Experiment - Install And Configure A VPN

Here is the topology of what we want to achieve: a private network A communicating with private network B via a tunnel.

# Generated by NetlabClient
set ns [new Simulator]
source tb_compat.tcl
# Nodes
set A [$ns node]
tb-set-node-os $A FC6-STD
set B [$ns node]
tb-set-node-os $B FC6-STD
set Client [$ns node]
tb-set-node-os $Client FC6-STD
set Monitor [$ns node]
tb-set-node-os $Monitor FC6-STD
set Server [$ns node]
tb-set-node-os $Server FC6-STD
# Links
set link0 [$ns duplex-link $A $Server 100000.0kb 0.0ms DropTail]
set link1 [$ns duplex-link $Monitor $Server 100000.0kb 0.0ms DropTail]
set link2 [$ns duplex-link $Client $Monitor 100000.0kb 0.0ms DropTail]
set link3 [$ns duplex-link $B $Client 100000.0kb 0.0ms DropTail]
# Comment the next line out
#$ns rtproto Static
$ns run
 

This produces a setup that looks like this

AàServeràMonitoràClientàB

A(192.168.3.2) à (192.168.3.3)Server(192.168.4.3)

                         à (192.168.4.2)Monitor(192.168.1.3)

                         à (192.168.1.2)Client(192.168.2.3) à B(192.168.2.2)

 

  1. Setup ipforwarding on Server, Monitor, and Client

echo 1 > /proc/sys/net/ipv4/ip_forward

  1. Routing
    1. On A:

route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.3.3

    1. On Server:

route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.4.2

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.4.2

    1. On Monitor:

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.4.3

route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.2

    1. On Client:

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.3

route add -net 192.168.4.0 netmask 255.255.255.0 gw 192.168.1.3

    1. On B:

route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.2.3

  1. Ping from AàB and ServeràClient to verify
  2. Install echo server on A, echo client on B
  3. On Monitor, monitor traffic: tcpdump -nXvv
  4. Exec echo server on A and echo client on B, check Monitor dump and verify plain text transmission
  5. Install openvpn on Server AND Client: yum install openvpn
  6. Follow documentation on openvpm page. Think of two private addresses for Server and Client - they should not be any existing addresses. Because my private addresses were 192.168.., I chose 10.8.0.1 for Server and 10.8.0.2 for Client. What this does is set up a virtual interface called tun on server and client.
    1. Generate static key on Server

openvpn --genkey --secret static.key

    1. Copy static.key to Client
    2. Server config file (server.conf)

dev tun

ifconfig 10.8.0.1 10.8.0.2

secret static.key

    1. Client config file (client.conf)

remote 192.168.4.3 // server's actual ip address

dev tun

ifconfig 10.8.0.2 10.8.0.1

secret static.key

    1. Run openvpn server.conf //on server
    2. Run openvpn client.conf //on client: It should say "Initialization Sequence Completed on both Client and Server"
    3. On client: ping 10.8.0.1 to verify tunnel is set up
    4. On server remove the route to B

route del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.4.2

    1. On client remove route to A

route del -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.1.3

    1. On server add route to B via the tunnel

route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.8.0.2

    1. On client add route to A via the tunnel

route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.8.0.1

  1. On A start the echo server
  2. On Monitor start tcpdump on udp port 1194 as this is the port used by the vpn server: tcpdump -nXvv udp port 1194
  3. On B do echo client to A and verify on monitor that it is encrypted