Professional Documents
Culture Documents
Trien Khai Openvpn Tren Ubuntu Server
Trien Khai Openvpn Tren Ubuntu Server
N CHUYN
NGNH MNG MY TNH
TI
NGHIN CU V TRIN KHAI OPENVPN
TRN UBUNTU CHO DOANH NGHIP
SVTH: L Long Bo
Lp : MM03A
Nin kha : 2009 2012
CBHD : Thc s ng Quang Hin
LI CM N
MC LC
LI CM N..................................................................................................................... 1
MC LC.......................................................................................................................... 2
DANH MC T VIT TT..............................................................................................4
DANH MC HNH V......................................................................................................5
LI M U....................................................................................................................6
CHNG 1 : TNG QUAN V PHN MM NGUN M...........................................7
1.1. GII THIU PHN MM M NGUN M V H IU HNH LINUX. . .7
1.1.1. Khi nim phn mm m ngun m.............................................................7
1.1.2. Gii thiu h iu hnh Linux.......................................................................9
1.1.3. Phn loi phn mm ngun m...................................................................13
1.1.4. Phn bit phn mm ngun m vi mt s phn mm khc.......................14
CHNG 2 : CNG NGH VPN V CC GIAO THC H TR.............................15
2.1. TNG QUAN V CNG NGH VPN.............................................................15
2.1.1. Gii thiu v cng ngh VPN.....................................................................15
2.1.2. nh ngha VPN..........................................................................................15
2.1.3. Li ch ca VPN.........................................................................................17
2.1.4. Cc thnh phn cn thit to kt ni VPN..............................................19
2.2. CC GIAO THC VPN....................................................................................19
2.2.1. L2TP...........................................................................................................19
2.2.2. GRE............................................................................................................20
2.2.3. IPSec...........................................................................................................21
2.2.4. PPTP (Point to Point Tunneling Protocol)...................................................21
2.3. KT NI VPN...................................................................................................22
2.3.1. Cc dng kt ni VPN.................................................................................22
2.3.2. Thit lp mt kt ni VPN..........................................................................27
CHNG 3: M HNH H THNG V TRIN KHAI OPENVPN TRN UBUNTU
SERVER........................................................................................................................... 29
3.1. M HNH H THNG.....................................................................................29
3.2. CI T V CU HNH OPENVPN..............................................................29
Sinh vin: L Long Bo Lp: MM03A 2
Nghin cu v trin khai OpenVPN trn ubuntu cho doanh nghip
DANH MC T VIT TT
T vit tt ngha
VPN Virtual Private Network
GNU General Public License
FSF Free Software Foundation
GCC GNU C Compiler
PMMNM Phn mm m ngun m
GPL General Public License
DLL Dynamic Link Library
WAN Wire Area Network
L2F Layer 2 Forwarding
L2TP Layer 2 Tunneling Protocol
PPTP Point-to-Point Tunneling Protocol
GRE Generic Routing Encapsulation
DANH MC HNH V
Sinh vin: L Long Bo Lp: MM03A 4
Nghin cu v trin khai OpenVPN trn ubuntu cho doanh nghip
LI M U
mt sn phm c bit, c trng cho ngnh Cng ngh thng tin v Cng ngh phn
mm.
M ngun m, tn ting anh l Open Source, l thut ng ch cc phn mm cng
khai m ngun. Ngi dng khng phi tr mt khon chi ph no, hn th na h c
quyn xem, sa i v ci tin, nng cp theo mt s nguyn tc chung quy nh trong
giy php phn mm ngun m GPL (General Public License). ng t ca m ngun m
l Richard Stallman, ngi xy dng d n GNU, v cho ra giy php m ngun m
GPL, hai nn tng then cht cho s pht trin ca m ngun m.
T hai nh ngha trn ta c th hiu c, phn mm ngun m l g. Phn mm
ngun m l phn mm c cung cp di dng m v ngun, khng ch min ph v
gi mua m ch yu l min ph v bn quyn. Ngi dng c quyn sa i, ci tin,
pht trin, nng cp theo mt s nguyn tc chung quy nh trong giy php Phn mm
ngun m (v d nh GPL General Public License) m khng cn xin php ai, iu m
h khng c php lm vi phn mm ngun ng (tc l phn mm thng mi).
1.1.1.3. Cc thao tc trn phn mm m ngun m
Trn phn mm, c th thc hin cc thao tc:
Sn xut phn mm: Nghin cu nhu cu ca ngi s dng, thit k, coding,
compiling v releasing
Ci t phn mm: c th s dng, phn mm cn c ci t. Ci t l
thao tc ghi cc m cn thit cho vic thc hin mi trng vo b nh thch hp
ngi s dng c th s dng
S dng phn mm: Ci t v s dng phn mm trn my tnh. My tnh ny
c th l my tnh c nhn, my ch, my tnh cng cng,Ty theo tng bi cnh vic
s dng phn mm c th c cc rng buc khc nhau (ci trn mt my, ci trn nhiu
my, ci trn nhiu CPU,). Cc phn mm c bn quyn thng bo v vic s dng
phn mm bng serial key, active code v c nhng trng hp bng kha vt l.
Thay i phn mm: Trong qu trnh s dng c th xut hin nhu cu thay i.
Vic thay i ny c th c tin hnh bi nh tc gi sn xut phn mm, hoc c th
do mt ngi khc. thay i tnh nng phn mm cn c m ngun ca phn mm.
Nu khng c m ngun c th dch ngc thu m ngun t m thc hin. M ngun
phn mm c th c phn phi theo nhiu knh khc nhau (mng, lu tr, truyn tay,
ly nhim).
Cc thao tc khc: Phn tch ngc m ngun, phn tch giao din, m phng,
thc hin lun phin,Phn mm c qun l bi cc quy tc v bn quyn v s hu
tr tu, cho php thc hin hoc khng thc hin cc thao tc ni trn trong cc iu kin
khc nhau.
Bn quyn phn mm: L ti liu quy nh vic thc hin cc thao tc trn phn
mm. C th c cc bn quyn phn mm s hu, bn quyn cho phn mm min ph /
phn mm chia s, bn quyn cho phn mm t do v m ngun m.
- Nm 2000: hng trm triu ngi dng, hn 15.000 ngi tham gia
pht trin Linux. Hng nm th trng cho Linux tng trng trn
100%.
Cc phin bn Linux l sn phm ng gi kernel v cc gi phn mm min ph
khc. Cc phin bn ny c cng b di license GPL. Mt s phin bn ni bt l:
Redhat, Caldera, Suse, Debian, TurboLinux, Mandrake.
Ging nh Unix, Linux gm 3 thnh phn chnh: kernel, shell v cu trc file.
Kernel l chng trnh nhn, chy cc chng trnh v qun l cc thit b phn
cng nh a v my in
Shell (mi trng) cung cp giao din cho ngi s dng, cn c m t nh mt
b bin dch. Shell nhn cc cu lnh t ngi s dng, v gi cc cu lnh cho nhn
thc hin. Nhiu shell c pht trin, linux cung cp mt s shell nh: desktops,
windows manager, v mi trng dng lnh. Hin nay ch yu tn ti 3 shell: Bourne,
Korn v C Shell. Bourne c pht trin ti phng th nghim, Bell v C Shell c
pht trin cho phin bn BSD ca Unix, Korn shell l phin bn ci tin ca Bourne
Shell. Nhng phin bn hin nay ca Unix, bao gm c Linux, tch hp c 3 shell trn.
Cu trc file quy nh cch lu tr file trn a. File c nhm trong cc th mc.
Mi th mc c th cha file v cc th mc con khc. Mt s th mc l cc th mc
chun do h thng s dng. Ngi dng c th to cc file/ th mc ca ring mnh
cng nh dch chuyn cc file gia cc th mc . Hn na, vi Linux ngi dng c
th thit lp quyn truy nhp file/ th mc, cho php hay hn ch mt ngi dng hoc
mt nhm truy cp file. Cc th mc trong Linux c t chc theo cu trc cy, bt
u bng th mc gc (root). Cc th mc khc c phn nhnh t th mc ny
Kernel, shell v cu trc file cu thnh nn cu trc h iu hnh. Vi nhng thnh
phn trn ngi dng c th chy chng trnh, qun l file, v tng tc vi h thng.
1.1.2.2. Giao tip trn mi trng Linux
Terminal: Khi nim Terminal xut hin t xa xa khi cc h thng my tnh rt
ln, ngi s dng khng tng tc trc tip vi h thng m thng qua cc Terminal
xa. Cc h thng Terminal ny gm mn hnh v bn phm, ngy nay do kch thc b
i nn cc Terminal ny chnh l my tnh ca ngi s dng.
VPNs c th s dng mt hoc c hai k thut: dng cc knh thu bao ring ca
cc nh cung cp dch v (ci ny gi l mt Trusted VPN) hoc gi cc d liu c
m ha ln mng Internet (ci ny gi l Secure VPN). Dng mt Secure VPN qua mt
Trusted VPN th gi l Hybrid VPN. Kt hp c hai loi ca Secure VPN trong mt cng
vo, chng hn nh IPsec v SSL cng gi l Hybrid VPN.
ATM v b tip sng khung hot ng ti tng lin kt d liu, l tng 2 trong m
hnh OSI (tng 1 l tng vt l, tng 3 l tng mng). MPLS m phng mt s thuc tnh
ca mng chuyn mch v mng chuyn gi. N hot ng cng mt tng, thng c
coi l tng 2,5 v n nm ngay gia tng lin kt v tng mng. MPLS bt u thay th
ATM v b tip sng khung thc thi Trusted VPN vi lng ln cc doanh nghip v
nh cung cp dch v.
Secure VPN c th dng IPsec trong vic m ho. IPsec nm trong giao thc L2TP
(Layer 2 Tunneling Protocol), trong thnh phn SSL (Secure Sockets Layer) 3.0 hay trong
TLS (Transport Layer Security) vi b m ho, L2F (Layer Two Forwarding) hay PPTP
(Point-to-Point Tunneling Protocol). Chng ta hy xem qua cc thnh phn chnh ny.
SSL v TLS l cc giao thc cho lung d liu an ton ti tng 4 ca m hnh OSI..
SSL 3.0 v TLS 1.0 l cc bn tha k c dng ph bin vi HTTP nhm cho php bo
v cc ng dn Web an ton, gi l HTTPS. Tuy nhin SSL/TLS cng c dng
to ra mt ng dn o tunnel VPN. V d: OpenVPN l mt gi VPN ngun m cho
Linux, xBSD, Mac OS X, Pocket PCs v Windows 2000, XP, 2003, v Vista. N dng
SSL cung cp m ho cho c d liu v knh iu khin. Mt vi hng cung cp
SSL VPN server v client.
2.1.3. Li ch ca VPN
VPN cung cp nhiu c tnh hn so vi nhng mng truyn thng v nhng mng
lease-line. Nhng li ch u tin bao gm:
Chi ph thp hn nhng mng ring: VPN c th gim chi ph khi truyn ti
20-40% so vi nhng mng thuc mng lease-line v gim vic chi ph truy cp t xa t
60-80%.
Tnh linh hot cho kh nng kinh t trn Internet. VPN vn c tnh linh
hot v c th leo thang nhng kin trc mng hn l mng c in, bng cch n c
th hot ng kinh doanh nhanh chng v chi ph mt cch hiu qu cho vic kt ni m
rng. Theo cch ny VPN c th d dng kt ni hoc ngt kt ni t xa ca nhng vn
phng, nhng v tr ngoi quc t, nhng ngi truyn thng, nhng ngi dng in
thoi di ng, nhng ngi hot ng kinh doanh bn ngoi nh nhng yu cu kinh
doanh i hi.
n gin ha nhng gnh nng.
Nhng cu trc mng ng, v th gim vic qun l nhng gnh nng. S
dng mt giao thc Internet backbone loi tr nhng PVC tch hp vi kt ni hng
nhng giao thc nh l Frame Relay v ATM
Tng tnh bo mt: cc d liu quan trng s c che giu i vi nhng
ngi khng c quyn truy cp v cho php truy cp i vi nhng ngi dng c quyn
truy cp.
H tr cc giao thc mng thng dng hin nay nh TCP/IP.
Bo mt a ch IP: bi v thng tin c gi i trn VPN c m ha
do cc a ch bn trong mng ring c che giu v ch s dng cc a ch bn
ngoi Internet.
2.1.4. Cc thnh phn cn thit to kt ni VPN
User Authentication: cung cp c ch chng thc ngi dng, ch cho php
ngi dng hp l kt ni v truy cp h thng VPN.
Address Management: cung cp a ch IP hp l cho ngi dng sau khi
gia nhp h thng VPN c th truy cp ti nguyn mng ni b.
Data Encryption: cung cp gii php m ha d liu trong qu trnh truyn
nhm m bo tnh ring t v ton vn d liu.
Key Management: cung cp gii php qun l cc kha dng cho qu trnh
m ha v gii m d liu.
2.2. CC GIAO THC VPN
2.2.1. L2TP
Trc khi xut hin chun L2TP (thng 8 nm 1999), Cisco s dng Layer 2
Forwarding (L2F) nh l giao thc chun to kt ni VPN. L2TP ra i sau vi nhng
tnh nng c tch hp t L2F.
L2TP l dng kt hp ca Cisco L2F v Microsoft Point-to-Point Tunneling
Protocol (PPTP). Microsoft h tr chun PPTP v L2TP trong cc phin bn WindownNT
v 2000
Sinh vin: L Long Bo Lp: MM03A 19
Nghin cu v trin khai OpenVPN trn ubuntu cho doanh nghip
2.2.3. IPSec
IPSec l s la chn cho vic bo mt trn VPN. IPSec l mt khung bao gm bo
mt d liu (data confidentiality), tnh ton vn ca d liu v vic chng thc d liu.
IPSec cung cp dch v bo mt ng dng KDE cho php tha thun cc giao thc
v thut ton trn nn chnh sch cc b (group policy) v sinh ra cc kha bo mt m
ha v chng thc c s dng trong IPSec
li chng c xem nh l mt extranet VPN. Tnh cht ch trong vic truy cp gia cc
site c th c iu khin bi c hai (intranet v extranet VPN) theo cc site tng ng
ca chng. Gii php Site to Site VPN khng phi l mt remote access VPN nhng n
c thm vo y l v tnh cht hon thin ca n
S phn bit gia remote access VPN v Lan to Lan ch n thun mang tnh cht
tng trng v xa hn l n c cung cp cho mc ch tho lun. V d nh l cc thit
b VPN da trn phn cng mi, y phn loi c, chng ta phi p dng c hai
cch, bi v hardware-based client c th xut hin nu mt thit b ang truy cp vo
mng. Mc d mt mng c th c nhiu thit b VPN ang vn hnh.
Lan to Lan VPN l s kt ni hai mng ring l thng qua mt ng hm bo
mt, ng hm bo mt ny c th s dng cc giao thc PPTP, L2TP, hoc IPSec, mc
ch ca Lan to Lan l kt ni hai mng khng c ng ni li vi nhau, khng c vic
tha hip tch hp, chng thc, s cn mt ca d liu, bn c th thit lp mt Lan to
Lan VPN thng qua s kt hp ca cc thit b VPN Concentrators, Routers, v Firewalls.
Kt ni Lan to Lan c thit k to mt kt ni mng trc tip, hiu qu bt
chp khong cch vt l gia chng. C th kt ni ny lun chuyn thng qua internet
hoc mt mng khng c tin cy. Bn phi m bo vn n bo mt bng cch s
dng s m ha d liu trn tt c cc gi d liu ang lun chuyn gia cc mng .
Intranet VPNs: c s dng kt ni n cc chi nhnh vn phng ca t chc
n Backbone Router s dng campus router. Theo nh m hnh bn di s rt tn chi
ph do phi s dng 2 router
thit lp mng, thm vo , vic
trin khai, bo tr, qun l mng
Intranet Backbone s rt tn
km cn ty thuc vo lu lng
lu thng.
-
Hnh 2.8. Extranet VPNs
Thc hin vic thm cc route v min mng cn kt ni, khi khi ng
chng trnh th cc route ny c y ti VPNClient
Hnh 3.16. Cu hnh iptables cho php forward cc gi tin t VPNClient ti Server
Add cc route ca VPN vo user ca client cn kt ni bng cch to file vi tn
cc user v t trong cng th mc openvpn, sau tin hnh add cc ip ca VPN vo
cc file ny.
Thm cc lnh iptable VPNClient c th truy cp kt ni n Server
KT LUN