vpn intro by dongshuzhao
DESCRIPTION
@dongshuzhao同学的vpn系统介绍TRANSCRIPT
![Page 1: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/1.jpg)
A VPN Systemwith User Authenticationand Bandwidth Control
董淑照Dong Shuzhao
Harbin Institute of Technology at [email protected]
Oct. 9, 2010
OpenSalonConference 2
![Page 2: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/2.jpg)
Introduction to VPN
![Page 3: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/3.jpg)
What is VPN?
![Page 4: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/4.jpg)
What is VPN?
A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network.
![Page 5: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/5.jpg)
What is VPN?
An IP tunnel between hosts or routers to extend the reach of a subnet. The tunnel may be encrypted. Tunnel creation may need authentication process. Traffic may be subject to accounting, logging and
firewalling.
![Page 6: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/6.jpg)
Use of VPN
Remote intranet access For companies, schools
Data encryption Public networks, Wi-fi
Access control within intranet Network authentication
![Page 7: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/7.jpg)
VPN Solutions
PPTP Point-to-Point Tunneling Protocol Security vulnerabilities
L2TP Layer 2 Tunneling Protocol Improvement of PPTP
SSL VPN OpenVPN Totally application layer protocol
![Page 8: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/8.jpg)
Principles of GFW
![Page 9: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/9.jpg)
Principles of GFW
IP Block DNS Tampering DNS Pollution Content Filtering ...
![Page 10: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/10.jpg)
IP Block
twitter.com 128.242.240.20
![Page 11: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/11.jpg)
IP Block
Weakness Change of IP address Dynamic IP
Solution Change a secure DNS server Modify 'hosts' file
![Page 12: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/12.jpg)
DNS Tampering
![Page 13: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/13.jpg)
DNS Tampering
Weakness Only control of DNS servers in Chinese mainland
Solution Change to a foreign DNS server
![Page 14: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/14.jpg)
DNS Pollution
![Page 15: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/15.jpg)
DNS Pollution
![Page 16: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/16.jpg)
DNS Pollution
Weakness ?
Solution ?
![Page 17: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/17.jpg)
Content Filtering
![Page 18: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/18.jpg)
Content Filtering
Weakness ?
Solution ?
![Page 19: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/19.jpg)
VPN & GFW
![Page 20: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/20.jpg)
VPN & GFW
![Page 21: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/21.jpg)
VPN with Routing Table
![Page 22: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/22.jpg)
VPN with Routing Table
chnroutes http://code.google.com/p/chnroutes/
Distinguishing lines Chinese (mainland) IPs: original route Foreign Ips: via VPN
![Page 23: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/23.jpg)
Implementation of VPN System
![Page 24: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/24.jpg)
System Overview
![Page 25: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/25.jpg)
Distributed Structure
![Page 26: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/26.jpg)
Database Schema
![Page 27: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/27.jpg)
User Authentication
saslauthd pam-mysql /etc/pam.d/openvpn DB Fields: username, password, active
OpenVPN PAM plugin
PPTP VPN pppd-sql http://freshmeat.net/projects/pppd-sql
![Page 28: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/28.jpg)
Logging
Script hook connect.sh
Create a new record with begin time, ip, port, etc. disconnect.sh
Fill back previous record with end time, bandwidth usage, etc.
![Page 29: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/29.jpg)
Bandwidth Control
disconnect.sh Check log and set active to 0 if bandwidth limit
exceeded Lock expired users
cron /etc/cron.hourly/openvpn Unlock users whose bandwidth roll back Lock expired users
![Page 30: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/30.jpg)
VPN Control Panel
PHP jQuery
flexigrid
![Page 31: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/31.jpg)
Mailing System
DNS MX Record Sendmail (or Exim, Qmail...)
Sending in Shell login alerts, bandwidth alerts, expiration alerts
Sending in PHP password alerts, invitations, password reset mail() function in PHP
![Page 32: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/32.jpg)
Further Improvements
P2P Prevention Kernel modules
Real-time User Management Killing an online user Disconnect immediately after bandwidth run out
Billing System Paypal Interface Alipay Interface
![Page 33: Vpn intro by dongshuzhao](https://reader034.vdocuments.mx/reader034/viewer/2022042813/54bf62e94a79595d098b46c9/html5/thumbnails/33.jpg)
THE END