======Other Project: Toobz====== Terrific, time tested tools, tricks, and techniques that are tried and true for tough, temporary, transient, and tenacious tunnelling over trecherous telecommunications transmissions, without the tremendous, tedious, and tiresome task of tactically taking out two-timing trickers. =====Objectives===== Setup, explore, and test various VPN implementations and tunneling protocols. =====Prerequisites===== In order to successfully accomplish/perform this project, the listed resources/experiences need to be consulted/achieved: * resource1 * resource2 * resource3 * experience1 * experience2 * etc. =====Background===== State the idea or purpose of the project. What are you attempting to pursue? Upon approval, you'll want to fill this section out with more detailed background information. DO NOT JUST PROVIDE A LINK. Providing any links to original source material, such as from a project page, is a good idea. You'll want to give a general overview of what is going to be accomplished (for example, if your project is about installing a web server, do a little write-up on web servers. What is it, why do we need one, how does it work, etc.) =====Scope===== Give a general overview of your anticipated implementation of the project. Address any areas where you are making upfront assumptions or curtailing potential detail. State the focus you will be taking in implementation. =====Attributes===== State and justify the attributes you'd like to receive upon successful approval and completion of this project. * attribute1: why you feel your pursuit of this project will gain you this attribute * attribute2: why you feel your pursuit of this project will gain you this attribute * etc... =====Procedure===== ====GRE: Generic Routing Encapsulation==== * **OpenWRT:**$ ip tunnel add ipip1 mode gre remote local $ ip link set ipip1 up $ ip addr add 10.3.3.1/24 dev ipip1 * **Ubuntu:**$ ip tunnel add ipip1 mode gre remote local $ ip link set ipip1 up $ ip addr add 10.3.3.2/24 dev ipip1 ====IPIP: IP in IPv4/IPv6==== * **OpenWRT:**$ ip tunnel add ipip0 mode ipip remote local $ ip link set ipip0 up $ ip addr add 10.2.2.1/24 dev ipip0 * **Ubuntu:**$ ip tunnel add ipip0 mode ipip remote local $ ip link set ipip0 up $ ip addr add 10.2.2.2/24 dev ipip0 ====IPSec: Internet Protocol Security==== ====L2TP: Layer 2 Tunneling Protocol==== L2TPv3 Ethernet "pseudowire" setup with UDP encapsulation * **OpenWRT:**$ opkg update $ opkg install kmod-l2tp-eth $ opkg install ip-full $ ip l2tp add tunnel tunnel_id 1 peer_tunnel_id 1 \ udp_sport 5000 udp_dport 5000 encap udp \ local remote $ ip l2tp add session tunnel_id 1 session_id 1 peer_session_id 1 $ ip link set l2tpeth0 up mtu 1428 $ ip addr add 10.6.6.1/24 dev l2tpeth0 * **Ubuntu:**$ modprobe l2tp_eth $ ip l2tp add tunnel tunnel_id 1 peer_tunnel_id 1 \ udp_sport 5000 udp_dport 5000 encap udp \ local remote $ ip l2tp add session tunnel_id 1 session_id 1 peer_session_id 1 $ ip link set l2tpeth0 up mtu 1428 $ ip addr add 10.6.6.2/24 dev l2tpeth0 ====Netcat==== ====OpenVPN: Openvpn Tunneling Protocol==== * **OpenWRT:**$ opkg update $ opkg install openvpn-nossl $ openvpn --dev tun --remote \ --proto udp --mssfix 1472 \ --comp-lzo no --ifconfig 10.5.5.1 10.5.5.2 * **Ubuntu:**$ openvpn --dev tun --proto udp \ --mssfix 1472 --comp-lzo no \ --fast-io --ifconfig 10.5.5.2 10.5.5.1 ====PPTP: Point-to-Point Tunneling Protocol==== * **OpenWRT:**$ vi /etc/config/network: [...] config interface 'vpn' option proto 'pptp' option server '' option username 'vpn' option password 'vpn' option auto '0' option delegate '0' option defaultroute '0' option peerdns '0' option mtu '1462' * **Ubuntu:**$ apt-get install pptpd $ vi /etc/pptpd.conf option /etc/ppp/pptpd-options localip 10.4.4.1 remoteip 10.4.4.10-15 $ vi /etc/ppp/pptpd-options name pptpd nodefaultroute lock nobsdcomp nologfd mtu 1462 $ vi /etc/ppp/chap-secrets vpn * vpn * ====SIT: IPv6 in IPv4/IPv6==== ====SSH: Secure Shell==== **Forwarding a local TCP port to a remote TCP port:**$ ssh -L 127.0.0.1:2022:10.150.35.74:22 tunneluser@remotehost.example.com $ ssh -L 8080:localhost:80 tunneluser@remotehost.example.com $ ssh -L 192.168.3.45:8080:web01.example.com:80 tunneluser@remotehost.example.com **Forwarding a remote TCP port to a local TCP port:**$ ssh -R localhost:2022:localhost:22 tunneluser@bastionhost.example.com $ sudo ssh -R web99.example.com:80:localhost:80 root@web99.example.com **Establishing a Layer-2 SSH VPN using "tap" devices:** * **Local Host:**# create a "tap0" virtual network interface $ sudo tunctl -t tap0 ## or ## $ sudo ip tuntap add dev tap0 mode tap # configure the "tap0" interface $ sudo ifconfig tap0 192.168.1.101 netmask 255.255.255.0 # start the SSH Layer-2 VPN tunnel $ ssh -o Tunnel=ethernet -f -w 0:0 root@remotehost.example.com true * **Remote Host:**# create a "tap0" virtual network interface $ sudo tunctl -t tap0 ## or ## $ sudo ip tuntap add dev tap0 mode tap # configure the "tap0" interface $ sudo ifconfig tap0 192.168.1.102 netmask 255.255.255.0 **Establishing a Layer-3 SSH VPN using "tun" devices:** * **Local Host:**$ sudo ssh -f -w 0:0 root@remotehost.example.com true $ sudo ifconfig tun0 192.168.1.101 netmask 255.255.255.0 * **Remote Host:**$ sudo ifconfig tun0 192.168.1.102 netmask 255.255.255.0 ====SSTP: Secure Socket Tunneling Protocol==== ====VXLAN: Virtual Extensible Local Area Network==== ====WireGuard==== WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. * **OpenWRT:**$ opkg update $ opkg install wireguard ## Generate Public/Private Keypair $ umask 077 $ wg genkey > server.privatekey $ wg pubkey < server.privatekey > server.publickey ## Can also be done with a single command: $ wg genkey | tee server.privatekey | wg server.pubkey > server.publickey ## Command line configuration # Add new interface with ip-link(8) $ ip link add dev wg0 type wireguard # Assign an IP address and peer with ifconfig(8) or ip-address(8) $ ip addr add dev wg0 10.0.0.1/24 ## Example with only 2 peers #$ ip address add dev wg0 10.0.0.1/24 peer 10.0.0.2/24 # Configure interface with keys and peer endpoints with wg $ wg setconf wg0 myconfig.conf ## or ## $ wg set wg0 listen-port 51820 \ private-key ./server.privatekey \ peer \ allowed-ips 10.0.0.2/32 \ endpoint 192.168.1.2:51820 # Activate interface with ifconfig(8) or ip-link(8): $ ip link set wg0 up # check: $ ip addr # Add peer: $ wg public key: private key: listening port: 51820 $ wg set wg0 peer \ allowed-ips 10.0.0.2/32 \ endpoint 192.168.1.2:51820 # Test connectivity ping 10.0.0.2 ## Static configuration $ vi /etc/config/network config interface 'wg0' option proto 'wireguard' option listen_port '51820' list addresses '10.0.0.1/32' option private_key '' config wireguard_wg0 option public_key '' option route_allowed_ips '1' list allowed_ips '10.0.0.0/24' * **Ubuntu:**$ sudo add-apt-repository ppa:wireguard/wireguard $ sudo apt get update $ sudo apt get install wireguard ## Generate Public/Private Keypair $ umask 077 $ wg genkey > client.privatekey $ wg pubkey < client.privatekey > client.publickey ## Can also be done with a single command: $ wg genkey | tee client.privatekey | wg client.pubkey > client.publickey ## Command line configuration # Add new interface with ip-link(8) $ ip link add dev wg0 type wireguard # Assign an IP address and peer with ifconfig(8) or ip-address(8) $ ip addr add dev wg0 10.0.0.2/24 ## Example with only 2 peers #$ ip address add dev wg0 10.0.0.2/24 peer 10.0.0.1/24 # Configure interface with keys and peer endpoints with wg $ wg setconf wg0 myconfig.conf ## or ## $ wg set wg0 listen-port 51820 \ private-key ./client.privatekey \ peer \ allowed-ips 10.0.0.1/32 \ endpoint 192.168.1.1:51820 # Activate interface with ifconfig(8) or ip-link(8): $ ip link set wg0 up # check: $ ip addr # Add peer: $ wg public key: private key: listening port: 51820 $ wg set wg0 peer \ allowed-ips 10.0.0.1/32 \ endpoint 192.168.1.1:51820 # Test connectivity ping 10.0.0.1 ## Static configuration $ vi /etc/config/network config interface 'wg0' option proto 'wireguard' option listen_port '51820' list addresses '10.0.0.2/32' option private_key '' config wireguard_wg0 option public_key '' option route_allowed_ips '1' list allowed_ips '0.0.0.0/0' option endpoint_host 'Server's public ip address' option endpoint_port '51820' option persistent_keepalive '25' * **Firewall Rules:**$ vi /etc/config/firewall config rule option target 'ACCEPT' option src 'wan' option proto 'udp' option name 'Wireguard_VPN' option family 'ipv4' option dest_port '51820' config zone option name 'wg-vpn' option input 'ACCEPT' option forward 'ACCEPT' option output 'ACCEPT' option masq '1' option device 'wg0' config forwarding 'wg_wan' option src 'wg-vpn' option dest 'wan' config forwarding 'wg_lan' option src 'wg-vpn' option dest 'lan' config forwarding option src 'lan' option dest 'wg-vpn' * **Testing:**## Restart networking: $ /etc/init.d/network restart $ /etc/init.d/firewall restart ## Testing throughput: =====Code===== Upon completion of the project, if there is an applicable collection of created code, place a copy of your finished code within blocks here. /* * hello.c - A sample "Hello, World!" program * * written by NAME for COURSE on DATE * * compile with: * gcc -o hello hello.c * * execute with: * ./hello */ #include int main() { printf("Hello, World!\n"); // Output message to STDOUT return(0); } =====Execution===== Again, if there is associated code with the project, and you haven't already indicated how to run it, provide a sample run of your code: lab46:~/src/cprog$ ./hello Hello, World! lab46:~/src/cprog$ =====Reflection===== Comments/thoughts generated through performing the project, observations made, analysis rendered, conclusions wrought. What did you learn from doing this project? =====References===== In performing this project, the following resources were referenced: * **Google**: Of course Google was used, it knows everything. No particular page from Google was used, It was mainly used for information about the project (Linked Lists in general): http://www.google.com/; If ya don't know, now ya know, and knowing is half the battle. * **Wikipedia**: Has a great article on Linked Lists; Tons of information, pretty pictures, and some code: http://en.wikipedia.org/wiki/Linked_list. [[http://lab46.corning-cc.edu/user/nbrimme1/portfolio|Back to my Portfolio]]\\ [[http://lab46.corning-cc.edu/opus/fall2013/nbrimme1/start|Back to my Opus]]