AliveVPN OpenVPN account settings: After payment of OpenVPN package you’ll receive an email with your registration data of this type:Subject: Registration of AliveVPN account (Unlimited Bandwidth OpenVPN account / 1 day):10 day(s), account expires 05/25/2010 Your registration data: Arhive of keys files: v46-23085.tgz Password: zYlJmZy Account Expires: 05/25/2010 Download and install the OpenVPN GUI from here:http://openvpn.net/release/openvpn-2.1_rc15-install.exe Expand the archive with the keys and the settings in the folder with the settings of Open VPN GUI, by default it is this – “C:\Program Files\OpenVPN\config\”. As a result, in the settings directory should be the following files:07.04.2009 13:08 1 529 ca.crt 07.04.2009 13:08 424 dh2048.pem 07.04.2009 01:13 246 v46-23085.conf 07.04.2009 13:08 4 947 v46-23085.crt 07.04.2009 13:08 1 751 v46-23085.key 07.04.2009 01:13 238 v46-23085.ovpn Now you have to run the OpenVPN connection: Run the OpenVPN CUI program “C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe” Double-click the tray icon appears in the OpenVPN GUI and enter in response to a request issued you a password. Your connection is established.
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks. PPTP supports on-demand, multi-protocol, virtual private networking over public networks, such as the Internet. Introduction Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks. PPTP supports on-demand, multi-protocol, virtual private networking over public networks such as the Internet. The networking technology of PPTP is an extension of the remote access Point-to-Point protocol defined in the document by the Internet Engineering Task Force (IETF) titled “The Point-to-Point Protocol for the Transmission of Multi-Protocol Datagrams over Point-to-Point Links,” referred to as RFC 1171. PPTP is a network protocol that encapsulates PPP packets into IP datagrams for transmission over the Internet or other public TCP/IP-based networks. PPTP can also be used in private LAN-to-LAN networking. The PPTP extension of PPP is explained in the document titled “Point-to-Point Tunneling Protocol ,” PPTP draft-ietf – ppext – pptp – 00.Text. A draft of this document was submitted to the IETF in June, 1996 by the companies of the PPTP Forum, which includes Microsoft Corporation, Ascend Communications, 3Com/Primary Access, ECI Telematics, and US Robotics. PPTP and Virtual Private Networking The PPTP protocol is included with Windows NT® Server version 4.0 and Windows NT Workstation version 4.0 operating systems. Computers running these operating can use the PPTP protocol to securely connect to a private network as a remote access client by using a public data network such as the Internet. In other words, PPTP enables on-demand, virtual private networks over the Internet or other public TCP/IP-based data networks. PPTP can also be used by computers connected to a LAN to create a virtual private network across the LAN. An important feature in the use of PPTP is its support for virtual private networking by using public-switched telephone networks (PSTNs). PPTP simplifies and reduces the cost of deploying an enterprise-wide, remote access solution for remote or mobile users because it provides secure and encrypted communications over public telephone lines and the Internet. PPTP eliminates the need for expensive, leased-line or private enterprise-dedicated communication servers because you can use PPTP over PSTN lines. Generally, there are three computers involved in every PPTP deployment: a PPTP client a network access server a PPTP server The following section describes a typical PPTP scenario using these computers and explains how they relate to each other and then fully defines each of these components. Typical PPTP Scenario A typical deployment of PPTP starts with a remote or mobile PPTP client that needs access to a private enterprise LAN by using a local Internet Service Provider (ISP). Clients using computers running Windows NT Server version 4.0 or Windows NT Workstation version 4.0 use Dial-up Networking and the remote access protocol PPP to connect to an ISP. The client connects to a network access server (NAS) at the ISP facility. (Network access servers are also referred to as front-end processors (FEPs), dial-in servers or point-of-presence (POP) servers.) Once connected, the client can send and receive packets over the Internet. The network access server uses the TCP/IP protocol for all traffic to the Internet. After the client has made the initial PPP connection to the ISP, a second Dial-Up Networking call is made over the existing PPP connection. Data sent using this second connection is in the form of IP datagrams that contain PPP packets, referred to as encapsulated PPP packets. The second call creates the virtual private networking (VPN) connection to a PPTP server on the private enterprise LAN, this is referred to as a tunnel. This is shown in the following figure: Figure 1: – The PPTP Tunnel Tunneling is the process of sending packets to a computer on a private network by routing them over some other network, such as the Internet. The other network routers cannot access the computer that is on the private network. However, tunneling enables the routing network to transmit the packet to an intermediary computer, such as a PPTP server, that is connected to the both the routing network and the private network. Both the PPTP client and the PPTP server use tunneling to securely route packets to a computer on the private network by using routers that only know the address of the private network intermediary server. When the PPTP server receives the packet from the routing network, it sends it across the private network to the destination computer. The PPTP server does this by processing the PPTP packet to obtain the private network computer name or address information in the encapsulated PPP packet. Note that the encapsulated PPP packet can contain multi-protocol data such as TCP/IP, IPX, or NetBEUI protocols. Because the PPTP server is configured to communicate across the private network by using private network protocols, it is able to read multi-protocol packets. The following figure illustrates the multi-protocol support built-into PPTP. A packet sent from the PPTP client to the PPTP server passes through the PPTP tunnel to a destination computer on the private network. Figure 2: – Connecting a Dial-Up Networking PPTP Client to the Private Network PPTP encapsulates the encrypted and compressed PPP packets into IP datagrams for transmission over the Internet. These IP datagrams are routed over the Internet until they reach the PPTP server that is connected to the Internet and the private network. The PPTP server disassembles the IP datagram into a PPP packet and then decrypts the PPP packet using the network protocol of the private network. As mentioned earlier, the network protocols on the private network that are supported by PPTP are IPX, NetBEUI, or TCP/IP. PPTP Clients A computer that supports the PPTP network protocol, e.g., a Microsoft client, can connect to a PPTP server in two ways: by using an ISP’s network access server that supports inbound PPP connections by using a physical TCP/IP-enabled LAN connection to connect to a PPTP server PPTP clients that use an ISP’s network access server must be configured with a modem and a VPN device to make the separate connections to the ISP and the PPTP server. The first connection is a dial-up connection using the PPP protocol over the modem to an Internet service provider. The second connection is a VPN connection using PPTP, over the modem and the ISP connection, to tunnel across the Internet to a VPN device on the PPTP server. The second connection requires the first connection because the tunnel between the VPN devices is established by using the modem and PPP connection to the Internet. The exception to this two-connection requirement is using PPTP to create a virtual private network between computers physically connected to the private enterprise network LAN. In this scenario, a PPTP client is already connected to the network and only uses Dial-Up Networking with a VPN device to create the connection to a PPTP server on the LAN. PPTP packets from a remote access PPTP client and a local LAN PPTP client are processed differently. A PPTP packet from a remote access PPTP client is placed on the telecommunication device physical media, while the PPTP packet from a LAN PPTP client is placed on the network adapter physical media as illustrated in the following figure: Figure 3: – Placing a PPTP packet on the Network Media The figure above illustrates how PPTP encapsulates PPP packets and then places the outgoing PPTP packet on either a modem, ISDN, or LAN network media. Network Access Servers at an ISP ISPs use network access servers to support clients that dial in using a protocol, such as SLIP or PPP, to gain access to the Internet. However, to support PPTP-enabled clients, a network access server must provide PPP service. The ISP network access servers are designed and built to accommodate a high number of dial-in clients. Network access servers are built by companies such as 3Com, Ascend, ECI Telematics, and U.S. Robotics, that are members of the PPTP Forum. Note: An ISP that provides a PPTP service by using a PPTP-enabled network access server can support Windows+ 95, Windows NT versions 3.5 and 3.51, as well as third-party PPP clients, such as Apple Macintosh or UNIX. These clients can use a PPP connection to the ISP server. The ISP server acts as a PPTP client and connects to the PPTP server on the private network, creating a PPTP tunnel from the ISP server to the PPTP server. In this scenario, the PPTP architecture described in this document is fundamentally the same; however, all PPTP communication occurs between the network access server and PPTP server. Contact your ISP to see if they provide a PPTP service and how you need to configure PPP and Dial-Up Networking to access the ISP server that supports PPTP. PPTP Servers on the Private LAN PPTP servers are servers [...]
1. Choose Apple, System Preferences, and then click Network. 2. Click Add (+) at the bottom of the network connection services list. (if the lock at the bottom left hand corner of that window is locked, click it to activate the settings for Network) 3. Choose VPN from the “Interface” pop-up menu. “VPN Type” now shows up below this pop-up-menu. * Choose “PPTP” from the “VPN Type” pop-up menu. * Type in “AliveVPN” for the “Service Name”. 4. Type in “vpn.alivevpn.com” for the “Server Address”. * Type in your username for “Account Name”. * Choose “Automatic (128 bit or 40 bit)” for “Encryption”. 5. Click the Authentication Settings button. * Type in your password for the field that says “Password:” and click OK. 6. Click on the “Advanced…” button. 7. In the “Options” tab, make sure “Send all traffic over VPN connection” is marked and click OK. 8. Make sure “Show VPN status in menu bar” is marked and click “Apply”. 9. To connect, click on the “Connect” button. You should now be connected to the VPN network.
Virtual Private Networks (VPNs) have now become the de facto standard to provide a company’s partners or employees with remote access to corporate resources in a secure manner. In this tip, we attempt to explain the difference between two popular VPN types –IPSec VPN vs. SSL VPN — and how to decide between them. Before I delve into these two different types, however, a quick overview of VPN technologies is in order. VPN refers to the family of technologies that facilitate remote access to corporate resources. The primary users of this technology are company employees who want to access resources at work from their homes or other public places, and corporate partners/third parties who support various systems within the corporate infrastructure. VPNs typically leverage public long-haul IP networks to transmit data by creating an encrypted channel between the remote site, which could be an employee’s laptop or a third-party system, and the corporate network. Key technologies At present, the two most popular VPN technologies are the traditional Internet Protocol Security (IPsec)-based VPNs, which function primarily at the network layer, and Secure Sockets Layer (SSL) VPNs, which function primarily at the application layer. These differ in both the underlying technology used, the function they serve, as well as in the potential VPN security risks they present. IPsec was originally designed to provide point-to-point, always-on connections between remote sites and the central office resource. The clients in this case could be branch offices or vendors. The protocol is designed to work further down the network stack (layer 3) and can be used to transmit any IP-based protocol, irrespective of the application generating the traffic. With the advent of the mobile work force, IPsec has been extended to support remote access through the use of a dedicated VPN application (client) installed on the users’ mobile assets. SSL VPNs, on the other hand, were designed with the mobile workforce in mind. The intended goal was to provide a seamless, clientless method for remote access. An SSL VPN can be thought of as an application proxy, providing granular access to specific corporate resources that a remote user can access using his or her browser without the need to install a client. Strengths and weaknesses IPsec ‘s key strength lies in its ability to provide a permanent connection between locations. Working at the network layer (layer 3 of the network stack) also makes it application agnostic: Any IP-based protocol could be tunneled through it. This makes IPsec an attractive alternative to an expensive leased line or a dedicated circuit. It could also serve as a backup link in the event that the primary leased line or dedicated circuit connecting the remote site to the central office goes down. IPsec’s application-agnostic design is also its weakness, however. Though it provides authentication, authorization and encryption, while basically extending the corporate network to any remote user, it does not have the ability to restrict access to resources at a granular level. Once a tunnel is set up, remote users can typically access any corporate resource as if they were plugged directly into the corporate network. These security concerns are exacerbated because having a mobile workforce requires allowing non-managed IT assets like smartphones and home PCs to access corporate resources. These are assets that IT has no visibility into or control over, and there is no guarantee that these devices comply with the level of security that is typically enforced on managed assets. IPsec is also more involved to maintain. In addition to setting up the appliance to terminate the tunnels, additional configuration and maintenance are required to support the remote user population. In situations where corporations useNetwork Address Translation (NAT), special configuration is required to ensure IPsec plays nicely with the NAT setup. SSL VPNs, on the other hand, have been designed from the ground up to support remote access. They do not require any special software to be installed. Remote access is provided through a browser-based session using SSL. SSL VPNs also provide an enterprise with the ability to control access at a granular level. Specific authentication and authorization schemes for access to an application can be limited to a particular user population. Built-in logging and auditing capabilities address various compliance requirements. SSL VPNs also have the ability to run host compliance checks on the remote assets connecting to the enterprise to validate they are configured with the appropriate security software and have the latest patches installed. This does not mean SSL VPNs are the panacea to all of IPsec’s weaknesses. If a remote site requires an always-on link to the main office, SSL VPN would not be the solution. IPsec, being application agnostic, can support a number of legacy protocols and traditional client/server applications with minimal effort. This is not the case with SSL VPNs, which have been built around Web-based applications. Many SSL VPNs get around this weakness by installing a Java or ActiveX-based agent on the remote asset. This installation is typically achieved seamlessly after the remote asset has successfully authenticated to the SSL VPN appliance, though it should be noted that both ActiveX and Java come with their own security weaknesses that attackers commonly seek to exploit. IPsec or SSL VPNs? Each VPN method has its place in an enterprise. Ideally, as SSL and IPsec VPNs serve different purposes and complement each other, they should both be implemented. IPsec should be leveraged in situations where an always-on connection to remote office locations or partners/vendors is required. In these instances, granular access control limitations and missing host-check capabilities should be augmented with a Network Access Control (NAC) system, which can ensure only approved remote hosts are allowed to connect to the enterprise. Enterprises should leverage SSL VPNs primarily as a remote access method for the mobile workforce where granular access control capabilities, auditing and logging, and security policy enforcement are crucial. But, regardless of your VPN choice or specific needs, remember that a VPN must not only be updated, tested and monitored for performance, but also employed as part of a defense-in-depth strategy that utilizes comprehensive policies and a variety of network security technologies.
A VPN – Virtual Private Network – is one solution to establishing long-distance and/or secured network connections. VPNs are normally implemented (deployed) by businesses or organizations rather than by individuals, but virtual networks can be reached from inside a home network. Compared to other technologies, VPNs offers several advantages, particularly benefits for wireless local area networking. For an organization looking to provide a secured network infrastructure for its client base, a VPN offers two main advantages over alternative technologies: cost savings, and network scalability. To the clients accessing these networks, VPNs also bring some benefits of ease of use. Cost Savings with a VPN A VPN can save an organization money in several situations: * eliminating the need for expensive long-distance leased lines * reducing long-distance telephone charges * offloading support costs VPNs vs leased lines – Organizations historically needed to rent network capacity such as T1 lines to achieve full, secured connectivity between their office locations. With a VPN, you use public network infrastructure including the Internet to make these connections and tap into that virtual network through much cheaper local leased lines or even just broadband connections to a nearby Internet Service Provider (ISP). Long distance phone charges – A VPN also can replace remote access servers and long-distance dialup network connections commonly used in the past by business travelers needing to access to their company intranet. For example, with an Internet VPN, clients need only connect to the nearest service provider’s access point that is usually local. Support costs – With VPNs, the cost of maintaining servers tends to be less than other approaches because organizations can outsource the needed support from professional third-party service providers. These provides enjoy a much lower cost structure through economy of scale by servicing many business clients. VPN Network Scalability The cost to an organization of building a dedicated private network may be reasonable at first but increases exponentially as the organization grows. A company with two branch offices, for example, can deploy just one dedicated line to connect the two locations, but 4 branch offices require 6 lines to directly connect them to each other, 6 branch offices need 15 lines, and so on. Internet based VPNs avoid this scalability problem by simply tapping into the the public lines and network capability readily available. Particularly for remote and international locations, an Internet VPN offers superior reach and quality of service. Using a VPN To use a VPN, each client must possess the appropriate networking software or hardware support on their local network and computers. When set up properly, VPN solutions are easy to use and sometimes can be made to work automatically as part of network sign on. VPN technology also works well with WiFi local area networking. Some organizations use VPNs to secure wireless connections to their local access points when working inside the office. These solutions provide strong protection without affecting performance excessively. Limitations of a VPN Despite their popularity, VPNs are not perfect and limitations exist as is true for any technology. Organizations should consider issues like the below when deploying and using virtual private networks in their operations: 1. VPNs require detailed understanding of network security issues and careful installation / configuration to ensure sufficient protection on a public network like the Internet. 2. The reliability and performance of an Internet-based VPN is not under an organization’s direct control. Instead, the solution relies on an ISP and their quality of service. 3. Historically, VPN products and solutions from different vendors have not always been compatible due to issues with VPN technology standards. Attempting to mix and match equipment may cause technical problems, and using equipment from one provider may not give as great a cost savings.
