文档章节

利用AWS搭建Virtual Private Network

SVD
 SVD
发布于 2015/11/14 22:08
字数 1479
阅读 688
收藏 22

新办了一张信用卡,注册了Amazon的AWS,在上面试着搭建了Virtual Private Network.

具体步骤如下:

sudo -s
apt-get install pptpd
vi /etc/pptpd.conf
localip 192.168.9.1
remoteip 192.168.9.11-30

vi /etc/ppp/options
ms-dns 8.8.8.8
ms-dns 8.8.4.4

vi /etc/ppp/chap-secrets<username> pptpd <passwd> *//设置用户名和密码
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p

vi /etc/rc.local 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

service pptpd start
chkconfig pptpd on

在AWS的站点上设置安全组的对应的端口值即可。如下图所示:

注意Virtual Private Network对于各种流量走的都是这台云服务器,所以还是悠着点哦,信用卡透支太多还是不必要的。

备注:ssh连接服务器后的命令汇总:

备注知识点:

关于什么是

pptp

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

The PPTP specification does not describe encryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality. However, the most common PPTP implementation shipping with the Microsoft Windows product families implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide security levels and remote access levels comparable with typical VPN products.

A specification for PPTP was published in July 1999 as RFC 2637 and was developed by a vendor consortium formed by Microsoft, Ascend Communications (today part of Alcatel-Lucent), 3Com, and others. PPTP has not been proposed nor ratified as a standard by the Internet Engineering Task Force.

关于什么是

Virtual Private Network

A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network.

A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect campuses that can be distributed across the country or around the world.

In order to gain access to the private network, a user must be authenticated using a unique identification and a password. An authentication token is often used to gain access to a private network through a personal identification number (PIN) that a user must enter. The PIN is a unique authentication code that changes according to a specific frequency, usually every 30 seconds or so.

Protocols

There are a number of VPN protocols in use that secure the transport of data traffic over a public network infrastructure. Each protocol varies slightly in the way that data is kept secure.

IP security (IPSec) is used to secure communications over the Internet. IPSec traffic can use either transport mode or tunneling to encrypt data traffic in a VPN. The difference between the two modes is that transport mode encrypts only the message within the data packet (also known as the payload) while tunneling encrypts the entire data packet. IPSec is often referred to as a "security overlay" because of its use as a security layer for other protocols.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use cryptography to secure communications over the Internet. Both protocols use a "handshake" method of authentication that involves a negotiation of network parameters between the client and server machines. To successfully initiate a connection, an authentication process involving certificates is used. Certificates are cryptographic keys that are stored on both the server and client.

Point-To-Point Tunneling Protocol (PPTP) is another tunneling protocol used to connect a remote client to a private server over the Internet. PPTP is one of the most widely used VPN protocols because of it's straightforward configuration and maintenance and also because it is included with the Windows operating system.

Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data communications traffic between two sites over the Internet. L2TP is often used in tandem with IPSec (which acts as a security layer) to secure the transfer of L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using L2TP/IPSec requires a shared key or the use of certificates.

VPN technology employs sophisticated encryption to ensure security and prevent any unintentional interception of data between private sites. All traffic over a VPN is encrypted using algorithms to secure data integrity and privacy. VPN architecture is governed by a strict set of rules and standards to ensure a private communication channel between sites. Corporate network administrators are responsible for deciding the scope of a VPN, implementing and deploying a VPN, and ongoing monitoring of network traffic across the network firewall. A VPN requires administrators to be continually be aware of the overall architecture and scope of the VPN to ensure communications are kept private.

Advantages & Disadvantages

A VPN is a inexpensive effective way of building a private network. The use of the Internet as the main communications channel between sites is a cost effective alternative to expensive leased private lines. The costs to a corporation include the network authentication hardware and software used to authenticate users and any additional mechanisms such as authentication tokens or other secure devices. The relative ease, speed, and flexibility of VPN provisioning in comparison to leased lines makes VPNs an ideal choice for corporations who require flexibility. For example, a company can adjust the number of sites in the VPN according to changing requirements.

There are several potential disadvantages with VPN use. The lack of Quality of Service (QoS) management over the Internet can cause packet loss and other performance issues. Adverse network conditions that occur outside of the private network is beyond the control of the VPN administrator. For this reason, many large corporations pay for the use of trusted VPNs that use a private network to guarantee QoS. Vendor interoperability is another potential disadvantage as VPN technologies from one vendor may not be compatible with VPN technologies from another vendor. Neither of these disadvantages have prevented the widespread acceptance and deployment of VPN technology.

扯了这么多,说点儿基本的,下面是从网络上摘取的关于网络协议的解释:

What is a Network Protocol?

Networks are how computers communicate with each other. A protocol is a particular standard, or language, that the computers use to understand each other. Think of the network as a road, and the protocol as the rules set down for using that road.

Various Network Protocols

There are many different network protocols. Some dictate how computers communicate over a local network - that is, computers in a local area that directly communicate over a network router. Other protocols govern how computers communicate over a remote network - generally speaking, via the internet. One of the most notable protocols is Internet Protocol, or IP. It is the main network protocol governing the internet.

The most commonly used version is Internet Protocol version 4, or IPv4, though systems are slowly transitioning to version 6. Computers are identified within Internet Protocol using an unique numerical identifier called an IP address. These are often set up by specialists known as network administrators.

TCP and Network Protocols

While Internet Protocol is a single network protocol, it is also part of a larger family called Internet Protocols. TCP, or Transmission Control Protocol, is used hand-in-hand with the IP protocol to create a standard known as TCP/IP.IP sends various pieces of information over a network. These pieces of data are known as packets. TCP combines those packets of IP data into an efficient and accurate request to another computer. It helps ensure that packets are not lost when transmitted over the network.

Thus, TCP/IP is the combined standard that computers use to communicate over the Internet.There are other forms of protocols that work within the IP family. HTTP, or Hypertext Transfer Protocol, allows a web browser to communicate with a web server. You may have seen HTTP included in many world wide web addresses.FTP, or File Transfer Protocol, is another common protocol, designed for efficient file transfer over the internet. Both HTTP and FTP deliver information in concert with the TCP/IP protocol.


© 著作权归作者所有

共有 人打赏支持
上一篇: 配置Java开发环境
下一篇: git log1
SVD

SVD

粉丝 33
博文 195
码字总数 97009
作品 0
海淀
私信 提问
加载中

评论(2)

SVD
SVD
Other protocols govern how computers communicate over a remote network - generally speaking, via the internet.
SVD
SVD
The use of the Internet as the main communications channel between sites is a cost effective alternative to expensive leased private lines.
readuce DDOS attacks

Distributed denial of service (DDoS) attacks are sometimes used by malicious actors in an attempt to flood a network, system, or application with more traffic, connections, or r......

Oscarfff
2016/07/26
36
0
利用VPS搭建pptp vpn服务器

VPN的英文全称是“Virtual Private Network”,翻译过来就是“虚拟专用网络”。 环境: 美国VPS(256Mem 512Swap CentOS5.6-64bit) 一.检查你VPS的PPP和TUN有没有启用 要注意的是,Xen的VPS一般...

isweet
2012/05/23
0
0
AWS系列之一 亚马逊云服务概述

云计算经过这几年的发展,已经不再是是一个高大上的名词,而是已经应用到寻常百姓家的技术。每天如果你和互联网打交道,那么或多或少都会和云扯上关系。gmail、github、各种网盘、GAE、herok...

无敌西瓜
2014/07/11
0
0
Win10下配置Hyper-V虚拟机通过NAT或桥接方式联网

首先确保为虚拟机启用了Integration Services, 并在虚拟机内安装了相关组件, 否则可能会遇到网卡无法识别的情况. 安装方法用CDROM挂载vmguest.iso, 在虚拟机里面打开该盘并找到setup.exe进行...

wjf1997
2016/04/16
0
0
OTC(Open Telekom Cloud)与AWS对比之VPC

VPC(Virtual Private Cloud)作为云计算最基础的服务,在云计算使用中有着重要的作用。下面我们对OTC和AWS中的提供的VPC服务进行一下详细的比较。 提供的服务种类 OTC: AWS: 从数量上来看...

kdouglas
06/28
0
0

没有更多内容

加载失败,请刷新页面

加载更多

eslint rules 规则

'rules': { "comma-dangle": ["error", "never"], //是否允许对象中出现结尾逗号 "no-cond-assign": 2, //条件语句的条件中不允许出现赋值运算符 "no-console": 2, //不允许出现console语句 ...

agenyun
18分钟前
1
0
类型判断时instanceof和equals的不同用法

接口设计时为了避免序列化的麻烦,将接口定义为参数为map<String,String>类型的接口,但是现在调用时需要转换当前的实体Bean为Map,接口接收方再把Map转换为另一个Bean实体。过程中的需要对类...

wangtx
24分钟前
1
0
vue 组件间传值(个人精编)

1.父组件向子组件传值 1⃣️.子组件标签绑定需要传递的参数名2⃣️.子组件页面使用props 接收参数 2.子组件向父组件传值  1⃣️.子组件使用$emit来触发一个自定义事件,并传递一个参...

MrBoyce
35分钟前
1
0
(荷兰)彼得·冯·门施著:博物馆学研究的目的

博物馆学研究的目的 (荷)彼得·冯·门施 尽管诸多关于博物馆学认知目的的不同看法可以被归纳为数个主要群体,但没有一个群体可以被称为“学派”。一般来说,学派是由于博物馆学研究目的的不...

乔老哥
44分钟前
2
0
Vue slot的用法

之前看官方文档,由于自己理解的偏差,不知道slot是干嘛的,看到小标题,使用Slot分发内容,就以为 是要往下派发内容。然后就没有理解插槽的概念。其实说白了,使用slot就是先圈一块地,将来...

peakedness丶
56分钟前
2
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部