VPN server
Content
Chapter :1 Introduction
VPN Server is a vertual private network used by organization & companies to interact with their company server from a distance location other than their home network. It is a way to connect to home network securely over internet. It encapsulates data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks.
Figure 1.1General View of VPN Server
It aims to avoid an expensive system of owned or leased lines that can be used by only one organization. VPN Server performs four critical functions which are as follows: 1. Authentication ± validates that the data was sent from the sender. 2. Access control ± limiting unauthorized users from accessing the network. 3. Confidentiality ± preventing the data to be read or copied as the data is being transported. 4. Data Integrity ± ensuring that the data has not been altered.
Page 1
His
y
Until t nd of t 1990s, net orked computers were connected t rough expensi e
leased lines and/or dial-up phone lines.means they use spcific line to interect to their home network/server from a remote location for e.g.
Figure 1.2 Older Ways to connect remotely Virtual Private Networks reduce network costs because they avoid a need for many leased lines that individually connect remote offices (or remote users) to a private Intranet (internal network). Users can exchange private data securely, making the expensive leased lines unnecessary. VPN technologies have a myriad of protocols, terminologies and marketing influences that define them. For example, VPN technologies can differ in:
y y y y y
The protocols they use to tunnel the traffic. The tunnel's termination point, i.e., customer edge or network provider edge . Whether they offer site-to-site or remote access connectivity. The levels of security provided. The OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity.
Page 2
There are Three Types of connection method used by VPN Server to connect to remote user which are as follows:
y
Direct TCP/IP Connection
y
Connection Via HTTP Prox Server
y
Connection Via SOCKS Prox Server
Page 3
The Advantage Of Vpn Server
If you are searching to create your personal vpn server, then you have many different alternatives accessible. This actually is not a a valuable thing as it will make creating your VPN very hard, especially if you¶re only starting out. In order to save you some time I¶ll recommend what I feel may be the absolute best software remedy regarding establishing any VPN host on any kind of operating system. Open VPN is you need simply because not only is a very secure but it¶s free of charge and incredibly an easy task to setup when you are aware how. Keep reading to find out why you should seriously consider this particular computer software if you considering setting up your own personal VPN machine, particularly if it is your first time wanting to do that. Web Television has become a very popular alternative to satellite tv methods. By using a VPN service, you may make your personal computer seem to be positioned in virtually any region in the world including the Us all and also the UK. By doing this you can efficiently avoid virtually any constraints based on watching TV on board whether it be via world wide web obstructing in some countries or via televison broadcasting restrictions coming from United kingdom tv shows. It is a simple procedure to utilize VPNs to gain access to Television applications all over the world which is authorized. Thus take into account getting a VPN these days so that you can view any plan you need through around the globe. Having a vpn server, you are getting use of a quick host that won¶t slow down your online connection like the majority of some other World Wide Web providers or companies. Having a VPN machine, additionally you have the added good thing about total level of privacy when you use the web. You can watch whatever plans you want, in a nation, whenever you want sufficient reason for complete level of privacy. It is possible to guard the identity online utilizing a personal VPN consideration. With the rising number of cyber offences, on the internet privacy has become a real problem. Furthermore, the actual emergence associated with social media sites and also weblogs makes this extremely difficult for anyone to stay anonymous on the internet. On the web privacy is nearly not possible to maintain. Most people have no idea which cyber crooks will get use of your own credit card information just by sniffing your web targeted traffic (as with wifi hot spots). Amazingly, governing bodies at the center Far east as well as China are using Internet protocol address to locate laptop computer using their very own individuals. The fact is you don¶t would like
Page 4
everybody in the planet to know who you are and what you are doing on the internet. This is how a Virtual Exclusive System (VPN) accounts can assist you out there. By using a VPN support, it hides your online activity. It can this particular by encrypting everything proceeding from the pc towards the vpn server. If you enter an internet site deal with, your personal computer transmits an email for the VPN host to get the web page you¶ve requested. This way the browsing background will be concealed from the ISP or even business as well as your level of privacy is actually protected. In fact, without the VPN, these details would be easy to get at for your ISP in order to cyber terrorist smelling your computer data, as your traffic would not be protected.
Page 5
Chapter 2: Literature Surve
A literature review is part of a research project where a researcher researches on similar work to his or hers. This very important part of the research helps the researcher to find out how other researchers have tackled the problem he/she is attempting to solve. It gives insight on how to go about solving the problem at hand and provides information on available technologies and tools for solving the problem. This literature review provides an overview of various areas of research in VPN Server like Security, anti Hacking, Firewall, Networking, Protocol to be used, data rate, speed of transmission etc. Additional literature is considered which provides a general overview of the topic. Some case study literature is included with an emphasis on library science studies. This literature review is then applied to a case study migration project at the University of North Carolina at Chapel Hill in order to determine where the literature was helpful and where not, as well as where more research may be needed. Conclusions are drawn that the theoretical literature is quite comprehensive, but that literature having more practical application could certainly be strengthened. The primary areas of discussion on VPN Server encompass the following categories: a general overview of VPN Server with basic technical guidelines like how to install Server, general problem occur during installation, firewall, connectivity in network, safety transmission, protect from hacker¶s attack, etc VPN Server provides a way to connect our system from a remote place to our home or corporate server, so this are the basic areas where literature Survey is helpful.
Page 6
Chapter 3: Methedolog
How VPN Server Work
A VPN server itself is simply a server that is connected to a virtual private network. A virtual private network, or VPN, is a network that is able to channel through the Internet in order to connect a multitude of users, servers, and devices together. VPNs can also include other networks, such as local area networks, and are encrypted to ensure that only users who have the proper authorizati n o are able to access them. VPN networks are dependent on both a server and a client, with a server being the device that hosts the main files and a client being all other devices that connect to the server.
Client and Server
A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer. It is generally µalways on¶ and listening for VPN clients to connect to it.
A VPN Client is most often a piece of software but can be hardware too. A client initiates a µcall¶ to the server and logs on. Then the client computer can server network can communicate. They are on the same µvirtual¶ network. Many broadband routers can pass one or more VPN sessions from your LAN to the Internet. Each router handles this differently. VPN Language There are two major languages or protocols that VPN s speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec Internet Protocol Security. Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work. PPTP has good encryption and also features authentication for verifying a user ID and password. IPSec is pureley an encryption model and is mutch safer but does not include authentication routines. A third standard, L2TP is IPSec with authentication built in.
Page 7
Protocol U ed B VPN Server
y
General IPsec IPSec provides confidentiality and integrity protection for transmitted information, authentication and destinations, and anti replay protection. Two main network protocols, Encapsulating Security payload (ESP) and Authentication header (AH), are used to achieve this goals. All other parts of the IPSec standard merely implement these protocols and configure the required technical parameters. Applying AH or ESP to an IP packet may modify the data payload (not always) and may insert an AH pr ESP header between the IP header and the packet contents.
y
ESP and AH (encryption and authentication headers)
ESP and AH together to get confidentiality and authentication. Since ESP can also perform most of the AH functions, there is no reason to use AH. Because ESP works on encapsulation principles, it has a different format: All data is encrypted and then placed between a header and a trailer.This differentiates it from AH, where only a header is created. Key exchange (ISAKMP, IKE, and others)
y
Cryptographic algorithms
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called codebreaking, although modern cryptography techniques are virtually unbreakable.
y
IPsec policy handling
An IPSec policy is nothing more than a set of rules that govern when and how Server uses the IPSec protocol. The IPSec policy interacts directly with the IPSec driver. The policy tells Windows such things as which data to secure and which security method to use. Remote access You can configure a server that allows remote users to access resources on your private network over dial up or virtual private network (VPN) connections. This type of server is called a remote access/VPN server. Remote access/VPN servers can also provide network address translation (NAT). With NAT, the computers on your private network can share a single connection to the Internet. With VPN and NAT, your VPN clients can determine the IP addresses of the computers on your private network, but other computers on the Internet cannot.
y
Page 8
y
SSL and TLS
Tran port La er Securit (TLS) and its predecessor, Secure Socket La er (SSL), are cryptographic protocols that provide communications security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using symmetric cryptography for privacy and a keyed message authentication code for message reliability.
Page 9
Chapter 4: Procedure
How to in tall and Turn on a VPN Server on window Server 2003
To install and turn on a VPN server, follow these steps: 1. Click Start, point to Admini trative Tool , and then click Routing and Remote Acce . 2. Click the server icon that matches the local server name in the left pane of the console. If the icon has a red circle in the lower left corner, the Routing and Remote Access service has not been turned on. If the icon has a green arrow pointing up in the lower left corner, the Routing and Remote Access service has been turned on. If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server. To reconfigure the server: a. Right click the server object, and then click Di able Routing and Remote Acce . Click Ye to continue when you are prompted with an informational message. b. Right click the server icon, and then click Configure and Enable Routing and Remote Acce to start the Routing and Remote Access Server Setup Wizard. Click (dial-up or VPN) to turn on remote computers to dial in or Next to continue. c. Click Remote acce
connect to this network through the Internet. Click Next to continue. Click to select VPN or Dial-up depending on the role that you intend to assign to this server. In the VPN Connection window, click the network interface which is connected to the Internet, and then click Next. In the IP Addre A ignment window, click Automaticall if a DHCP server will be used
to assign addresses to remote clients, or click From a pecified range of addre e if remote clients must only be given an address from a pre defined pool. In most cases, the DHCP option is simpler to administer. However, if DHCP is not available, you must specify a range of static addresses. Click Next to continue. If you clicked From a pecified range of addre e , the Addre Range A ignment dialog
box opens. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP addre box. Type the last IP address in the range in the End IP addre box. Windows Range calculates the number of addresses automatically. Click OK to return to the Addre A ignment window. Click Next to continue. Accept the default setting of No, u e Routing and Remote Acce to authenticate
connection reque t , and then click Next to continue. Click Fini h to turn on the Routing and Remote Access service and to configure the server as a Remote Access server.
Page 10
How to Configure a VPN Connection from a Client Computer
To set up a connection to a VPN, follow these steps. To set up a client for virtual private network Access, follow these steps on the client workstation: NOTE: You must be logged on as a member of the Administrators group to follow these steps. NOTE: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps. 1. On the client computer, confirm that the connection to the Internet is correctly configured. 2. Click Start, click Control Panel, and then click Network Connection . Click Create a new connection under Network Ta k , and then click Next. 3. Click Connect to the network at m workplace to create the dial up connection. Click Next to continue. 4. Click Virtual Private Network connection, and then click Next. 5. Type a descriptive name for this connection in the Compan name dialog box, and then click Next. 6. Click Do not dial the initial connection if the computer is permanently connected to the Internet. If the computer connects to the Internet through an Internet Service Provider (ISP), click Automaticall dial thi initial connection, and then click the name of the connection to the ISP. Click Next. 7. Type the IP address or the host name of the VPN server computer (for example, VPNServer.SampleDomain.com). 8. Click An one' u e if you want to permit any user who logs on to the workstation to have access to this dial up connection. Click M u e onl if you want this connection to be
available only to the currently logged on user. Click Next. 9. Click Fini h to save the connection. 10. Click Start, click Control Panel, and then click Network Connection . 11. Double click the new connection. 12. Click Propertie to continue to configure options for the connection. To continue to configure options for the connection, follow these steps:
o
If you are connecting to a domain, click the Option tab, and then click to select the Include Window logon domain check box to specify whether to request Windows Server 2003 logon domain information before trying to connect.
Page 11
o
If you want the connection to be redialed if the line is dropped, click the Option tab, and then click to select the Redial if line i dropped check box.
To use the connection, follow these steps: 1. Click Start, point to Connect to, and then click the new connection. 2. If you do not currently have a connection to the Internet, Windows offers to connect to the Internet. 3. When the connection to the Internet is made, the VPN server prompts you for your user name and password. Type your user name and password, and then click Connect. Your network resources must be available to you in the same way they are when you connect directly to the network.NOTE: To disconnect from the VPN, right click the connection icon, and then click Di connect.
Page 12
Conclu ion
VPN Server are an effective way to create secure communication channels across the Internet or between sensitive systems within a company¶s internal network. With the inclusion of VPN support in Microsoft 2000, Cisco routers, Checkpoint 2000, and a host of other systems, the deployment of VPN¶s is going to become more commonplace. Without proper security design, these VPN¶s could add many more unwanted entrances to corporate networks. Use VPN¶s where appropriate but ensure security issues including machine configuration, policy and user security awareness have been considered
Page 13
Scope of Future Work on VPN Server
The success of VPN Server in the future depends mainly on industry dynamics. Most of the value in VPN Server lies in the potential for businesses to save money. Should the cost of long distance telephone calls and leased lines continue to drop, fewer companies may feel the need to switch to VPNs for remote access. Conversely, if VPN standards solidify and vendor products interoperate fully with other, the appeal of VPNs should increase. The success of VPNs also depends on the ability of intranets and extranets to deliver on their promises. Companies have had difficulty measuring the cost savings of their private networks, but if it can be demonstrated that these provide significant value, the use of VPN technology internally may also increase. So there is a future work in the area of security, encryption, virtual network connectivity etc.
Page 14
REFERENCES Andrew S. Tanenbaum, ³Computer Networks³, Fourth Edition, pp.37 48. Aventail corporation, ³Now an SSL VPN can replace IPSec for Remote Access, A vendor white paper. VPN http://compnetworking.about.com/od/vpn/a/what_is_a_vpn.htm http://www.consumer research guide.com/vpn.htm?gclid=CM7ewZyW7IcCFSGTYAodx3RXfQ http://www.infosec.gov.hk/english/itpro/sectips/VPN_eng.pdf http://www.pcnetworkadvisor.com VPN forums http://www.tek tips.com/threadminder.cfm?pid=463 http://www.vpnc.org/vpn technologies.html
Configuration of VPN connections http://kb.iu.edu/data/akko.html Tcp/Ip guide http://www.tcpipguide.com/free/t_toc.htm IPSec http://send2press.com/newswire/2006 11 1130 004.shtml http://www.vpnlabs.com/ SSL / TLS http://info.ssl.com/ http://www.cse.wustl.edu/~jain/cse473 05/ftp/i_isec/sld008.htm http://www.PacktPub.com/book/ssl_vpn http://www.ietf.org/html.charters/tls charter.html Security Issues http://e docs.bea.com/wle/security/concepts.htm
Page 15
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci343029,00.html http://www.openssl.org/docs/ssl/ssl.html Client Server communications http://www.codeproject.com/cs/internet/AsyncSocketServerandClien.asp
Page 16
VPN Server is a vertual private network used by organization & companies to interact with their company server from a distance location other than their home network. It is a way to connect to home network securely over internet. It encapsulates data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks.
Figure 1.1General View of VPN Server
It aims to avoid an expensive system of owned or leased lines that can be used by only one organization. VPN Server performs four critical functions which are as follows: 1. Authentication ± validates that the data was sent from the sender. 2. Access control ± limiting unauthorized users from accessing the network. 3. Confidentiality ± preventing the data to be read or copied as the data is being transported. 4. Data Integrity ± ensuring that the data has not been altered.
Page 1
His
y
Until t nd of t 1990s, net orked computers were connected t rough expensi e
leased lines and/or dial-up phone lines.means they use spcific line to interect to their home network/server from a remote location for e.g.
Figure 1.2 Older Ways to connect remotely Virtual Private Networks reduce network costs because they avoid a need for many leased lines that individually connect remote offices (or remote users) to a private Intranet (internal network). Users can exchange private data securely, making the expensive leased lines unnecessary. VPN technologies have a myriad of protocols, terminologies and marketing influences that define them. For example, VPN technologies can differ in:
y y y y y
The protocols they use to tunnel the traffic. The tunnel's termination point, i.e., customer edge or network provider edge . Whether they offer site-to-site or remote access connectivity. The levels of security provided. The OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity.
Page 2
There are Three Types of connection method used by VPN Server to connect to remote user which are as follows:
y
Direct TCP/IP Connection
y
Connection Via HTTP Prox Server
y
Connection Via SOCKS Prox Server
Page 3
The Advantage Of Vpn Server
If you are searching to create your personal vpn server, then you have many different alternatives accessible. This actually is not a a valuable thing as it will make creating your VPN very hard, especially if you¶re only starting out. In order to save you some time I¶ll recommend what I feel may be the absolute best software remedy regarding establishing any VPN host on any kind of operating system. Open VPN is you need simply because not only is a very secure but it¶s free of charge and incredibly an easy task to setup when you are aware how. Keep reading to find out why you should seriously consider this particular computer software if you considering setting up your own personal VPN machine, particularly if it is your first time wanting to do that. Web Television has become a very popular alternative to satellite tv methods. By using a VPN service, you may make your personal computer seem to be positioned in virtually any region in the world including the Us all and also the UK. By doing this you can efficiently avoid virtually any constraints based on watching TV on board whether it be via world wide web obstructing in some countries or via televison broadcasting restrictions coming from United kingdom tv shows. It is a simple procedure to utilize VPNs to gain access to Television applications all over the world which is authorized. Thus take into account getting a VPN these days so that you can view any plan you need through around the globe. Having a vpn server, you are getting use of a quick host that won¶t slow down your online connection like the majority of some other World Wide Web providers or companies. Having a VPN machine, additionally you have the added good thing about total level of privacy when you use the web. You can watch whatever plans you want, in a nation, whenever you want sufficient reason for complete level of privacy. It is possible to guard the identity online utilizing a personal VPN consideration. With the rising number of cyber offences, on the internet privacy has become a real problem. Furthermore, the actual emergence associated with social media sites and also weblogs makes this extremely difficult for anyone to stay anonymous on the internet. On the web privacy is nearly not possible to maintain. Most people have no idea which cyber crooks will get use of your own credit card information just by sniffing your web targeted traffic (as with wifi hot spots). Amazingly, governing bodies at the center Far east as well as China are using Internet protocol address to locate laptop computer using their very own individuals. The fact is you don¶t would like
Page 4
everybody in the planet to know who you are and what you are doing on the internet. This is how a Virtual Exclusive System (VPN) accounts can assist you out there. By using a VPN support, it hides your online activity. It can this particular by encrypting everything proceeding from the pc towards the vpn server. If you enter an internet site deal with, your personal computer transmits an email for the VPN host to get the web page you¶ve requested. This way the browsing background will be concealed from the ISP or even business as well as your level of privacy is actually protected. In fact, without the VPN, these details would be easy to get at for your ISP in order to cyber terrorist smelling your computer data, as your traffic would not be protected.
Page 5
Chapter 2: Literature Surve
A literature review is part of a research project where a researcher researches on similar work to his or hers. This very important part of the research helps the researcher to find out how other researchers have tackled the problem he/she is attempting to solve. It gives insight on how to go about solving the problem at hand and provides information on available technologies and tools for solving the problem. This literature review provides an overview of various areas of research in VPN Server like Security, anti Hacking, Firewall, Networking, Protocol to be used, data rate, speed of transmission etc. Additional literature is considered which provides a general overview of the topic. Some case study literature is included with an emphasis on library science studies. This literature review is then applied to a case study migration project at the University of North Carolina at Chapel Hill in order to determine where the literature was helpful and where not, as well as where more research may be needed. Conclusions are drawn that the theoretical literature is quite comprehensive, but that literature having more practical application could certainly be strengthened. The primary areas of discussion on VPN Server encompass the following categories: a general overview of VPN Server with basic technical guidelines like how to install Server, general problem occur during installation, firewall, connectivity in network, safety transmission, protect from hacker¶s attack, etc VPN Server provides a way to connect our system from a remote place to our home or corporate server, so this are the basic areas where literature Survey is helpful.
Page 6
Chapter 3: Methedolog
How VPN Server Work
A VPN server itself is simply a server that is connected to a virtual private network. A virtual private network, or VPN, is a network that is able to channel through the Internet in order to connect a multitude of users, servers, and devices together. VPNs can also include other networks, such as local area networks, and are encrypted to ensure that only users who have the proper authorizati n o are able to access them. VPN networks are dependent on both a server and a client, with a server being the device that hosts the main files and a client being all other devices that connect to the server.
Client and Server
A VPN server is a piece of hardware or software that can acts as a gateway into a whole network or a single computer. It is generally µalways on¶ and listening for VPN clients to connect to it.
A VPN Client is most often a piece of software but can be hardware too. A client initiates a µcall¶ to the server and logs on. Then the client computer can server network can communicate. They are on the same µvirtual¶ network. Many broadband routers can pass one or more VPN sessions from your LAN to the Internet. Each router handles this differently. VPN Language There are two major languages or protocols that VPN s speak. Microsoft uses PPTP or Point to Point Tunneling Protocol and most everyone else uses IPSec Internet Protocol Security. Most broadband routers can pass PPTP traffic by forwarding port 1723 but IPSec is more complex. If your router does not explicitly support IPSEC pass through, then even placing your computer in the DMZ might not work. PPTP has good encryption and also features authentication for verifying a user ID and password. IPSec is pureley an encryption model and is mutch safer but does not include authentication routines. A third standard, L2TP is IPSec with authentication built in.
Page 7
Protocol U ed B VPN Server
y
General IPsec IPSec provides confidentiality and integrity protection for transmitted information, authentication and destinations, and anti replay protection. Two main network protocols, Encapsulating Security payload (ESP) and Authentication header (AH), are used to achieve this goals. All other parts of the IPSec standard merely implement these protocols and configure the required technical parameters. Applying AH or ESP to an IP packet may modify the data payload (not always) and may insert an AH pr ESP header between the IP header and the packet contents.
y
ESP and AH (encryption and authentication headers)
ESP and AH together to get confidentiality and authentication. Since ESP can also perform most of the AH functions, there is no reason to use AH. Because ESP works on encapsulation principles, it has a different format: All data is encrypted and then placed between a header and a trailer.This differentiates it from AH, where only a header is created. Key exchange (ISAKMP, IKE, and others)
y
Cryptographic algorithms
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called codebreaking, although modern cryptography techniques are virtually unbreakable.
y
IPsec policy handling
An IPSec policy is nothing more than a set of rules that govern when and how Server uses the IPSec protocol. The IPSec policy interacts directly with the IPSec driver. The policy tells Windows such things as which data to secure and which security method to use. Remote access You can configure a server that allows remote users to access resources on your private network over dial up or virtual private network (VPN) connections. This type of server is called a remote access/VPN server. Remote access/VPN servers can also provide network address translation (NAT). With NAT, the computers on your private network can share a single connection to the Internet. With VPN and NAT, your VPN clients can determine the IP addresses of the computers on your private network, but other computers on the Internet cannot.
y
Page 8
y
SSL and TLS
Tran port La er Securit (TLS) and its predecessor, Secure Socket La er (SSL), are cryptographic protocols that provide communications security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using symmetric cryptography for privacy and a keyed message authentication code for message reliability.
Page 9
Chapter 4: Procedure
How to in tall and Turn on a VPN Server on window Server 2003
To install and turn on a VPN server, follow these steps: 1. Click Start, point to Admini trative Tool , and then click Routing and Remote Acce . 2. Click the server icon that matches the local server name in the left pane of the console. If the icon has a red circle in the lower left corner, the Routing and Remote Access service has not been turned on. If the icon has a green arrow pointing up in the lower left corner, the Routing and Remote Access service has been turned on. If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server. To reconfigure the server: a. Right click the server object, and then click Di able Routing and Remote Acce . Click Ye to continue when you are prompted with an informational message. b. Right click the server icon, and then click Configure and Enable Routing and Remote Acce to start the Routing and Remote Access Server Setup Wizard. Click (dial-up or VPN) to turn on remote computers to dial in or Next to continue. c. Click Remote acce
connect to this network through the Internet. Click Next to continue. Click to select VPN or Dial-up depending on the role that you intend to assign to this server. In the VPN Connection window, click the network interface which is connected to the Internet, and then click Next. In the IP Addre A ignment window, click Automaticall if a DHCP server will be used
to assign addresses to remote clients, or click From a pecified range of addre e if remote clients must only be given an address from a pre defined pool. In most cases, the DHCP option is simpler to administer. However, if DHCP is not available, you must specify a range of static addresses. Click Next to continue. If you clicked From a pecified range of addre e , the Addre Range A ignment dialog
box opens. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP addre box. Type the last IP address in the range in the End IP addre box. Windows Range calculates the number of addresses automatically. Click OK to return to the Addre A ignment window. Click Next to continue. Accept the default setting of No, u e Routing and Remote Acce to authenticate
connection reque t , and then click Next to continue. Click Fini h to turn on the Routing and Remote Access service and to configure the server as a Remote Access server.
Page 10
How to Configure a VPN Connection from a Client Computer
To set up a connection to a VPN, follow these steps. To set up a client for virtual private network Access, follow these steps on the client workstation: NOTE: You must be logged on as a member of the Administrators group to follow these steps. NOTE: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps. 1. On the client computer, confirm that the connection to the Internet is correctly configured. 2. Click Start, click Control Panel, and then click Network Connection . Click Create a new connection under Network Ta k , and then click Next. 3. Click Connect to the network at m workplace to create the dial up connection. Click Next to continue. 4. Click Virtual Private Network connection, and then click Next. 5. Type a descriptive name for this connection in the Compan name dialog box, and then click Next. 6. Click Do not dial the initial connection if the computer is permanently connected to the Internet. If the computer connects to the Internet through an Internet Service Provider (ISP), click Automaticall dial thi initial connection, and then click the name of the connection to the ISP. Click Next. 7. Type the IP address or the host name of the VPN server computer (for example, VPNServer.SampleDomain.com). 8. Click An one' u e if you want to permit any user who logs on to the workstation to have access to this dial up connection. Click M u e onl if you want this connection to be
available only to the currently logged on user. Click Next. 9. Click Fini h to save the connection. 10. Click Start, click Control Panel, and then click Network Connection . 11. Double click the new connection. 12. Click Propertie to continue to configure options for the connection. To continue to configure options for the connection, follow these steps:
o
If you are connecting to a domain, click the Option tab, and then click to select the Include Window logon domain check box to specify whether to request Windows Server 2003 logon domain information before trying to connect.
Page 11
o
If you want the connection to be redialed if the line is dropped, click the Option tab, and then click to select the Redial if line i dropped check box.
To use the connection, follow these steps: 1. Click Start, point to Connect to, and then click the new connection. 2. If you do not currently have a connection to the Internet, Windows offers to connect to the Internet. 3. When the connection to the Internet is made, the VPN server prompts you for your user name and password. Type your user name and password, and then click Connect. Your network resources must be available to you in the same way they are when you connect directly to the network.NOTE: To disconnect from the VPN, right click the connection icon, and then click Di connect.
Page 12
Conclu ion
VPN Server are an effective way to create secure communication channels across the Internet or between sensitive systems within a company¶s internal network. With the inclusion of VPN support in Microsoft 2000, Cisco routers, Checkpoint 2000, and a host of other systems, the deployment of VPN¶s is going to become more commonplace. Without proper security design, these VPN¶s could add many more unwanted entrances to corporate networks. Use VPN¶s where appropriate but ensure security issues including machine configuration, policy and user security awareness have been considered
Page 13
Scope of Future Work on VPN Server
The success of VPN Server in the future depends mainly on industry dynamics. Most of the value in VPN Server lies in the potential for businesses to save money. Should the cost of long distance telephone calls and leased lines continue to drop, fewer companies may feel the need to switch to VPNs for remote access. Conversely, if VPN standards solidify and vendor products interoperate fully with other, the appeal of VPNs should increase. The success of VPNs also depends on the ability of intranets and extranets to deliver on their promises. Companies have had difficulty measuring the cost savings of their private networks, but if it can be demonstrated that these provide significant value, the use of VPN technology internally may also increase. So there is a future work in the area of security, encryption, virtual network connectivity etc.
Page 14
REFERENCES Andrew S. Tanenbaum, ³Computer Networks³, Fourth Edition, pp.37 48. Aventail corporation, ³Now an SSL VPN can replace IPSec for Remote Access, A vendor white paper. VPN http://compnetworking.about.com/od/vpn/a/what_is_a_vpn.htm http://www.consumer research guide.com/vpn.htm?gclid=CM7ewZyW7IcCFSGTYAodx3RXfQ http://www.infosec.gov.hk/english/itpro/sectips/VPN_eng.pdf http://www.pcnetworkadvisor.com VPN forums http://www.tek tips.com/threadminder.cfm?pid=463 http://www.vpnc.org/vpn technologies.html
Configuration of VPN connections http://kb.iu.edu/data/akko.html Tcp/Ip guide http://www.tcpipguide.com/free/t_toc.htm IPSec http://send2press.com/newswire/2006 11 1130 004.shtml http://www.vpnlabs.com/ SSL / TLS http://info.ssl.com/ http://www.cse.wustl.edu/~jain/cse473 05/ftp/i_isec/sld008.htm http://www.PacktPub.com/book/ssl_vpn http://www.ietf.org/html.charters/tls charter.html Security Issues http://e docs.bea.com/wle/security/concepts.htm
Page 15
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci343029,00.html http://www.openssl.org/docs/ssl/ssl.html Client Server communications http://www.codeproject.com/cs/internet/AsyncSocketServerandClien.asp
Page 16
