopingrdquo

Example 11 ndash ICMP ldquopingrdquo burst

iptables ndasht filter ndashA INPUT ndashp icmp ndash ndashicmpndashtype 8

ndashj DROP

iptables ndasht filter ndashP INPUT DROP

iptables ndasht filter ndashA INPUT ndashp icmp ndashm limit 6min

ndash ndashlimit-burst 10 ndashj ACCEPT


Example 12 ndash Accept the Established Related packets of the local

host drop the Invalid packets and New packets which are trying to create new connection

iptables ndasht filter ndashA INPUT ndashp tcp ndashm state ndash ndashstate

ESTABLISHEDRELATED ndashj ACCEPT


INVALIDNEW ndashj DROP


Example 13 ndash Check the packet integrity

Example 14 ndash Enable the ldquoPassive Moderdquo FTP Service to a host

iptables ndasht filter ndashA INPUT ndashp all ndashm unclean ndashj DROP

modprobe ip_conntrack_ftp

iptables ndashA FORWARD ndashp tcp

ndashm state ndash ndashstate RELATED ndashj ACCEPT


Example 1 ndash Redirect the Connection Request of Port 80 to Port 8080

Example 2ndash Masquerade the incoming packets from 1921681024

to be local ppp0rsquos IP

iptables ndasht nat ndashA PREROUTING ndashp tcp ndash ndashdport 80

ndashj REDIRECT ndash ndashto-ports 8080

iptables ndasht nat ndashA PREROUTING ndashs 1921681024 ndasho

ppp0 ndashj MASQUERADE

4-2 NAT Machine4-2 NAT Machine


Example 3 ndash DNAT the incoming packet from eth0 (602486675) and

TCP Port 80 to internal Web sever 19216812710 80

Example 4 ndash Redirect the incoming packet of TCP Port 80 to

192168110 and TCP Port 80

iptables ndasht nat ndashA PREROUTING ndashp tcp ndashi eth0 ndashd 602486675 ndash ndashdport 80 ndashj DNAT ndash ndashto 1921681271080

iptables ndasht nat ndashA POSTROUTING ndashs 192168127024 ndashj SNAT ndash ndashto $OUT_IP

Thank YouThank You

OpenVPN 20OpenVPN 20Stephen Lin

OpenVPN 20OpenVPN 20

1) Cryptography Summery

2) OpenVPN 20

3) OpenVPN Configuration

4) Hands-On Practice

1) Cryptography Summery1) Cryptography Summery

1-1 What does cryptography solve

1-2 Symmetric Data Encryption

1-3 Hash (Digest) Function

1-4 Message Authentication Code

1-5 Asymmetric Data Encryption

1-6 Digital Signature

1-7 Certificate

1-8 Moxa UC7400

1-1 What does Cryptography solve1-1 What does Cryptography solve

Confidentiality bull Ensure that nobody can get knowledge of what you

transfer even if listening the whole conversation Integrity

bull Ensure that message has not been modified during the transmission

Authenticity bull You can verify that you are talking to the entity you think

you are talking to bull You can verify who is the specific individual behind that

entity Non-repudiation

bull The individual behind that asset cannot deny being associated with it

1-2 Symmetric Data Encryption1-2 Symmetric Data Encryption

Fast High Efficiency for data transmission

Is it ldquosecurerdquo while transferring the key

Maintains of the keys (n-1)n 2 keys

DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption

1-3 Hash (Digest) Function1-3 Hash (Digest) Function

Ensure Date Integrity

MD5SHA-1

Tom

Data

Bob

Data

Hash FunctionHash Function

＋

Message Message Digest 1Digest 1

Same Hash FunctionSame Hash Function

＋Hash FunctionHash Function


Message Digest1Message Digest1 DataData

Compare

1-4 Message Authentication Code 1-4 Message Authentication Code

Ensure the Data Integrity

Use a key to protect the MAC

HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData

1-5 Asymmetric Encryption1-5 Asymmetric Encryption

Things to rememberbull Key Pair ndash PublicPrivate keysbull In a session one for encryption and the other one

for decryptionbull ldquoPublic Keyrdquo can be deployed everywherebull The relation between the two keys is unknown and from

one key you cannot gain knowledge of the other even if you have access to clear-text and cipher-text

bull The two keys are interchangeable All algorithms make no difference between public and private key When a key pair is generated any of the two can be public or private

bull Less efficient than Static Keybull RSADiff-Hellman

g$5knvMdrsquorkg$5knvMdrsquorkvegMsrdquovegMsrdquo

Clear Clear texttext

EncryptionEncryption

1-5 Asymmetric Data Encryption1-5 Asymmetric Data Encryption

Tom

Plaintext

Bob

ciphertextEncryption Decryption

Bobrsquos Public KeyPlaintex

tBobrsquos Private Key

Recipientrsquos Key Pair

Confidentiality Check


Tom

Plaintext

Bob


Tomrsquos Private KeyPlaintex

tTomrsquos Public Key

Senderrsquos key pair

Authenticity Check

1-6 Digital Signature1-6 Digital Signature

Real World ndash Hybrid 1 Data Integrity2 Authenticity3 Non-repudiation4 Algorithm ndash Use the public key and Hash

1-6 Digital Signature - Creating1-6 Digital Signature - Creating

3kJfgfpound$amp3kJfgfpound$ampPy75cbnPy75cbn

This is the This is the document document created by created by GianniGianni

Message or FileMessage or File Digital SignatureDigital SignatureMessage DigestMessage Digest

Calculate a short message Calculate a short message digest from even a long input digest from even a long input using a one-way message using a one-way message digest function (hash)digest function (hash)

Signatorys Signatorys private keyprivate key

privpriv

GenerateGenerateHashHash

SHA MD5SHA MD5

AsymmetricAsymmetricEncryptionEncryption

RSARSA

This is the This is the document document created by created by GianniGianni 3kJfgfpound$amp3kJfgfpound$amp

SignedSignedDocumentDocument

(Typically 128 bits)(Typically 128 bits)

1-6 Digital Signature - Verifying1-6 Digital Signature - Verifying


3kJfgfpound$amp3kJfgfpound$amp


Py75cbnPy75cbn

Message DigestMessage DigestGenerateGenerate

HashHash

Giannis public keyGiannis public key(from certificate)(from certificate)

AsymmetricAsymmetricDecryptionDecryption

pubpub

DigitalDigitalSignatureSignature

Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data



MACEncryption Decryption


Tomrsquos Private Key Tomrsquos Public Key

Digital SignatureDigital Signature

Digital Signature

1-7 Certificate1-7 Certificate

The simplest certificate just containsbull A public key (for Stephen)bull Information about the entity that is being certified to own that public key

hellip and the whole isbull Digitally signed by someone trusted (like your friend or a CA)

2wsR46frd2wsR46frdEWWrswe(EWWrswe(^$G^^$G^DvtrsdFDfDvtrsdFDfd367d367

pubpub

3kJfgfpound3kJfgfpound$amp4dser4$amp4dser4358g6gd7d358g6gd7dTTCertificateCertificate

This public This public key belongs key belongs to to StephenStephen

DigitalDigitalSignatureSignatureCan be a person a computer Can be a person a computer

a device a file some code a device a file some code anything hellipanything hellip

1-7-1 CA Certificate 1-7-1 CA Certificate

PrivPriv pubpub

Certification Server

CA generatesCA generatesa key paira key pair

Private Key and Private Key and Certificate are Certificate are

sent to the usersent to the user

pubpub

DSDS

CertCert

pubpub

DSDS

CertCert

User request a User request a certificate to CAcertificate to CA

CA generatesCA generatescertificatecertificate

PrivPriv

Right Cert signed by CA

Leftt Cert signed by CA

CA Pub Key signed by CA

1-7-1 CA Certificate Example1-7-1 CA Certificate Example

CACA Private Key

Left Right

Trusts

Left Priv Key signed by CA

CA Pub Key

Right Priv Key signed by CA

CA Pub KeyCA Pub Key Left Cert signed by CA


1-7-2 SSLTLS1-7-2 SSLTLS

PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2

Transmission over the public network

Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub

Ensures confidentialitybull And integrity if digitally

signed

Depending on how public key are exchanged

bull Authenticity Identity Non-repudiation

pubpub

1-8 Moxa UC7400 - Hardware Cipher1-8 Moxa UC7400 - Hardware Cipher

Intel Xcale Supports bull Security Engines DES AESbull Algorithm methods ECB CBC ECR

Moxa wrap hardware acceleration inside algorithm APIs of ldquolibcryptosordquo bull No need to change the source codes

1-8-1 Moxa Accelerated Algorithm 1-8-1 Moxa Accelerated Algorithm ndash OpenSSL 097 ndash OpenSSL 097

DES_cbc_encrypt

DES_ede3_cbc_encrypt

AES_cbc_encrypt

AES_ctr_encrypt

bull We wrap ECB mode at a higher level (libsslso) which openssl wraps too

1-8-2 Performance1-8-2 Performance

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

8AES128CBCAES128CBCRATE

0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher

1-8-3 Things to be noticed1-8-3 Things to be noticed

Moxa UC-7400 switches the operations between the software and the hardware approachesbull Default Hardware Approachbull Any mis-configuration or business causes the

switch

Small packets are switched to software approachbull DES 128 bytesbull 3DESAES 64 bytes

1-8-4 Software Package1-8-4 Software Package

Driverbull mxhw_ciphero

Device Filebull mknod devmxcrypto c 11 131

Test Programbull io correctness test bull io 0 5000 stability test bull io 1 golden pattern bull io 2 20000 performance test

AgendaAgenda


2) OpenVPN 20



2) OpenVPN 20 2) OpenVPN 20

2-1 Virtual Private Network

2-2 Why OpenVPN

2-3 OpenVPN Modes

2-1 Virtual Private Network2-1 Virtual Private Network

2-1 VPN AdvantagesDisadvantage2-1 VPN AdvantagesDisadvantage

VPN a network that is constructed by using public wires (eg internet) to connect nodes

VPN encrypt all network traffic not just a few application protocols (like SSL SSH etc)

VPN allows the usage of protocols which are insecure by themselves

VPNs cannot be controlled and logged easily because of their encrypted nature

2-2 Why OpenVPN2-2 Why OpenVPN

Usabilitybull Open Source (GPL)bull Full featured SSL VPN Solutionbull Easy to configure secure tunnelbull NATDHCP supportbull Can use a 2048 bit shared key or

digital certificates (PKI)

Portability ndash Supports most of the platformsbull Linux Solaris Mac OS Xbull OpenBSD FreeBSD NetBSDbull Windows2000-SP4WindowsXP-SP1 or later


Peers ndash each node with a clientserver rolebull In use of kernel routingbull Multiple clients

A user-space programbull A full-featured SSL-VPN solutions

bull on top of existing SSLTLS mechanism bull options between a set of security algorithms

bull Can tunnel any IP (layer 3) or Ethernet (layer 2) over a single UDP (50001194) or TCP port

2-2 OpenVPN Security 2-2 OpenVPN Security

Two Authentication Modesbull Static Key Use pre-shared bull SSLTLS Use SSLTLS + Certificates for

bull Authentication bull Key exchange

The encrypted packet is formatted asbull SeqN 64-bit sequence numberbull IV plain text initial vector randomized per packet

HMAC IV SeqN V IPs payload

encrypt

HMACW IPs

2-2 OpenVPN vs IPSec2-2 OpenVPN vs IPSec

OpenVPNbull User-space daemonbull SSLTLSbull portability across

operating systemsbull firewall and NAT-

friendly bull dynamic address

support

IPSecbull Kernel-space IP stack bull each operating system

requires its own independent implementation of IPSec

bull IETF Standard - multi-vendor support

2-3 OpenVPN Modes2-3 OpenVPN Modes

Bridging and Routing are two methods of linking systems via a VPN

Routed IP tunnels (layer 3)

Bridged Ethernet tunnels (layer 2)

Suitable for Connectionsbull Site-to-Sitebull Dynamic Site-to-Sitebull (Dynamic) Client-to-Site

Dynamic FirewallNATDHCP friendly

2-3-1 Routed IP Tunnels (TUN Mode)2-3-1 Routed IP Tunnels (TUN Mode)

Uses TUN Mode(device) a virtual point-to-point IP link that combines the inner interface together with TUN

Use the kernel routings to forward the packets

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)


Routed IP Advantages1 Point-to-point2 Easier to configure3 Efficiency and scalability 4 Allows better tuning of MTU for efficiency

Routed IP Disadvantages1 Clients must use a WINS server (such as samba) to

allow cross-VPN network browsing to work 2 Routes must be set up linking each subnet 3 Software that depends on broadcasts Will Not see

those machines on the other side of the VPN 4 Works only with IPv4 in general and IPv6 in cases

where tun drivers on both ends of the connection support it explicitly

2-3-2 Bridged Ethernet Mode (TAP Mode)2-3-2 Bridged Ethernet Mode (TAP Mode)

Uses ldquoTAPrdquo mode a TAP device is a Virtual Ethernet Adapter

Bridge tools (bcrtl) are required to create the virtual adapters

Need to create a script to bind eth1 and tap0 together into a bridged device called br0


brctl addbr br0 create an ethernet bridge

brctl addif br0 eth1 connect interface eth1 as a port

brctl addif tap0 connect virtual interface tap0 as a port

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0

2-3-2 Bridged Ethernet Mode (TAP 2-3-2 Bridged Ethernet Mode (TAP Mode)Mode)

Bridging advantages1 Point to Point point to multi-point2 Broadcasts traverse the VPN -- this allows browsing

of Windows file shares across the VPN without setting up a Samba or WINS server

3 No route statements to configure4 Works with the VPN needs to be able to handle non-

IP protocols such as IPX Netware and AppleTalk5 Relatively easy-to-configure solution for road

warriors

Bridging disadvantages1 Less efficient than Routing and does not scale well

AgendaAgenda


2) OpenVPN 20



3) OpenVPN Configuration3) OpenVPN Configuration

3-1 Getting Started

3-2 TUN Configuration

3-3 TAP Configuration

3-4 SSLTLS ndash X509 Dynamic Keys

3-1 Getting Started3-1 Getting Started

ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]

3-1 Getting Started 3-1 Getting Started

Create a Working Directory (recommended) mkdir etcopenvpn

Check for TUN Modules if not ls devnet look for a character device ldquotunrdquo mknod devtun c 10 200

Load necessary modules modprobe tun modprobe bridge

Generate a (pre-shared) key openvpn --genkey --secret [KeyName]

Self Diagnostic openvpn --test-crypto --secret [KeyName]


Enable IP Forwarding echo ldquo1rdquo gt procsysnetipv4ip_forwardor vi etcsysctlconf modify ldquonetipv4ip_forward = 1rdquo

Create Start Bridge Interface using Moxa Script openvpn-bridge [start stop restart]

Check the CiphersAuthentication Support openvpn --show-ciphers openvpn --show-digests

Create TUN Configuration Files vi etcopenvpntunserverconf

[At VPN Client] vi etcopenvpntunclientconf

3-2 TUN Server Configuration 3-2 TUN Server Configuration

LocalRemote VPN IP address must be specified

It is NECESSARY to specify the Server Address at VPN Client


Edit the Static Routings vi etcopenvpntunserversh

chmod +x etctunserversh

[At VPN Client] vi etceopenvpntunclientsh chmod +x etctunclientsh

Start OpenVPN with the configuration file openvpn --config etctunserverconf amp openvpn --config etctunclientconf amp

2nd argument of ldquoifconfigrdquo which is now ldquo1002254rdquo

Create TAP Configuration Files vi etcopenvpntapserverconf

[At VPN Client] vi etcopenvpntapclientconf

3-3 TAP Configuration ndash VPN Server3-3 TAP Configuration ndash VPN Server

Mark this line if both VPN Networks are in the same subnet



[At VPN Client] vi etcopenvpntapclientsh chmod +x etctapclientsh

Pointed to the Kernel Routing br0 = 1001254


Start the Bridge device vi openvpnopenvpn-bridge

chmod +x etcopenvpnopenvpn-bridge etcopenvpnopenvpn-bridge start

Start OpenVPN with the configuration file openvpn ndashconfig etcopenvpntapserverconf amp openvpn ndashconfig etcopenvpntapclient amp

3-4-1 SSLTLS ndash Dynamic Keys3-4-1 SSLTLS ndash Dynamic Keys

Edit the OpenSSL Configuration File on a Linux PC vi usrsharesslopensslcnf Pre-input the default_days default_bits hellip etc

Create New CA root Key Pair usrsharesslmiscCA -newca

Create New Client Private Key and new Certificate Request usrsharesslmiscCA -newreq

Certificate Sign-in usrsharesslmiscCA ndashsign

Copy the CA root certificate client private key and the client certificate to the first client

Have the second client certificated

3-4-2 OpenVPN ndash ldquoeasy-rsardquo tools3-4-2 OpenVPN ndash ldquoeasy-rsardquo tools

Copy the ldquoeasy-rsardquo to the working directory cp ndashr openvpn-20easy-rsa etcopenvpn

modify the vars file vi etcopenvpneasy-rsavars

Activate the vars etcopenvpneasy-rsavars

Create CA root key etcopenvpneasy-rsabuild-ca

Create VPN Server Private Key and Certificate etcopenvpneasy-rsabuild-key server


Create VPN Client private Key and Certificate etcopenvpnbuild-key client

Create Diff-Hellman Parameters etcopenvpnbuild-dh 1024

Copy the CA certificate (cacrt) Server key (serverkey) and Server certificate (servercrt) to VPN Server

Copy the CA certificate Client key and certificate to VPN Client

ldquoeasy-rsardquo tools also work on UC7400 series

3-4-3 Configuration File Modification3-4-3 Configuration File Modification

txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20

3) Open VPN Configuration


Live DemoLive Demo

UC-7420 DEMO BOXUC-7420 DEMO BOX

Two of its serial ports connectedto a Power Meter and Thermocouple

Two LAN ports plus an optional Wi-Fi function making it a good tool for transmitting data from remote sites to a central site

The rest of the serial ports are looped back in lsquoburn-in modersquo to demonstrate UCrsquos high performance and reliability

Demo Box FeaturesDemo Box Features

Software Block DiagramSoftware Block Diagram

Temperature Range 0 to 500degC

Left side for high range 0 to 300 VDC amp Right side for low range 0 to 20 VDC

UCrsquos LCM amp keypad (F1-F5)UCrsquos LCM amp keypad (F1-F5)

F1 Monitoring Temperature rarr Voltage rarrThroughput for P3 to P8

F2 System Status LANrsquos IP rarr Wi-Firsquos IP rarr CPU loading rarr Available Memory

F3 Alarm Setting Temperature rarr Voltage rarr burning throughput

F4 Configuration Key

F5 Main Menu

Apache Web with CGI amp HTMLApache Web with CGI amp HTML

Seat Locating SystemSeat Locating System

Score Query SystemScore Query System

AppendixAppendix

What is the wireless PCMCIA card support status in 80211gbull UC-7420s built-in Wireless driver supports Intersil Prism 20

chipset PCMCIA cardbull The compatible Wireless cards are

Supplier Model name

ASUS WL-107g

CNET CWC-854(181D version)Edmiax EW-7108PCgAmigo AWP-914WGigbyte GN-WMKGOthers which use R-Link chip set

Thank YouThank You

0913 Topic

1400-1520Universal Communicator ndash Part I

1520-1540 Coffee Break

1540-1700 Universal Communicator ndash Part II

1700-1800 UC Exam

1800 Dinner

2005 MTSC UC-74002005 MTSC UC-7400

2005 MTSC UC-74002005 MTSC UC-7400




Live Demo





UC-7420 UC-7410 UC-7408 UC-7110


RAM 128MB 16MB

Flash 32MB 8MB

LAN 10100 Mbps x 2

RS-232422485 8 2










Keypad 5 5 NA NA

Real Time Clock Yes

Buzzer Yes







HTTPNTPNFSSMTPPPP

SSHv1020SSLOpenVPN



HTTPNTPNFSSMTPPPP














WLAN 80211b

(Prism2025)

80211b (Prism2025)

80211b (Prism2025) 80211g


USB Client NA NA NA





iptable NA NA Yes

OpenVPN NA NA Yes


Crontable NA NA Yes

upfirm NA Yes Yes

backupuf NA Yes Yes



Directory Change










1 Introduction


2 How the WDT works


3 The user API


CrontabCrontab




3 Example


(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)


0-59 0-23 1-31 1-12 0-6 (0 is Sunday)










special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

2005 MTSC UC-74002005 MTSC UC-7400




Live Demo





UC-7420 UC-7410 UC-7408 UC-7110


RAM 128MB 16MB

Flash 32MB 8MB

LAN 10100 Mbps x 2

RS-232422485 8 2










Keypad 5 5 NA NA

Real Time Clock Yes

Buzzer Yes







HTTPNTPNFSSMTPPPP

SSHv1020SSLOpenVPN



HTTPNTPNFSSMTPPPP














WLAN 80211b

(Prism2025)

80211b (Prism2025)

80211b (Prism2025) 80211g


USB Client NA NA NA





iptable NA NA Yes

OpenVPN NA NA Yes


Crontable NA NA Yes

upfirm NA Yes Yes

backupuf NA Yes Yes



Directory Change










1 Introduction


2 How the WDT works


3 The user API


CrontabCrontab




3 Example


(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)


0-59 0-23 1-31 1-12 0-6 (0 is Sunday)










special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





UC-7420 UC-7410 UC-7408 UC-7110


RAM 128MB 16MB

Flash 32MB 8MB

LAN 10100 Mbps x 2

RS-232422485 8 2










Keypad 5 5 NA NA

Real Time Clock Yes

Buzzer Yes







HTTPNTPNFSSMTPPPP

SSHv1020SSLOpenVPN



HTTPNTPNFSSMTPPPP














WLAN 80211b

(Prism2025)

80211b (Prism2025)

80211b (Prism2025) 80211g


USB Client NA NA NA





iptable NA NA Yes

OpenVPN NA NA Yes


Crontable NA NA Yes

upfirm NA Yes Yes

backupuf NA Yes Yes



Directory Change










1 Introduction


2 How the WDT works


3 The user API


CrontabCrontab




3 Example


(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)


0-59 0-23 1-31 1-12 0-6 (0 is Sunday)










special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






HTTPNTPNFSSMTPPPP

SSHv1020SSLOpenVPN



HTTPNTPNFSSMTPPPP














WLAN 80211b

(Prism2025)

80211b (Prism2025)

80211b (Prism2025) 80211g


USB Client NA NA NA





iptable NA NA Yes

OpenVPN NA NA Yes


Crontable NA NA Yes

upfirm NA Yes Yes

backupuf NA Yes Yes



Directory Change










1 Introduction


2 How the WDT works


3 The user API


CrontabCrontab




3 Example


(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)


0-59 0-23 1-31 1-12 0-6 (0 is Sunday)










special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





WLAN 80211b

(Prism2025)

80211b (Prism2025)

80211b (Prism2025) 80211g


USB Client NA NA NA





iptable NA NA Yes

OpenVPN NA NA Yes


Crontable NA NA Yes

upfirm NA Yes Yes

backupuf NA Yes Yes



Directory Change










1 Introduction


2 How the WDT works


3 The user API


CrontabCrontab




3 Example


(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)


0-59 0-23 1-31 1-12 0-6 (0 is Sunday)










special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






1 Introduction


2 How the WDT works


3 The user API


CrontabCrontab




3 Example


(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)


0-59 0-23 1-31 1-12 0-6 (0 is Sunday)










special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

CrontabCrontab




3 Example


(19216801)

Mm (Month)

H (Hour)

Dom (Date)

Mon (Month)


0-59 0-23 1-31 1-12 0-6 (0 is Sunday)










special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You









special baud rates





New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


New utility Upfirm






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






version




utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



utility upfirmldquo





upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



upramdisk

cd mntramdisk










IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






IEEE80211g





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





address 1921685127

network 19216850

netmask 2552552550






















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


















Windows Tool Chain

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

AgendaAgenda




















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

















x86

IXP-422






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






x86










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You










HelloHello

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

Ethernet
















AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You












AgendaAgenda
















AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You












AgendaAgenda






2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


2-1 First Match



2-4 State Machine


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


Packets

Rule 1

Rule 10

Default Policy

Action 1

Action 2

No

No

Yes

Yes

Rule 2

No

Action 10Yes






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






1) Filter Table

2) NAT Table

3) Mangle Table
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You
















1 PREROUTING chain

2 POSTROUTING chain






2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





2-3-4 State Machine



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



Incoming Packets


Local Process

Filter Table INPUT



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



NAT Table OUTPUT

Outgoing Packets

Filter Table OUPUT


Send Out Packets




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You




Local Resource


Other Hosts

Incoming Packets



AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


AgendaAgenda














Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You










Default Policy






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






ACCEPT DROP




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You




3-3-2 Direction

3-3-3 Matches

3-3-4 Targets



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



AI DR



to be considered

ndashj



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



OUTPUT

FORWARD


POSTROUTING

OUTPUT



2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


2 -s [IP] -d [IP]





7 hellipetc












AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You











AgendaAgenda








IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You




IP = 19216801






1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



1921681024






























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

























ndashj DROP


































Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






























Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You




2) OpenVPN 20










1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You








1-7 Certificate

1-8 Moxa UC7400













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You













DES3DESAESBlowfish

Tom Bob

Plaintext

Plaintext

Ciphertext

Encryption

Secret Key

Decryption



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



MD5SHA-1

Tom

Data

Bob

Data


＋






Compare




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You




HMACCBC-MAC Tom

Data


＋


Bob

Data



MACEncryption


Decryption

Compare

Secret Key

MACMAC DataData











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You











Tom

Plaintext

Bob







Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


Tom

Plaintext

Bob





Authenticity Check









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You









privpriv


SHA MD5SHA MD5


RSARSA








Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





Py75cbnPy75cbn


HashHash



pubpub


Py75cbnPy75cbn

Compare Compare

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

DataData


Tom

Data



＋＋Compare

Bob

Data







Digital Signature





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





pubpub






PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


PrivPriv pubpub





pubpub

DSDS

CertCert

pubpub

DSDS

CertCert



PrivPriv





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





CACA Private Key

Left Right

Trusts


CA Pub Key





PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


PrivPriv

pubpub PrivPriv

pubpub

Clear text

Encrypt

Cipher 1

Encrypt

Cipher 2


Cipher 2

Cipher 1

Decrypt

Clear text

Decryptpubpub


signed



pubpub





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





DES_cbc_encrypt


AES_cbc_encrypt

AES_ctr_encrypt



0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7

83DESCBC3DESCBCRATE

0

10

20

30

40

50

60

70

80

128 256 384 512 640 768 896 1024 1152 12800

1

2

3

4

5

6

7


0

1

2

3

4

5

6

7

8

16 32 64 80 96 112 128 1440

05

1

15

2

25AES128CBC

AES128CBC

RATE

012

3456

789

16 32 64 80 96 112 128 1440

05

1

15

2

253DESCBC

3DESCBC

RATE

= HW Cipher



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



switch






AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





AgendaAgenda


2) OpenVPN 20





2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You



2-2 Why OpenVPN

2-3 OpenVPN Modes





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





















encrypt

HMACW IPs





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You





support













Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You










Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

ApplicationOpenVPN

TUN (3rd)















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You















Physical

Data-Link

Network

Transport

Session

Presentation

Application

Physical

Data-Link

Network

Transport

Session

Presentation

Application

Bridging

OpenVPN

TUN (3rd)TAP (2nd)

eth1 eth1eth0 eth0

tap0 tap0






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






warriors


AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

AgendaAgenda


2) OpenVPN 20




3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


3-1 Getting Started





ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You


ixp019216812201

ixp0 19216812202

gw 1001254IP 1001124

gw 1002254IP 1002124

LAN A LAN B

VPN Tunnel

Connect

1001254

[VPN Server]

1002254

[VPN-Client]

ixp1 ixp1

[CATLS Server]






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You






















































txxserverconf

txxclienconf

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

AgendaAgenda


2) OpenVPN 20



Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

Live DemoLive Demo














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You














F5 Main Menu




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You




AppendixAppendix



Supplier Model name

ASUS WL-107g


Thank YouThank You

Thank YouThank You

2005 mtsc uc-7400 thomas cheng aug-2005. 09/13topic 14:00-15:20 universal communicator – part i...

Documents

iptables slide

hellodebug slide

x iptables

gdb slide

release hello slide

iptables introduction

x hellodebug

firmware slide