Trien Khai Openvpn Tren Ubuntu Server

Nghin cu v trin khai OpenVPN trn ubuntu cho doanh nghip
TRNG CAO NG CNG NGH THNG TIN

HU NGH VIT-HN
KHOA KHOA HC MY TNH

N CHUYN
NGNH MNG MY TNH
TI
NGHIN CU V TRIN KHAI OPENVPN
TRN UBUNTU CHO DOANH NGHIP
SVTH: L Long Bo
Lp : MM03A
Nin kha : 2009 2012
CBHD : Thc s ng Quang Hin
Nng, thng 3 nm 2012

Sinh vin: L Long Bo Lp: MM03A 0
LI CM N
hon thnh n chuyn ny, li u tin em xin chn thnh cm n cc

thy gio, c gio Khoa Khoa hc my tnh, nhng ngi dy d, trang b cho em
nhng kin thc b ch trong nm hc va qua.
Em xin by t lng bit n su sc nht ti thy ng Quang Hin, ngi tn
tnh hng dn em trong sut qu trnh lm n
Mt ln na em xin chn thnh cm n s gip ca cc thy c
nng, ngy 15 thng 3 nm 2012

MC LC
LI CM N..................................................................................................................... 1
MC LC.......................................................................................................................... 2
DANH MC T VIT TT..............................................................................................4
DANH MC HNH V......................................................................................................5
LI M U....................................................................................................................6
CHNG 1 : TNG QUAN V PHN MM NGUN M...........................................7
1.1. GII THIU PHN MM M NGUN M V H IU HNH LINUX. . .7
1.1.1. Khi nim phn mm m ngun m.............................................................7
1.1.2. Gii thiu h iu hnh Linux.......................................................................9
1.1.3. Phn loi phn mm ngun m...................................................................13
1.1.4. Phn bit phn mm ngun m vi mt s phn mm khc.......................14
CHNG 2 : CNG NGH VPN V CC GIAO THC H TR.............................15
2.1. TNG QUAN V CNG NGH VPN.............................................................15
2.1.1. Gii thiu v cng ngh VPN.....................................................................15
2.1.2. nh ngha VPN..........................................................................................15
2.1.3. Li ch ca VPN.........................................................................................17
2.1.4. Cc thnh phn cn thit to kt ni VPN..............................................19
2.2. CC GIAO THC VPN....................................................................................19
2.2.1. L2TP...........................................................................................................19
2.2.2. GRE............................................................................................................20
2.2.3. IPSec...........................................................................................................21
2.2.4. PPTP (Point to Point Tunneling Protocol)...................................................21
2.3. KT NI VPN...................................................................................................22
2.3.1. Cc dng kt ni VPN.................................................................................22
2.3.2. Thit lp mt kt ni VPN..........................................................................27
CHNG 3: M HNH H THNG V TRIN KHAI OPENVPN TRN UBUNTU
SERVER........................................................................................................................... 29
3.1. M HNH H THNG.....................................................................................29
3.2. CI T V CU HNH OPENVPN..............................................................29
3.2.1. Ci t OpenVPN trn Ubuntu Server........................................................30

3.2.2. Cu hnh cc chc nng OpenVPN trn Ubuntu Server..............................30
3.3. KIM TRA V QUAY KT NI......................................................................37
3.3.1. Quay kt ni ti my VPN Client................................................................37
3.3.2. Kim tra ly th mc t Client ti Server...................................................38
KT LUN......................................................................................................................39
TI LIU THAM KHO.................................................................................................40
KIN GING VIN HNG DN............................................................................41

DANH MC T VIT TT
T vit tt ngha
VPN Virtual Private Network
GNU General Public License
FSF Free Software Foundation
GCC GNU C Compiler
PMMNM Phn mm m ngun m
GPL General Public License
DLL Dynamic Link Library
WAN Wire Area Network
L2F Layer 2 Forwarding
L2TP Layer 2 Tunneling Protocol
PPTP Point-to-Point Tunneling Protocol
GRE Generic Routing Encapsulation
DANH MC HNH V
Hnh 2.1. Minh ha m hnh kt ni VPN........................................................................16

Hnh 2.2. Giao thc L2TP.................................................................................................21
Hnh 2.3. IPSec................................................................................................................. 22
Hnh 2.4. Giao thc PPTP.................................................................................................22
Hnh 2.5. Remote Access VPN.........................................................................................23
Hnh 2.6. Site to Site VPN................................................................................................25
Hnh 2.7. Intranet VPNs....................................................................................................26
Hnh 2.8. Extranet VPNs..................................................................................................27
Hnh 2.9. Thit lp mt kt ni Client to Server...............................................................28
Hnh 3.1. M hnh h thng..............................................................................................29
Hnh 3.2. Kim tra cu hnh IP.........................................................................................30
Hnh 3.3. Ci t OpenVPN trn Ubuntu Server..............................................................30
Hnh 3.4. Copy file cu hnh mu vo th mc openvpn..................................................31
Hnh 3.5. Chnh thng tin trong file vars..........................................................................31
Hnh 3.6. Build CA...........................................................................................................32
Hnh 3.7. To v add user................................................................................................32
Hnh 3.8. To key chng thc cho server.........................................................................33
Hnh 3.9. To key cho cc user.........................................................................................33
Hnh 3.10. Cu hnh cc thng tin trong file server.conf...................................................34
Hnh 3.11. Chnh ng dn cha file chng thc...........................................................34
Hnh 3.12. Thm cc route v min mng cn kt ni......................................................35
Hnh 3.13. Thc hin bm cc key m ha..................................................................35
Hnh 3.14. Cu hnh file sysctl.conf v chnh ip forward gi tin..................................36
Hnh 3.15. y IP ca VPN vo cho cc user n t cp pht khi kt ni.....................36
Hnh 3.16. Cu hnh iptables cho php forward cc gi tin t VPNClient ti Server...36
Hnh 3.17. Quay kt ni thnh cng ti my VPN Client.................................................37
Hnh 3.18. Cc route c add vo thnh cng............................................................37
Hnh 3.19. Trng thi ca chng trnh hot ng............................................................38
Hnh 3.20. Truy cp th mc mng ni b thnh cng.....................................................38

LI M U
Hin nay, Internet pht trin mnh m c v mt m hnh ln t chc, p ng

kh y cc nhu cu ca ngi s dng. Internet c thit k kt ni nhiu
mng vi nhau v cho php thng tin chuyn n ngi s dng mt cch t do v nhanh
chng. lm c iu ny ngi ta s dng mt h thng cc thit b nh tuyn kt
ni cc LAN v WAN vi nhau. Cc my tnh c kt ni vo Internet thng qua cc
nh cung cp dch v ISP. Vi Internet, nhng dch v nh o to t xa, mua hng trc
tuyn, t vn cc lnh vc v rt nhiu iu khc tr thnh hin thc. Tuy nhin do
Internet c phm vi ton cu v khng mt t chc, chnh ph c th no qun l nn rt
kh khn trong vic bo mt v an ton d liu, cng nh vic qun l dch v.
Cc doanh nghip c chui chi nhnh, ca hng ngy cng tr nn ph bin.
Khng nhng vy, nhiu doanh nghip cn trin khai i ng bn hng n tn ngi
dng. Do , kim sot, qun l, tn dng tt ngun ti nguyn, nhiu doanh nghip
trin khai gii php phn mm qun l ngun ti nguyn c kh nng h tr truy cp, truy
xut thng tin t xa. Tuy nhin, vic truy xut c s d liu t xa lun i hi cao v vn
an ton, bo mt.
gii quyt vn trn, nhiu doanh nghip chn gii php m hnh mng
ring o VPN (Virtual Private Network). Vi m hnh mi ny, ngi ta khng phi u
t thm nhiu v c s h tng m cc tnh nng nh bo mt v tin cy vn c bo
m, ng thi c th qun l ring s hot ng ca mng ny. VPN cho php ngi s
dng lm vic ti nh ring, trn ng i, hoc cc vn phng chi nhnh c th kt ni
an ton ti my ch ca t chc mnh bng c s h tng c cung cp bi mng cng
cng. Nhng thng thng, trin khai phn mm VPN v phn cng tn nhiu thi gian
v chi ph, do OpenVPN l mt gii php m ngun m VPN hon ton min ph.
Ni dung n c trnh by trong 3 chng
Chng 1 : Tng quan v phn mm ngun m
Chng 2 : Cng ngh VPN v cc giao thc h tr
Chng 3 : M hnh h thng v trin khai OpenVPN trn Ubuntu Server
Tip theo l phn kt lun v cui cng l ti liu tham kho.

CHNG 1 : TNG QUAN V PHN MM NGUN M
1.1. GII THIU PHN MM M NGUN M V H IU HNH LINUX

1.1.1. Khi nim phn mm m ngun m
1.1.1.1. Lch s pht trin phn mm m ngun m
Vic s dng h iu hnh UNIX v cc cng c h tr i km khin cho cc
nh pht trin phn mm cm thy bn quyn hn ch s sng to ca h. Nm 1983, d
n GNU ra i, do Richard Stallman sng lp. D n ny pht trin thnh T chc phn
mm t do FSF (Free Software Foundation). T chc ny tp hp cc nh pht trin
thng xuyn s dng UNIX, hng ti mc tiu l pht trin cc cng c tng t nh
ca UNIX nhng hon ton t do v m ngun m. GCC (GNU C Compiler) l sn phm
u tin, cho php pht trin cc sn phm khc, vi l chng trnh son tho thng dng,
v cc sn phm khc
Nm 1988 cc n lc ng h PMMNM (Phn mm m ngun m) hnh thnh
OSI (Open Source Initiative). OSI n lc to ra cc khung php l, cung cp cc thng
tin cn thit cho ngi s dng, cc nh pht trin, cc cng ty dch v c th pht trin,
khai thc, cung cp dch v, kinh doanh PMMNM
Mc d c mt qu trnh pht trin kh lu di, tuy nhin trn thc t phi n nm
2008 mi c nhng quy nh cht ch ca php lut, mt s nc bo h PMMNM. V d
khi bn vi phm bn quyn ca phn mm, tt c cc quyn c gn trong bn quyn lp
tc tr thnh v hiu. Quy nh ny khng tc ng nhiu n phn mm s hu, nhng
vi PMMNM, khi cc quyn tr thnh v hiu hu nh chc chn ngi s dng s vi
phm cc s hu tr tu.
1.1.1.2. nh ngha phn mm ngun m
hiu c phn mm m ngun m l g, u tin chng ta phi hiu phn mm
l g, m ngun m l g, v phn mm m ngun m l g.
Phn mm hiu theo ngha en l mt tp hp cc cu lnh, c vit bng mt
hoc nhiu ngn ng lp trnh theo mt trt t xc nh, nhm t ng thc hin mt s
chc nng hoc gii quyt mt bi ton no . Hiu theo ngha bng th phn mm l

mt sn phm c bit, c trng cho ngnh Cng ngh thng tin v Cng ngh phn
mm.
M ngun m, tn ting anh l Open Source, l thut ng ch cc phn mm cng
khai m ngun. Ngi dng khng phi tr mt khon chi ph no, hn th na h c
quyn xem, sa i v ci tin, nng cp theo mt s nguyn tc chung quy nh trong
giy php phn mm ngun m GPL (General Public License). ng t ca m ngun m
l Richard Stallman, ngi xy dng d n GNU, v cho ra giy php m ngun m
GPL, hai nn tng then cht cho s pht trin ca m ngun m.
T hai nh ngha trn ta c th hiu c, phn mm ngun m l g. Phn mm
ngun m l phn mm c cung cp di dng m v ngun, khng ch min ph v
gi mua m ch yu l min ph v bn quyn. Ngi dng c quyn sa i, ci tin,
pht trin, nng cp theo mt s nguyn tc chung quy nh trong giy php Phn mm
ngun m (v d nh GPL General Public License) m khng cn xin php ai, iu m
h khng c php lm vi phn mm ngun ng (tc l phn mm thng mi).
1.1.1.3. Cc thao tc trn phn mm m ngun m
Trn phn mm, c th thc hin cc thao tc:
Sn xut phn mm: Nghin cu nhu cu ca ngi s dng, thit k, coding,
compiling v releasing
Ci t phn mm: c th s dng, phn mm cn c ci t. Ci t l
thao tc ghi cc m cn thit cho vic thc hin mi trng vo b nh thch hp
ngi s dng c th s dng
S dng phn mm: Ci t v s dng phn mm trn my tnh. My tnh ny
c th l my tnh c nhn, my ch, my tnh cng cng,Ty theo tng bi cnh vic
s dng phn mm c th c cc rng buc khc nhau (ci trn mt my, ci trn nhiu
my, ci trn nhiu CPU,). Cc phn mm c bn quyn thng bo v vic s dng
phn mm bng serial key, active code v c nhng trng hp bng kha vt l.
Thay i phn mm: Trong qu trnh s dng c th xut hin nhu cu thay i.
Vic thay i ny c th c tin hnh bi nh tc gi sn xut phn mm, hoc c th
do mt ngi khc. thay i tnh nng phn mm cn c m ngun ca phn mm.
Nu khng c m ngun c th dch ngc thu m ngun t m thc hin. M ngun

phn mm c th c phn phi theo nhiu knh khc nhau (mng, lu tr, truyn tay,
ly nhim).
Cc thao tc khc: Phn tch ngc m ngun, phn tch giao din, m phng,
thc hin lun phin,Phn mm c qun l bi cc quy tc v bn quyn v s hu
tr tu, cho php thc hin hoc khng thc hin cc thao tc ni trn trong cc iu kin
khc nhau.
Bn quyn phn mm: L ti liu quy nh vic thc hin cc thao tc trn phn
mm. C th c cc bn quyn phn mm s hu, bn quyn cho phn mm min ph /
phn mm chia s, bn quyn cho phn mm t do v m ngun m.
1.1.2. Gii thiu h iu hnh Linux

1.1.2.1. Lch s Linux
Linux l h iu hnh m phng Unix, c xy dng trn phn nhn (kernel), v
gi phn mm m ngun m. Linux c cng b di bn quyn ca GPL (General
Public License).
Unix ra i gia nhng nm 1960, ban u c pht trin bi AT&T, sau c
ng k thng mi v pht trin theo nhiu dng di ci tn khc nhau. Nm 1990 xu
hng pht trin phn mm ngun m xut hin v c thc y bi t chc GNU. Mt
s license v m ngun m ra i v d BSD, GPL. Nm 1991, Linus Torval vit thm
phin bn nhn v0.01 (kernel) u tin ca Linux a ln cc BBS, nhm ngi dng
mi ngi cng s dng v pht trin. Nm 1996, nhn v1.0 chnh thc cng b v ngy
cng nhn c s quan tm ca ngi dng. Nm 1999, phin bn nhn v2.2 mang
nhiu c tnh u vit v gip cho Linux bt u tr thnh i th cnh tranh ng k ca
MSWindows trn mi trng Server. Nm 2000 phin bn nhn v2.4 h tr nhiu thit b
mi (a x l ti 32 chip, USB, RAM trn 2GB) bt u t chn vo th trng my
ch cao cp. Qu trnh pht trin Linux nh sau:
- Nm 1991: 100 ngi dng.
- Nm 1997: 7.000.000 ngi dng.

- Nm 2000: hng trm triu ngi dng, hn 15.000 ngi tham gia
pht trin Linux. Hng nm th trng cho Linux tng trng trn
100%.
Cc phin bn Linux l sn phm ng gi kernel v cc gi phn mm min ph
khc. Cc phin bn ny c cng b di license GPL. Mt s phin bn ni bt l:
Redhat, Caldera, Suse, Debian, TurboLinux, Mandrake.
Ging nh Unix, Linux gm 3 thnh phn chnh: kernel, shell v cu trc file.
Kernel l chng trnh nhn, chy cc chng trnh v qun l cc thit b phn
cng nh a v my in
Shell (mi trng) cung cp giao din cho ngi s dng, cn c m t nh mt
b bin dch. Shell nhn cc cu lnh t ngi s dng, v gi cc cu lnh cho nhn
thc hin. Nhiu shell c pht trin, linux cung cp mt s shell nh: desktops,
windows manager, v mi trng dng lnh. Hin nay ch yu tn ti 3 shell: Bourne,
Korn v C Shell. Bourne c pht trin ti phng th nghim, Bell v C Shell c
pht trin cho phin bn BSD ca Unix, Korn shell l phin bn ci tin ca Bourne
Shell. Nhng phin bn hin nay ca Unix, bao gm c Linux, tch hp c 3 shell trn.
Cu trc file quy nh cch lu tr file trn a. File c nhm trong cc th mc.
Mi th mc c th cha file v cc th mc con khc. Mt s th mc l cc th mc
chun do h thng s dng. Ngi dng c th to cc file/ th mc ca ring mnh
cng nh dch chuyn cc file gia cc th mc . Hn na, vi Linux ngi dng c
th thit lp quyn truy nhp file/ th mc, cho php hay hn ch mt ngi dng hoc
mt nhm truy cp file. Cc th mc trong Linux c t chc theo cu trc cy, bt
u bng th mc gc (root). Cc th mc khc c phn nhnh t th mc ny
Kernel, shell v cu trc file cu thnh nn cu trc h iu hnh. Vi nhng thnh
phn trn ngi dng c th chy chng trnh, qun l file, v tng tc vi h thng.
1.1.2.2. Giao tip trn mi trng Linux
Terminal: Khi nim Terminal xut hin t xa xa khi cc h thng my tnh rt
ln, ngi s dng khng tng tc trc tip vi h thng m thng qua cc Terminal
xa. Cc h thng Terminal ny gm mn hnh v bn phm, ngy nay do kch thc b
i nn cc Terminal ny chnh l my tnh ca ngi s dng.

Console: Ngoi ra h thng Linux ni chung hay cc my ch dch v ca cc h

iu hnh khc ni ring u cung cp cho ngi qun tr mt giao din Terminal c
bit gi l Console. Trc kia console tn ti di dng mt cng giao tip ring bit,
cn ngy nay di dng mt Console o cho php m cng lc nhiu phin lm vic
trn mt my tnh.
Trnh son tho vi: Chng trnh vi l mt chng trnh son tho mnh m gn
nh chc chn c tm thy trn tt c cc h iu hnh h Linux, bi kch thc v
kh nng ca vi khng i hi nhiu ti nguyn, thm vo l chc nng son tho c
bn, vi c th tm kim, thay th, kt ni cc file v n c ngn ng macro ca chnh n,
cng nh c im b sung. C hai ch trong vi:
- ch th nht l ch input: Trong ch ny, vn bn c
a vo trong ti liu, bn c th chn v b sung vn bn.
- ch th hai l ch dng lnh: Khi ch ny, bn c th
dch chuyn trn ti liu, trn cc dng, tm kimBn c th thc
hin tt c cc chc nng ca vi t ch dng lnh, ngoi tr vic
nhp vn bn
Tin ch MC (Midnight Commander): Trong thi k ca DOS trc Windows, vic
nh hng cc tp tin thng qua h thng menu v cc chng trnh qun l bt u
pht trin mnh, cho d chng ch da trn ch text. Linux cng c mt chng trnh
tin ch vi chc nng tng t nh vy gi l Midnight Commander. Bn khng phi
mt cng tm kim MC, phn ln cc nh phn phi Linux u cung cp km theo HH
v n c ci trong /usr/bin/mc. Chng trnh chy hai ch textmode v ha.
MC c mt s tnh nng m DOS khng c. Bn c th thay i quyn s hu tp tin v
xem chi tit v quyn truy cp tp tin. MC cn c kh nng qun l quy trnh, cho php
bn xem nhng qu trnh ang c thc hin ch nn, v bn c th dng chng,
khi ng li hoc tt chng hon ton
1.1.2.3. Gii thiu h thng tp tin v th mc
Cc h thng my tnh s dng thit b lu tr ngoi lu tr thng tin mt cch
bn vng. Cc thit b lu tr qun l khng gian b nh ngoi theo tng khi d liu.
Gia cc khi d liu ch lin quan v mt vt l, khng c lin quan g v mt ng ngha.

c th s dng cc khi d liu ny mt cch thun tin, cc khi d liu c chung

ng ngha, c chung mc ch s dng, c gp li vi nhau v c qun l bi mt
khi d liu iu khin. Cc khi d liu gp li nh vy gi l mt tp (file). Khi ngi
s dng c nhiu tp, c th qun l cc tp d dng hn, cc tp c gp li vi
nhau theo yu cu ca ngi s dng, b sung thm mt tp cha danh mc v v tr ca
cc tp c gp. Tp cha danh mc ny c gi l tp th mc. V phn mnh, tp th
mc cng c th c gp vo vi cc tp, khc to thnh th mc. Vi cch nhm tp
nh vy, trong h thng s c 2 loi tp c bn:
- Tp thng thng ch cha d liu.
- Tp th mc ch cha danh mc cc tp v cc th mc con nm
trong th mc .
Cc tp v cc th mc kt hp vi nhau to ra mt hoc nhiu cy th mc, trong
c cc tp thng thng l cc nt l. Nt gc ca cc cy l cc im c nh t
c th truy cp c nt l trong cy. di HH Linux, cc tp v th mc to
thnh mt cy duy nht c th mc gc k hiu l / - (th mc gc). Cc th mc con
thng gp ca th mc gc l cc th mc:
- /bin: th mc tp chng trnh c bn
- /boot: th mc cha ht nhn ca HH
- /etc: th mc cha tp cu hnh
- /dev: th mc cc tp thit b
- /home: th mc cha d liu ngi s dng
- /lib: th vin h thng
- /usr: th muc ng dng
- /var: th mc d liu cp nht.
- /proc: th mc cha cc d liu ca nhn h iu hnh v BIOS
Cc tp th mc lu tr cc th mc con v tp. Cc th mc con v tp u c
t tn. Ging nh trong HH Windows, Linux cho php tn tp c th di n 255 k t,
c th bao gm cc k t t bit.
truy cp c vo cc th mc v tp, xut pht t cc nt gc truy cp vo cc
th mc con cho n khi n c tp cn thit. Tp hp tn ca cc th mc con t nt

gc n tp cn truy cp, phn cch cc tn bng du /, gi l ng dn tuyt i n

tp. Trong mi trng hp, lun lun c th dng ng dn tuyt i tham chiu ti
tp.
Khi ngi s dng truy cp vo h thng hoc khi cc chng trnh ang thc hin,
mt th mc c s dng tham chiu ti tt c cc tp v th mc khc trong h
thng. Vi ngi s dng thng l th mc /home. Vi chng trnh, thng l
th mc gi cu lnh thc hin, th mc ny c gi l th mc lm vic hin ti.
Trong mt th mc lun lun c 2 th mc t bit: ./ biu din th mc hin ti
v ../ biu din th mc cha ca th mc hin ti.
Trong nhiu trng hp, s hiu qu hn nu truy cp vo mt tp thng qua ng
i trong cy t th mc hin ti n tp cn truy cp bng cch s dng ./ v ../. Mt
ng dn nh vy s ph thuc vo th mc lm vic hin ti, c gi l ng dn
tng i.
1.1.3. Phn loi phn mm ngun m

1.1.3.1. Theo phng thc hot ng
Phn mm h thng: dng vn hnh my tnh v cc phn cng my tnh, v d
nh cc h iu hnh my tnh Windows XP, Linux, Unix, cc th vin ng DLL
(Dynamic Link Library) ca h iu hnh, cc trnh iu khin (driver), phn sn
firmware v BIOS.
Phn mm ng dng: ngi dng c th hon thnh mt hay nhiu cng vic
no , v d nh phn mm vn phng, phn mm doanh nghip, phn mm qun l
ngun nhn lc
Phn mm chuyn dch m bao gm trnh bin dch v thng dch: cc loi chng
trnh ny s c cc cu lnh t cc m ngun c vit bi lp trnh vin bng mt ngn
ng lp trnh v dch n sang ngn ng my m my tnh c th hiu c.
1.1.3.2. Theo kh nng ng dng
Nhng phn mm khng ph thuc, n c th c bn cho bt k khch hng
no trn th trng t do. V d phn mm v c s d liu Oracle, PhotoshopNhng

phn mm c vit theo n t hng hay hp ng ca mt khch hng c th no

(mt cng ty, bnh vin, trng hc)
1.1.3.3. Theo iu kin s dng
Phn mm m ngun m, FreeWare,ShareWare
1.1.3.4. Theo hiu qu x hi
Phn mm c hi, Phn mm gio dc
1.1.3.5. Theo kch thc
Phn mm khng l, phn mm mini
1.1.4. Phn bit phn mm ngun m vi mt s phn mm khc

1.1.4.1. Phn mm s hu
L phn mm c bn quyn rng buc cht ch cc thao tc trn phn mm, m
bo quyn li ca ngi lm ra phn mm. Copy Right (bn quyn) l thut ng ch
quyn qun l i vi phn mm, cho php / khng cho php thc hin cc thao tc trn
phn mm. Vi cc phn mm s hu, thng thng bn quyn c cc rng buc cht ch
m bo quyn li ca ngi lm ra phn mm. Do , bn quyn ca cc phn mm ch
s hu thng rt cht ch v quyn phn phi v qun l, hn ch quyn thay i v ci
tin v hu nh khng cho php vic phn tch ngc m. V d: MS Office, Photoshop
1.1.4.2. Phn mm min ph
L phn mm khng mt ph s dng nhng khng nht thit l m ngun m.
Phn mm s c phn phi km theo tt c cc quyn, tr quyn qun l. Cc ch th
c th s dng hon ton t do phn mm, tr vic s dng quyn qun l p t hn
ch ln cc quyn cn li. Cc phn mm c phn phi theo cch thc ny c gi l
phn mm t do hay phn mm min ph. V d: Yahoo Messenger, Skype, IE,
1.1.4.3. Phn mm chia s
Phn mm cung cp min ph vi mt s hn ch chc nng hoc mc thun
tin. Ngi dng ch c y chc nng khi tr tin mua giy php.

CHNG 2 : CNG NGH VPN V CC GIAO THC H

TR
2.1. TNG QUAN V CNG NGH VPN

2.1.1. Gii thiu v cng ngh VPN
VPN l mt m hnh mng mi tn dng li nhng c s h tng hin c ca
Internet. Vi m hnh mng mi ny, ngi ta khng phi u t thm nhiu v c s h
tng m cc tnh nng nh bo mt, tin cy m bo, ng thi c th qun l ring
c s hot ng ca mng ny. VPN cho php ngi s dng lm vic ti nh, trn
ng i hay vn phng chi nhnh c kt ni an ton n my ch. Trong nhiu trng
hp VPN cng ging nh WAN (Wire Area Network), tuy nhin t tnh quyt nh ca
VPN l chng c th dng mng cng cng nh Internet m m bo tnh ring t v tit
kim hn nhiu.
2.1.2. nh ngha VPN
VPN c hiu n gin nh l s m rng ca mt mng ring (private network)
thng qua cc mng cng cng. V cn bn, mi VPN l mt mng ring l s dng mt
mng chung (thng l internet) kt ni cng cc site (cc mng ring l) hay nhiu
ngi dng t xa. Thay cho vic s dng bi mt kt ni thc, chuyn dng nh ng
lease line, mi VPN s dng cc kt ni o c dn ng qua Internet t mng ring
ca cng ty ti cc site hay cc nhn vin t xa. c th gi v nhn d liu thng qua
mng cng cng m vn m bo tnh an ton v bo mt, VPN cung cp c ch m ha
d liu trn ng truyn to ra mt ng ng bo mt gia ni nhn v ni gi
(Tunnel) ging nh mt kt ni point-to-point trn mng ring. c th to ra mt
ng ng bo mt , d liu phi c m ha hay che du i, ch cung cp phn u
gi d liu (header) l thng tin v ng i cho php n c th i n ch thng qua
mng cng cng mt cch nhanh chng. D liu c m ha mt cch cn thn do
nu cc packet b bt li trn ng truyn cng cng cng khng th c c ni dung
v khng c kha gii m. Lin kt vi d liu c m ha v ng gi c gi l
kt ni VPN. Cc ng kt ni VPN thng c gi l ng ng VPN (VPN Tunnel).

Hnh 2.1. Minh ha m hnh kt ni VPN
VPNs c th s dng mt hoc c hai k thut: dng cc knh thu bao ring ca
cc nh cung cp dch v (ci ny gi l mt Trusted VPN) hoc gi cc d liu c
m ha ln mng Internet (ci ny gi l Secure VPN). Dng mt Secure VPN qua mt
Trusted VPN th gi l Hybrid VPN. Kt hp c hai loi ca Secure VPN trong mt cng
vo, chng hn nh IPsec v SSL cng gi l Hybrid VPN.
Qua nhiu nm, cc Trusted VPN c s thay i t cc thu bao ring t cc i

l vin thng n cc thu bao IP ring t cc nh cung cp dch v Internet. Cng ngh
ch yu ca s vn hnh ca Trusted VPN vi mng a ch IP l cc knh ATM, mch
tip sng khung, v MPLS.
ATM v b tip sng khung hot ng ti tng lin kt d liu, l tng 2 trong m
hnh OSI (tng 1 l tng vt l, tng 3 l tng mng). MPLS m phng mt s thuc tnh
ca mng chuyn mch v mng chuyn gi. N hot ng cng mt tng, thng c
coi l tng 2,5 v n nm ngay gia tng lin kt v tng mng. MPLS bt u thay th
ATM v b tip sng khung thc thi Trusted VPN vi lng ln cc doanh nghip v
nh cung cp dch v.
Secure VPN c th dng IPsec trong vic m ho. IPsec nm trong giao thc L2TP
(Layer 2 Tunneling Protocol), trong thnh phn SSL (Secure Sockets Layer) 3.0 hay trong

TLS (Transport Layer Security) vi b m ho, L2F (Layer Two Forwarding) hay PPTP
(Point-to-Point Tunneling Protocol). Chng ta hy xem qua cc thnh phn chnh ny.
IPsec hay IP security l tiu chun cho s m ho cng nh cho thm nh cc

gi IP ti tng mng. IPsec c mt tp hp cc giao thc mt m vi 2 mc ch: an ninh
gi mng v thay i cc kho mt m. M s chuyn gia an ninh nh Bruce Schneier ca
Counterpane Internet Security, xem IPsec nh l mt giao thc cho VPNs t cui
nhng nm 1990. IPsec c h tr trong Windows XP, 2000, 2003 v Vista; trong Linux
2.6 v cc phin bn sau; trong Mac OS X, Net BDS, FreeBDS v OpenBDS, trong
Solari, AIX, v HP-UX, trong VxWorks. Nhiu cung cp dch v IPsec VPN server v
IPsec VPN client.
L2TP/IPsec kt hp ng dn o ca L2TP vi knh an ton ca IPsec. N cho

php thay i Internet Key Exchange d dng hn so vi thun IPsec . Microsoft cung
cp mt bn VPN client L2TP/IPsec min ph cho Windows 98, ME, v NT t nm 2002,
v gn mt VPN client L2TP/IPsec cho Windows XP, 2000, 2003 v Vista. Windows
server 2003 v Windows 2000 server c L2TP/IPsec server.
SSL v TLS l cc giao thc cho lung d liu an ton ti tng 4 ca m hnh OSI..
SSL 3.0 v TLS 1.0 l cc bn tha k c dng ph bin vi HTTP nhm cho php bo
v cc ng dn Web an ton, gi l HTTPS. Tuy nhin SSL/TLS cng c dng
to ra mt ng dn o tunnel VPN. V d: OpenVPN l mt gi VPN ngun m cho
Linux, xBSD, Mac OS X, Pocket PCs v Windows 2000, XP, 2003, v Vista. N dng
SSL cung cp m ho cho c d liu v knh iu khin. Mt vi hng cung cp
SSL VPN server v client.
2.1.3. Li ch ca VPN
Mt mng ring o c th xo b cc hng ro a l trong kinh doanh, cho php

cc nhn vin lm vic mt cch hiu qu ti nh v cho php mt doanh nghip kt ni
mt cch an ton ti cc i l ca h cng cc hng hp tc. Mt mng ring o thng
r hn v c hiu qu hn cc ng ring o.
Nhng mt khc, cch dng ca mt VPN c th ph by cc ri ro an ninh tim

n. Trong khi hu ht cc mng ring o ang c dng kh an ton th mt mng ring
o cng c th lm cho chnh n kh ph hoi hn bng cch bo v tham s ca mng

mt cch thch hp. Phn s ca ngi qun tr mng l p dng cc tiu chun an ninh
ging nhau trong vic kt ni cc my tnh ti mng thng qua VPN khi cc my tnh kt
ni trc tip vo mng LAN.
Kt hp ng thi cch dng ca c hai kiu VPNs c th thy c tim nng

mng ca cng ty ny vi cng ty khc. Thm vo , s dng phn mm iu khin t
xa nh PC Anywhere, GoToMyPC hay VNC kt hp vi mt VPN c th khai thc c
kh nng mng ca cng ty ti cc malware trong mt my trm xa khng kt ni VPN.
Bi Secure VPN s dng m ho, v v mt s hm mt m c dng kh l t

tin nn mt VPN c dng kh nng c th ti xung server ca n. c th ca ngi
qun tr l qun l vic ti server bng cch gii hn s kt ni ng thi bit server
no c th iu khin.
Khi s ngi c gng kt ni ti VPN t nhin tng vt n nh im, ph v ht

qu trnh truyn tin, cc nhn vin cng thy chnh h khng th kt ni c.V tt c
cc cng ca VPN u bn. iu chnh l ng c thc y ngi qun tr to ra cc
kho ng dng lm vic m khng i hi VPN. Chng hn thit lp dch v proxy hoc
dch v Internet Message Access Protocol cho php nhn vin truy cp e-mail t nh
hay trn ng.
VPN cung cp nhiu c tnh hn so vi nhng mng truyn thng v nhng mng
lease-line. Nhng li ch u tin bao gm:
Chi ph thp hn nhng mng ring: VPN c th gim chi ph khi truyn ti
20-40% so vi nhng mng thuc mng lease-line v gim vic chi ph truy cp t xa t
60-80%.
Tnh linh hot cho kh nng kinh t trn Internet. VPN vn c tnh linh
hot v c th leo thang nhng kin trc mng hn l mng c in, bng cch n c
th hot ng kinh doanh nhanh chng v chi ph mt cch hiu qu cho vic kt ni m
rng. Theo cch ny VPN c th d dng kt ni hoc ngt kt ni t xa ca nhng vn
phng, nhng v tr ngoi quc t, nhng ngi truyn thng, nhng ngi dng in

thoi di ng, nhng ngi hot ng kinh doanh bn ngoi nh nhng yu cu kinh
doanh i hi.
n gin ha nhng gnh nng.
Nhng cu trc mng ng, v th gim vic qun l nhng gnh nng. S
dng mt giao thc Internet backbone loi tr nhng PVC tch hp vi kt ni hng
nhng giao thc nh l Frame Relay v ATM
Tng tnh bo mt: cc d liu quan trng s c che giu i vi nhng
ngi khng c quyn truy cp v cho php truy cp i vi nhng ngi dng c quyn
truy cp.
H tr cc giao thc mng thng dng hin nay nh TCP/IP.
Bo mt a ch IP: bi v thng tin c gi i trn VPN c m ha
do cc a ch bn trong mng ring c che giu v ch s dng cc a ch bn
ngoi Internet.
2.1.4. Cc thnh phn cn thit to kt ni VPN
User Authentication: cung cp c ch chng thc ngi dng, ch cho php
ngi dng hp l kt ni v truy cp h thng VPN.
Address Management: cung cp a ch IP hp l cho ngi dng sau khi
gia nhp h thng VPN c th truy cp ti nguyn mng ni b.
Data Encryption: cung cp gii php m ha d liu trong qu trnh truyn
nhm m bo tnh ring t v ton vn d liu.
Key Management: cung cp gii php qun l cc kha dng cho qu trnh
m ha v gii m d liu.
2.2. CC GIAO THC VPN
2.2.1. L2TP
Trc khi xut hin chun L2TP (thng 8 nm 1999), Cisco s dng Layer 2
Forwarding (L2F) nh l giao thc chun to kt ni VPN. L2TP ra i sau vi nhng
tnh nng c tch hp t L2F.
L2TP l dng kt hp ca Cisco L2F v Microsoft Point-to-Point Tunneling
Protocol (PPTP). Microsoft h tr chun PPTP v L2TP trong cc phin bn WindownNT
v 2000
L2TP c s dng to kt ni c lp, a giao thc cho mng ring o quay s

(Virtual Private Dial-up Network). L2TP cho php ngi dng c th kt ni thng qua
cc chnh sch bo mt ca cng ty (security policies) to VPN hay VPDN nh l s
m rng ca mng ni b cng ty.
L2TP khng cung cp m ha
Hnh 2.2. Giao thc L2TP

L2TP l s kt hp ca PPP (giao thc Point-to-Point) vi giao thc L2F (Layer 2
Forwarding) ca Cisco do rt hiu qu trong kt ni mng dial, ADSL v cc mng
truy cp t xa khc. Giao thc m rng ny s dng PPP cho php truy cp VPN bi
nhng ngi s dng t xa.
2.2.2. GRE
y l a giao thc truyn thng ng gi IP, CLNP v tt c cc gi d liu bn
trong ng ng IP (IP Tunnel).
Vi GRE Tunnel, Cisco router s ng gi cho mi v tr mt giao thc c trng
ch nh trong gi IP header, to mt ng kt ni o (virtual point-to-point) ti Cisco
router cn n. V khi gi d liu n ch IP header s c m ra.
Bng vic kt ni nhiu mng con vi giao thc khc nhau trong mi trng c
mt giao thc chnh. GRE Tunneling cho php cc giao thc khc c th thun li trong
vic nh tuyn cho gi IP

2.2.3. IPSec
IPSec l s la chn cho vic bo mt trn VPN. IPSec l mt khung bao gm bo
mt d liu (data confidentiality), tnh ton vn ca d liu v vic chng thc d liu.
IPSec cung cp dch v bo mt ng dng KDE cho php tha thun cc giao thc
v thut ton trn nn chnh sch cc b (group policy) v sinh ra cc kha bo mt m
ha v chng thc c s dng trong IPSec
Hnh 2.3. IPSec

2.2.4. PPTP (Point to Point Tunneling Protocol)
c s dng trn cc my client chy h iu hnh Microsoft for NT4.0 v
Windows 95+. Giao thc ny c s dng m ha d liu lu thng trn mng LAN.
Ging nh giao thc NETBEUI v IPX trong mt packet gi ln Internet. PPTP da trn
chun RSA RC4 v h tr bi s m ha 40-bit hoc 128-bit

Hnh 2.4. Giao thc PPTP

2.3. KT NI VPN
2.3.1. Cc dng kt ni VPN
2.3.1.1. Remote Access VPNs
Remote Access VPNs cho php truy cp bt c lc no bng Remote, mobile v
cc thit b truyn thng ca nhn vin cc chi nhnh kt ni n ti nguyn mng ca t
chc.
Remote Access VPNs m t vic cc ngi dng xa s dng cc phn mm VPN
truy cp vo mng Intranet ca cng ty thng qua gateway hoc VPN concertrator (bn
cht l mt server). V l do ny, gii php ny thng c gi l client/server. Trong
gii php ny, cc ngi dng thng thng s dng cc cng ngh WAN truyn thng
to li cc tunnel v mng HO (Home Office) ca h.
Mt hng pht trin kh mi trong remote access VPN l dng wireless VPN,
trong mt nhn vin c th truy cp v mng ca h thng qua kt ni khng dy.
Trong thit k ny, cc kt ni khng dy cn phi kt ni v mt trm wireless (wireless
terminal) v sau v mng ca cng ty. Trong c hai trng hp, phn mm client trn
my PC u cho php khi to cc kt ni bo mt, cn c gi l tunnel.
Mt phn quan trng ca thit k ny l vic thit k qu trnh xc thc ban u
nhm m bo l yu cu c xut pht t mt ngun tin cy. Thng th giai on
ban u ny da trn cng mt chnh sch v bo mt ca cng ty. Chnh sch bao gm:
qui trnh (procedure), k thut, server, Terminal Access Controller,
Bng vic trin khai Remote Access VPNs, nhng ngi dng t xa hoc cc chi
nhnh vn phng ch cn ci t mt kt ni cc b n nh cung cp dch v ISP hoc
ISPs POP v kt ni n ti nguyn thng qua Internet.

Hnh 2.5. Remote Access VPN

Nh hnh trn bn c th suy ra, thun li chnh ca Remote Access VPNs:
- S cn thit ca RAS v vic kt hp vi modem c loi tr.
- S cn thit h tr cho ngi dng c nhn c loi tr bi v kt
ni t xa c to iu kin thun li bi ISP
- Vic quay s t nhng khong cch xa c loi tr, thay vo ,
nhng kt ni vi khong cch xa s c thay th bi cc kt ni
cc b.
- Gim gi thnh chi ph cho cc kt ni vi khong cch xa
- Do y l mt kt ni mang tnh cc b, do vy tc kt ni s
cao hn so vi kt ni trc tip n nhng khong cch xa
- VPNs cung cp kh nng truy cp n trung tm tt hn bi v n
h tr dch v truy cp mc ti thiu nht cho d c s tng
nhanh chng cc kt ni ng thi n mng
Ngoi nhng thun li trn, th VPN cng c nhng im bt li nh:
- Remote Access VPNs cng khng bo m c cht lng phc
v

- Kh nng mt d liu l rt cao, thm na l cc phn on ca gi

d liu c th i ra ngoi v b tht thot
- Do phc tp ca thut ton m ha, protocol overhead tng ng
k, iu ny gy kh khn cho qu trnh xc nhn. Thm vo
vic nn d liu IP v PPP-based din ra v cng chm chp v ti
t
- Do phi truyn d liu thng qua Internet, nn khi trao i cc d
liu ln nh cc gi d liu truyn thng, phim nh, m thanh s rt
chm.
2.3.1.2. Site-to-Site (Lan-to-Lan)
Site-to-site VPN c p dng ci t mng t mt v tr ny kt ni ti mng
ca mt v tr khc thng qua VPN. Trong hon cnh ny th vic chng thc ban u
gia cc thit b mng c giao cho ngi s dng. Ni m c mt kt ni VPN c
thit lp gia chng. Khi cc thit b ny ng vai tr nh l mt gateway, v m bo
rng vic lu thng c d tnh trc cho cc site khc. Cc router v Firewall tng
thch vi VPN, v cc b tp trung VPN chuyn dng u cung cp chc nng ny.
Hnh 2.6. Site to Site VPN

Lan-to-Lan c th c xem nh l intranet VPN hoc extranet VPN. Nu chng
ta xem xt di gc chng thc n c th c xem nh l mt intranet VPN, ngc

li chng c xem nh l mt extranet VPN. Tnh cht ch trong vic truy cp gia cc
site c th c iu khin bi c hai (intranet v extranet VPN) theo cc site tng ng
ca chng. Gii php Site to Site VPN khng phi l mt remote access VPN nhng n
c thm vo y l v tnh cht hon thin ca n
S phn bit gia remote access VPN v Lan to Lan ch n thun mang tnh cht
tng trng v xa hn l n c cung cp cho mc ch tho lun. V d nh l cc thit
b VPN da trn phn cng mi, y phn loi c, chng ta phi p dng c hai
cch, bi v hardware-based client c th xut hin nu mt thit b ang truy cp vo
mng. Mc d mt mng c th c nhiu thit b VPN ang vn hnh.
Lan to Lan VPN l s kt ni hai mng ring l thng qua mt ng hm bo
mt, ng hm bo mt ny c th s dng cc giao thc PPTP, L2TP, hoc IPSec, mc
ch ca Lan to Lan l kt ni hai mng khng c ng ni li vi nhau, khng c vic
tha hip tch hp, chng thc, s cn mt ca d liu, bn c th thit lp mt Lan to
Lan VPN thng qua s kt hp ca cc thit b VPN Concentrators, Routers, v Firewalls.
Kt ni Lan to Lan c thit k to mt kt ni mng trc tip, hiu qu bt
chp khong cch vt l gia chng. C th kt ni ny lun chuyn thng qua internet
hoc mt mng khng c tin cy. Bn phi m bo vn n bo mt bng cch s
dng s m ha d liu trn tt c cc gi d liu ang lun chuyn gia cc mng .
Intranet VPNs: c s dng kt ni n cc chi nhnh vn phng ca t chc
n Backbone Router s dng campus router. Theo nh m hnh bn di s rt tn chi
ph do phi s dng 2 router
thit lp mng, thm vo , vic
trin khai, bo tr, qun l mng
Intranet Backbone s rt tn
km cn ty thuc vo lu lng
lu thng.

Hnh 2.7. Intranet VPNs

gii quyt vn trn, s tn km ca WAN backbone c thay th bi cc kt
ni Internet vi chi ph thp. Vi m hnh nh vy hiu qu chi ph hn, do gim s lng
router c s dng theo m hnh WAN backbone. Gim thiu ng k s lng h tr
yu cu ngi dng c nhn qua ton cu, cc trm mt s remote site khc nhau. Kt
ni nhanh hn, tt hn.
Extranet VPNs: Khng ging nh Intranet v Remote Access-based, Extranet khng
hon ton cch li t bn ngoi, Extranet cho php truy cp nhng ti nguyn mng cn
thit ca cc i tc kinh doanh, chng hn nh khch hng, nh cung cp, i tc nhng
ngi gi vai tr quan trng trong t chc.
Do hot ng trn mi trng Internet, bn c th la chn nh phn phi khi la
chn v a ra phng php gii quyt ty theo nhu cu ca t chc. Bi v mt phn
Internet Connectivity c bo tr bi nh cung cp ISP nn cng gim chi ph bo tr
khi thu nhn vin bo tr. D dng trin khai, qun l v chnh sa thng tin.

-
Hnh 2.8. Extranet VPNs
2.3.2. Thit lp mt kt ni VPN
Hnh 2.9. Thit lp mt kt ni Client to Server

My VPN cn kt ni (VPN Client) to kt ni VPN ti my ch cung cp dch v

VPN (VPN Server) thng qua kt ni Internet.
My ch cung cp dch v VPN tr li kt ni ti
My ch cung cp dch v VPN chng thc cho kt ni v cp php cho kt ni
Bt u trao i d liu gia my cn kt ni VPN v mng cng ty

CHNG 3: M HNH H THNG V TRIN KHAI

OPENVPN TRN UBUNTU SERVER
3.1. M HNH H THNG
Hnh 3.1. M hnh h thng
M hnh h thng gm 1 my OpenVPN Server Linux, h iu hnh Ubuntu

Server, mt my VPN Client, mt my Local Computer nm trong min mng ca doanh
nghip.
VPN Client: 192.168.1.15
OpenVPN Server: 172.16.2.2 - 192.168.1.20
Local Computer: 172.16.2.4
VPN Client s quay kt ni ti my OpenVPN Server v trao i d liu vi my
Local Computer nm trong min mng LAN ca doanh nghip.
Qu trnh quay kt ni s to ra mt ng hm vi cc IP ngun v ch c m
ha n du, v thay vo l IP ca OpenVPN : 10.8.0.0/24 vi giao thc m ha l
PPTP, v cc IP ny s c gn cho Server v VPNClient
3.2. CI T V CU HNH OPENVPN

3.2.1. Ci t OpenVPN trn Ubuntu Server
Hnh 3.2. Kim tra cu hnh IP
Hnh 3.3. Ci t OpenVPN trn Ubuntu Server

ci t phn mm chng ta dng lnh :
Sudo apt-get install openvpn
3.2.2. Cu hnh cc chc nng OpenVPN trn Ubuntu Server

Hnh 3.4. Copy file cu hnh mu vo th mc openvpn

Tin hnh copy cc file cu hnh mu t th mc
/usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz v th mc
/etc/openvpn.
Hnh 3.5. Chnh thng tin trong file vars

Chnh cc thng tin trong file vars nh sau:
KEY_COUNTRY: Nhp tn nc
KEY_CITY: Nhp tn thnh ph
KEY_ORG: Nhp tn t chc
KEY_EMAIL: Nhp email ca ngi qun tr
Sau thot v lu cc thng tin cu hnh trong file vars v load li bng lnh:
source ./vars

Tin hnh xy dng chng thc CA key
Hnh 3.6. Build CA

To cc user cc VPNClient ng nhp sau ny
Hnh 3.7. To v add user

To key chng thc cho ti khon qun tr ca server
Hnh 3.8. To key chng thc cho server

To key chng thc cho cc user va mi to trn, cc user ny c
quyn ng nhp ti my Client
Hnh 3.9. To key cho cc user

Chnh sa thng tin trong file cu hnh nh sau

- ca nhp ng dn cha file ca va c build trn.
- Cert nhp ng dn cha file crt.
- Key nhp ng dn cha file key
- Cc file ny thng nm trong th mc easy-rsa trn cng th mc
vi openvpn
Hnh 3.10. Cu hnh cc thng tin trong file server.conf
Hnh 3.11. Chnh ng dn cha file chng thc

Thc hin vic thm cc route v min mng cn kt ni, khi khi ng
chng trnh th cc route ny c y ti VPNClient
Hnh 3.12. Thm cc route v min mng cn kt ni
Hnh 3.13. Thc hin bm cc key m ha

Tin hnh thc hin bm cc key m ha, d liu c an ton khi truyn
trn mng.
Chnh thng s trong file sys c th forward gi tin t client v server v
ngc li.

Hnh 3.14. Cu hnh file sysctl.conf v chnh ip forward gi tin
Hnh 3.15. y IP ca VPN vo cho cc user n t cp pht khi kt ni
Hnh 3.16. Cu hnh iptables cho php forward cc gi tin t VPNClient ti Server
Add cc route ca VPN vo user ca client cn kt ni bng cch to file vi tn
cc user v t trong cng th mc openvpn, sau tin hnh add cc ip ca VPN vo
cc file ny.
Thm cc lnh iptable VPNClient c th truy cp kt ni n Server
3.3. KIM TRA V QUAY KT NI

3.3.1. Quay kt ni ti my VPN Client
Hnh 3.17. Quay kt ni thnh cng ti my VPN Client
Hnh 3.18. Cc route c add vo thnh cng

Hnh 3.19. Trng thi ca chng trnh hot ng
3.3.2. Kim tra ly th mc t Client ti Server
Hnh 3.20. Truy cp th mc mng ni b thnh cng

KT LUN
Trong mi trng cnh tranh v hi nhp nh hin nay, c th tn ti v pht

trin th CNTT l mt v kh khng th thiu i vi cc doanh nghip hin nay. Vn
li nhun, chi ph, gi thnh cho cc trang thit b phc v cng tc qun tr, hiu qu,
nng sut ca cng vic, c cc doanh nghip t ln hng u.
Vi m hnh kt ni s dng my ch Linux nh Ubuntu Server v phn mm
OpenVPN s gip cc doanh nghip t bit l ngi qun tr mng c th qun l, lm
vic t xa, thng qua cc kt ni vi cc giao thc bo mt nh L2TP, PPTP,IPSec,.
Ngi dng c th truy cp ti nh hoc ti cc vn phng chi nhnh ca cng ty truy
cp kt ni ti cng ty lm vic. Vi gii php ngun m v vic s dng my ch Linux
nh Ubuntu Server lm my ch, s gip cc doanh nghip gim ti gnh nng v ti
chnh, cc trang thit b lin quan, ng thi tng cng kh nng bo mt cho doanh
nghip.
Kt qu t c
o V l thuyt:
Nm c c bn cc kin thc lin quan n phn mm ngun m, cc gii php
v phn mm ngun m, cc phin bn h iu hnh Linux nh Redhat, Ubuntu, Cng
vi nm c nguyn l, cc giao thc bo mt lin quan n kn ni VPN.
o V thc hnh:
Trin khai thnh cng ng dng phn mm OpenVPN cho doanh nghip vi kt
ni Client to Site trn mi trng VMWare.
Hn ch
Do thi gian hn hp, nn ch trin khai kt ni Client to Site, cha trin khai c
kt ni Site to Site.
Hng m
Tip tc trin khai kt ni Site to Site, kt hp vi tm hiu cc gii php bo mt
an ton hn cho kt ni VPN nh thc hin chng thc password mt ln (One time
password),vv

TI LIU THAM KHO

Ti liu ting vit
[1]. Th.s. ng Quang Hin, Gio trnh H iu hnh Linux, Trng Cao ng
CNTT Hu Ngh Vit Hn.
[2]. Th.s Ng B Hng, Gio trnh Linus Operating System, Trng i Hc
Cn Th.
[3]. Th.s H Quc Trung L Xun Thnh, Nhp mn Linux v phn mm
ngun m.
[4]. i Hc Cn Th, Tm hiu phn mm ngun m Open Source Software.
[5]. i Hc Cn Th, Tng quan v VPN.
[6]. i Hc Quc Gia TP HCM, Cng ngh VPN.
Ti liu ting anh
[1]. Markus Feilner, OpenVPN Building and Integrating Virtual Private
Networks (2006).
Internet
[1]. http://sourceforge.net/projects/openvpn-gui/
[2]. http://hvaonline.net
[3]. http://nhatnghe.com
[4]. http://quantrimang.com
[5]. http://www.ventanazul.com

KIN GING VIN HNG DN

........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................
........................................................................................................................................

Trien Khai Openvpn Tren Ubuntu Server

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Trien Khai Openvpn Tren Ubuntu Server

Uploaded by

Copyright:

Available Formats

Nghin cu v trin khai OpenVPN trn ubuntu cho doanh nghip

TRNG CAO NG CNG NGH THNG TIN

Nng, thng 3 nm 2012

hon thnh n chuyn ny, li u tin em xin chn thnh cm n cc

nng, ngy 15 thng 3 nm 2012

Sinh vin: L Long Bo Lp: MM03A 1

3.2.1. Ci t OpenVPN trn Ubuntu Server........................................................30

Sinh vin: L Long Bo Lp: MM03A 3

Hnh 2.1. Minh ha m hnh kt ni VPN........................................................................16

Sinh vin: L Long Bo Lp: MM03A 5

Hin nay, Internet pht trin mnh m c v mt m hnh ln t chc, p ng

Sinh vin: L Long Bo Lp: MM03A 6

CHNG 1 : TNG QUAN V PHN MM NGUN M

1.1. GII THIU PHN MM M NGUN M V H IU HNH LINUX

Sinh vin: L Long Bo Lp: MM03A 7

Sinh vin: L Long Bo Lp: MM03A 8

1.1.2. Gii thiu h iu hnh Linux

Sinh vin: L Long Bo Lp: MM03A 9

Sinh vin: L Long Bo Lp: MM03A 10

Console: Ngoi ra h thng Linux ni chung hay cc my ch dch v ca cc h

Sinh vin: L Long Bo Lp: MM03A 11

c th s dng cc khi d liu ny mt cch thun tin, cc khi d liu c chung

Sinh vin: L Long Bo Lp: MM03A 12

gc n tp cn truy cp, phn cch cc tn bng du /, gi l ng dn tuyt i n

1.1.3. Phn loi phn mm ngun m

Sinh vin: L Long Bo Lp: MM03A 13

phn mm c vit theo n t hng hay hp ng ca mt khch hng c th no

1.1.4. Phn bit phn mm ngun m vi mt s phn mm khc

Sinh vin: L Long Bo Lp: MM03A 14

CHNG 2 : CNG NGH VPN V CC GIAO THC H

2.1. TNG QUAN V CNG NGH VPN

Sinh vin: L Long Bo Lp: MM03A 15

Hnh 2.1. Minh ha m hnh kt ni VPN

Qua nhiu nm, cc Trusted VPN c s thay i t cc thu bao ring t cc i

Sinh vin: L Long Bo Lp: MM03A 16

IPsec hay IP security l tiu chun cho s m ho cng nh cho thm nh cc

L2TP/IPsec kt hp ng dn o ca L2TP vi knh an ton ca IPsec. N cho

Mt mng ring o c th xo b cc hng ro a l trong kinh doanh, cho php

Nhng mt khc, cch dng ca mt VPN c th ph by cc ri ro an ninh tim

o cng c th lm cho chnh n kh ph hoi hn bng cch bo v tham s ca mng

Kt hp ng thi cch dng ca c hai kiu VPNs c th thy c tim nng

Bi Secure VPN s dng m ho, v v mt s hm mt m c dng kh l t

Khi s ngi c gng kt ni ti VPN t nhin tng vt n nh im, ph v ht

Sinh vin: L Long Bo Lp: MM03A 18

L2TP c s dng to kt ni c lp, a giao thc cho mng ring o quay s

Hnh 2.2. Giao thc L2TP

Sinh vin: L Long Bo Lp: MM03A 20

Hnh 2.3. IPSec

Sinh vin: L Long Bo Lp: MM03A 21

Hnh 2.4. Giao thc PPTP

Sinh vin: L Long Bo Lp: MM03A 22

Hnh 2.5. Remote Access VPN

Sinh vin: L Long Bo Lp: MM03A 23

- Kh nng mt d liu l rt cao, thm na l cc phn on ca gi

Hnh 2.6. Site to Site VPN

Sinh vin: L Long Bo Lp: MM03A 24

Sinh vin: L Long Bo Lp: MM03A 25

Hnh 2.7. Intranet VPNs

Sinh vin: L Long Bo Lp: MM03A 26

2.3.2. Thit lp mt kt ni VPN

Hnh 2.9. Thit lp mt kt ni Client to Server

Sinh vin: L Long Bo Lp: MM03A 27

My VPN cn kt ni (VPN Client) to kt ni VPN ti my ch cung cp dch v

Sinh vin: L Long Bo Lp: MM03A 28