PROJECT PRESENTATION FOR

CE/CS 6345 ENGINEERING OF PACKET SWITCHED NETWORKS

SUBMITTED BY SHUBHAYU ROY.

Design of a VPN

The University Of Texas At Dallas.Richardson Texas .

The Problem Statement

Design a VPN

1.What is a VPN ?

VPN or Virtual Private Network, functionally is equivalent to a Local Area Network.

But unlike a LAN the hosts in a VPN are not connected locally on the same physical network (via a switch).

Instead they are scattered at possibly different locations and sites over the Internet.

Hence the LAN topology is a simulated rather than being actual. Hence Virtual Private Network.

The Problem Statement

Design a VPN

The Problem Statement

Design a VPN

Now that we have an idea of what a VPN is we must delve into how to build one.

The Problem Statement

Design a VPN : Objectives Providing a VPN service means:

Any application on a host of a VPN should be able to access the VPN.

This means that the OS once it receives the packet from the application should be able to forward it similar to other LAN destinations.

Forward the packet to the corresponding Network Interface( similar to an actual network interface for wire transmission)

Any incoming packet from the VPN should reach the application via the OS when it arrives on the V Interface

The VPN packets must be available only to other hosts on the VPN The packets must be capable of travelling over internet –

preferably in the form of IP packets

Solution

Thus we see the need of a Virtual Interface. Both VPN and IP (which is used to route VPN packets over the

Internet) are Layer 2 technologies We will need VPN packets to travel over internet to other VPN

sites. This can happen over IP communication Hence we will need Encapsulation and Decapsulation of VPN

packets to and from IP packets during transmission and reception.

Design

Existing Technologies

There are many VPN clients available today. They are capable of simulating IP communications over a

LAN They are however not many that provide generic support for

the use of any network layer protocols, not specifically IP Apple Talk, Novell IPX, experimental protocols Our goal : include support for generic network layer

protocols

Innovation

In order to allow generic network layer protocol to run on the Virtual Network, we need to free the users of the VLAN from sticking to any specific packet format

In order for Virtual LAN to function, the VPN client program on the clients needs• The virtual network address of the destination(provided by the

program)• The virtual network address of the source (is known to VPN client

program)

Innovation

So how does the VPN client program know where the packet at hand is headed??

The VPN client program accepts as command line inputs the location and length in bits of the destID field in the otherwise unintelligible header. Smart.

It extract the destID thus. The packet public-key-encrypted using destination’s public key. (keys are either stored or exchanged)

Regardless of where the packet is headed on the VLAN the encapsulated IP datagram is always addressed to the central VPN server’s public address

However a Shim header is added for the server to understand. It contains: Client VPNID Destination VPNID

Innovation

When VPN central server receives the IP datagram it decapsulates it to find a VPN datagram = Shim header + encrypted VPN packet.

Now what?? The Server queries its database, with the destination

VPNID(from shim header), and uses it to retrieve destination hosts public IP and port address.

Uses this to send packet to the destination It also sends this info back to sending VPN program the

triplet <destVPNID, publicIP,port for destVPN client program>

The sender stores these details for subsequent sendings to that host, in a cache DS. Flushes it regularly.

Model

Packet from VLAN sender host encapsulated in IP packet . IP destination is initially that of central server

The server queries the database to get the public IP and port of VPN destination host

The encapsulated packet arrives at destination host. This packet is decapsulated to get the VPN packet which is then written by VPN client program to the TUN interface

IP datagram to dest vpn host sent directly to VPN destinatin

Destination host infor for caching

Security

Public key securityAugment Central database triplets into

QuadrupletsExtra field is to store the public key of that

hostVPN program encrypts the app data while

sending, after extracting destination VPNID

Questions?

Send them in at shubhayu.roy@utdallas.edu will be happy to respond in 24 hrs.

Thank you!