Вы находитесь на странице: 1из 3
Fachbereich 2 IT-Security Prof. Dr. Martin Kappes (I/II) Exercise Chapter “Virtual Private Networks”
Fachbereich 2 IT-Security Prof. Dr. Martin Kappes (I/II) Exercise Chapter “Virtual Private Networks”
Fachbereich 2 IT-Security Prof. Dr. Martin Kappes (I/II) Exercise Chapter “Virtual Private Networks”

Fachbereich 2

IT-Security

Prof. Dr. Martin Kappes

(I/II)

Exercise Chapter “Virtual Private Networks”

Exercise 1:

Describe the following terms briefly in 3-4 sentences.

1. Virtual Private Network

2. RAS

3. Site-to-Site VPN

Exercise 2:

Explain and describe how IPSec works in detail. In your explanation, the terms AH, ESP, Tunnel Mode and Transport mode should be addressed. Also, describe what the Sequence Number in AH and ESP is used for.

Exercise 3:

Explain and describe how OpenVPN works in detail. In your explanation, the terms tun- device and tap-device should be addressed.

1

Practical Exercise Chapter “Firewalls”

Exercise 1:

Use openssl under Linux to set up a certificate authority. Create keys and certificates for all machines in the reference network. Moreover, create a Diffie-Hellman parameter file.

Exercise 2:

Configure the reference network as in the initial lab excercise. 10.2.4.37 172.16.2.5 10.2.4.1 172.16.2.0/24
Configure the reference network as in the initial lab excercise.
10.2.4.37
172.16.2.5
10.2.4.1
172.16.2.0/24
10.2.4.0/24
(öffentliches Verbindungsnetz)
(Institutionsnetz)
172.16.2.4
Router
192.168.1.5
192.168.1.0/24
(Institutionsnetz)
192.168.1.100

All machines in the network must run Linux.

2

Exercise 3:

Create a site-to-site VPN between 10.2.4.0/24 and 192.168.1.0/24 with IPsec (ESP, tunnel mode). Using the java-program from the initial lab exercise, observe the traffic in the public network using Wireshark with and without the VPN. Explain what IP-addresses, protocols and ports show up and why.

Exercise 4:

Create a site-to-site VPN between 10.2.4.0/24 and 192.168.1.0/24 with OpenVPN (tun de- vice). Using the java-program from the initial lab exercise, observe the traffic in the public network using Wireshark with and without the VPN. Explain what IP-addresses, proto- cols and ports show up and why. Which changes are required in the routing tables of the machines and what happens if you do not make these changes?

Exercise 5:

Compare IPsec and OpenVPN with and explain differences and commonalities in what you observed.

Exercise 6:

Now, create a Remote Access VPN with OpenVPN (tap device) for the 10.2.4.0/24-network:

Run the OpenVPN server on the router of the network. Before, create a tap-device and brige it with the Ethernet interface into 10.2.4.1/24-network. Set up the OpenVPN client on 192.168.1.100. Using the java-program from the initial lab exercise, observe the traffic in all networks using Wireshark with and without the VPN. Explain what IP-addresses, protocols and ports show up and why.

3