Quoting "manuel \"lonely wolf\" wolfshant" <[email protected]>:
> On 02/27/2013 08:00 PM, Adrian Sevcenco wrote: >> Salut! Sunt un pic pe din-afara subiectului VPN (cunosc logica de baza >> dar atit) si as avea nevoie de niste ajutor si lamuriri privind : >> 1. modalitatea de utilizare (sa imi lamuresc ce vreau :D) > citeste documentatia de la OpenVPN ( > http://openvpn.net/index.php/open-source/documentation.html ) si > openswan ( https://github.com/xelerance/Openswan/blob/master/README ) si > lamureste-te ce vrei > >> 2. cum se configureaza - dar asta e mai usor dupa ce punctul 1 e stabilit > intii afla ce vrei si apoi citesti doacele > >> >> 1. as dori sa fac ca 1 singura masina (client) se se conecteze la >> serverul de VPN si prin aceasta conexiune masina client sa apara in >> reteaua in care se afla serverul ca si cum ar fi direct conectata .. >> din cite am vazut pe net e ceva cu un bridge ... > asta face orice VPN > > >> urmaresc tutorialul asta >> http://www.server-world.info/en/note?os=CentOS_6&p=openvpn >> >> si imi e neclar : >> 1. am nevoie de 2 adrese publice (ip real + bridge) ? > banuiesc ca ai vrut sa spui IP PUBLIC + bridge. Nu exista IP "real" si > "imaginar". > si nu, nu ai nevoie decit de un IP ( nu neaparat static ) > >> 2. risc ca reteaua _unde_ma_conectez_ sa aiba vreo comunicare cu reteaua >> _de_unde_ma_conectez_ ? > doar daca vrei tu. avantajul major la ipsec e ca nu se pot injecta > pachete straine prin tunel. La tunelele SSL trebuie sa ai grija ca > firewallul sa verifice si ce trece prin tunel Ar trebui sa inteleg ca de exemplu la openvpn se pot injecta pachete straine prin tunel? Din cate vad eu, daca faci ce trebuie in conf-ul de openvpn, serverul de ovpn iti ignora orice pachet. "tls-auth The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. It can protect against: DoS attacks or port flooding on the OpenVPN UDP port. Port scanning to determine which server UDP ports are in a listening state. Buffer overflow vulnerabilities in the SSL/TLS implementation. SSL/TLS handshake initiations from unauthorized machines (while such handshakes would ultimately fail to authenticate, tls-auth can cut them off at a much earlier point)." http://www.imped.net/oss/misc/openvpn-2.0-howto-edit.html#security > >> 3. nu pot sa am ip-uri statice pe client pe relatia cu VPN-ul? > ba da. la ambele variante expuse mai sus > >> 4. clientul nu poate avea adresa luata prin dhcp? > ba da. la ambele variante expuse mai sus > > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.lug.ro/mailman/listinfo/rlug > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ================================ ATENTIONARI ============================= - pentru atasamente tip Office va rugam sa folositi format OFFICE 97; - nu trimiteti date personale (CNP, copii dupa acte de identitate etc). O lista completa cu reguli de utilizare exista la: http://gw.casbv.ro/forum_smf/index.php?topic=2000.msg3106#msg3106 C.A.S.J. Brasov - B-dul Mihail Kogalniceanu, nr. 11,Brasov [web-site]: http://www.casbv.ro [forum]: http://gw.casbv.ro/forum_smf/index.php ========================================================================== _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
