文档章节

利用AWS搭建Virtual Private Network

SVD
 SVD
发布于 2015/11/14 22:08
字数 1479
阅读 678
收藏 22
点赞 0
评论 2

新办了一张信用卡,注册了Amazon的AWS,在上面试着搭建了Virtual Private Network.

具体步骤如下:

sudo -s
apt-get install pptpd
vi /etc/pptpd.conf
localip 192.168.9.1
remoteip 192.168.9.11-30

vi /etc/ppp/options
ms-dns 8.8.8.8
ms-dns 8.8.4.4

vi /etc/ppp/chap-secrets<username> pptpd <passwd> *//设置用户名和密码
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p

vi /etc/rc.local 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

service pptpd start
chkconfig pptpd on

在AWS的站点上设置安全组的对应的端口值即可。如下图所示:

注意Virtual Private Network对于各种流量走的都是这台云服务器,所以还是悠着点哦,信用卡透支太多还是不必要的。

备注:ssh连接服务器后的命令汇总:

备注知识点:

关于什么是

pptp

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

The PPTP specification does not describe encryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality. However, the most common PPTP implementation shipping with the Microsoft Windows product families implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide security levels and remote access levels comparable with typical VPN products.

A specification for PPTP was published in July 1999 as RFC 2637 and was developed by a vendor consortium formed by Microsoft, Ascend Communications (today part of Alcatel-Lucent), 3Com, and others. PPTP has not been proposed nor ratified as a standard by the Internet Engineering Task Force.

关于什么是

Virtual Private Network

A Virtual Private Network (VPN) is a network technology that creates a secure network connection over a public network such as the Internet or a private network owned by a service provider. Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network.

A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). VPNs are often used to extend intranets worldwide to disseminate information and news to a wide user base. Educational institutions use VPNs to connect campuses that can be distributed across the country or around the world.

In order to gain access to the private network, a user must be authenticated using a unique identification and a password. An authentication token is often used to gain access to a private network through a personal identification number (PIN) that a user must enter. The PIN is a unique authentication code that changes according to a specific frequency, usually every 30 seconds or so.

Protocols

There are a number of VPN protocols in use that secure the transport of data traffic over a public network infrastructure. Each protocol varies slightly in the way that data is kept secure.

IP security (IPSec) is used to secure communications over the Internet. IPSec traffic can use either transport mode or tunneling to encrypt data traffic in a VPN. The difference between the two modes is that transport mode encrypts only the message within the data packet (also known as the payload) while tunneling encrypts the entire data packet. IPSec is often referred to as a "security overlay" because of its use as a security layer for other protocols.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use cryptography to secure communications over the Internet. Both protocols use a "handshake" method of authentication that involves a negotiation of network parameters between the client and server machines. To successfully initiate a connection, an authentication process involving certificates is used. Certificates are cryptographic keys that are stored on both the server and client.

Point-To-Point Tunneling Protocol (PPTP) is another tunneling protocol used to connect a remote client to a private server over the Internet. PPTP is one of the most widely used VPN protocols because of it's straightforward configuration and maintenance and also because it is included with the Windows operating system.

Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data communications traffic between two sites over the Internet. L2TP is often used in tandem with IPSec (which acts as a security layer) to secure the transfer of L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using L2TP/IPSec requires a shared key or the use of certificates.

VPN technology employs sophisticated encryption to ensure security and prevent any unintentional interception of data between private sites. All traffic over a VPN is encrypted using algorithms to secure data integrity and privacy. VPN architecture is governed by a strict set of rules and standards to ensure a private communication channel between sites. Corporate network administrators are responsible for deciding the scope of a VPN, implementing and deploying a VPN, and ongoing monitoring of network traffic across the network firewall. A VPN requires administrators to be continually be aware of the overall architecture and scope of the VPN to ensure communications are kept private.

Advantages & Disadvantages

A VPN is a inexpensive effective way of building a private network. The use of the Internet as the main communications channel between sites is a cost effective alternative to expensive leased private lines. The costs to a corporation include the network authentication hardware and software used to authenticate users and any additional mechanisms such as authentication tokens or other secure devices. The relative ease, speed, and flexibility of VPN provisioning in comparison to leased lines makes VPNs an ideal choice for corporations who require flexibility. For example, a company can adjust the number of sites in the VPN according to changing requirements.

There are several potential disadvantages with VPN use. The lack of Quality of Service (QoS) management over the Internet can cause packet loss and other performance issues. Adverse network conditions that occur outside of the private network is beyond the control of the VPN administrator. For this reason, many large corporations pay for the use of trusted VPNs that use a private network to guarantee QoS. Vendor interoperability is another potential disadvantage as VPN technologies from one vendor may not be compatible with VPN technologies from another vendor. Neither of these disadvantages have prevented the widespread acceptance and deployment of VPN technology.

扯了这么多,说点儿基本的,下面是从网络上摘取的关于网络协议的解释:

What is a Network Protocol?

Networks are how computers communicate with each other. A protocol is a particular standard, or language, that the computers use to understand each other. Think of the network as a road, and the protocol as the rules set down for using that road.

Various Network Protocols

There are many different network protocols. Some dictate how computers communicate over a local network - that is, computers in a local area that directly communicate over a network router. Other protocols govern how computers communicate over a remote network - generally speaking, via the internet. One of the most notable protocols is Internet Protocol, or IP. It is the main network protocol governing the internet.

The most commonly used version is Internet Protocol version 4, or IPv4, though systems are slowly transitioning to version 6. Computers are identified within Internet Protocol using an unique numerical identifier called an IP address. These are often set up by specialists known as network administrators.

TCP and Network Protocols

While Internet Protocol is a single network protocol, it is also part of a larger family called Internet Protocols. TCP, or Transmission Control Protocol, is used hand-in-hand with the IP protocol to create a standard known as TCP/IP.IP sends various pieces of information over a network. These pieces of data are known as packets. TCP combines those packets of IP data into an efficient and accurate request to another computer. It helps ensure that packets are not lost when transmitted over the network.

Thus, TCP/IP is the combined standard that computers use to communicate over the Internet.There are other forms of protocols that work within the IP family. HTTP, or Hypertext Transfer Protocol, allows a web browser to communicate with a web server. You may have seen HTTP included in many world wide web addresses.FTP, or File Transfer Protocol, is another common protocol, designed for efficient file transfer over the internet. Both HTTP and FTP deliver information in concert with the TCP/IP protocol.


© 著作权归作者所有

共有 人打赏支持
SVD

SVD

粉丝 32
博文 185
码字总数 97009
作品 0
海淀
加载中

评论(2)

SVD
SVD
Other protocols govern how computers communicate over a remote network - generally speaking, via the internet.
SVD
SVD
The use of the Internet as the main communications channel between sites is a cost effective alternative to expensive leased private lines.
Ubuntu部署VPN

vpn(Virtual Private Network)虚拟专用网络。vpn是利用互联网,通过数据加密技术在其上面封装一个数据通讯的隧道,供用户访问内部资源,保障数据安全的技术。 2. 搭建vpn 1.检查是否支持M...

Beivis ⋅ 2014/04/22 ⋅ 0

readuce DDOS attacks

Distributed denial of service (DDoS) attacks are sometimes used by malicious actors in an attempt to flood a network, system, or application with more traffic, connections, or r......

Oscarfff ⋅ 2016/07/26 ⋅ 0

AWS系列之一 亚马逊云服务概述

云计算经过这几年的发展,已经不再是是一个高大上的名词,而是已经应用到寻常百姓家的技术。每天如果你和互联网打交道,那么或多或少都会和云扯上关系。gmail、github、各种网盘、GAE、herok...

无敌西瓜 ⋅ 2014/07/11 ⋅ 0

VPC的创建以及使用

问:什么是 Amazon Virtual Private Cloud (Amazon VPC)? Amazon VPC 允许您在 Amazon Web Services (AWS)云中预配置出一个逻辑隔离的部分,让您在自己定义的虚拟网络中启动 AWS 资源。您可...

jk409 ⋅ 2015/05/13 ⋅ 0

利用VPS搭建pptp vpn服务器

VPN的英文全称是“Virtual Private Network”,翻译过来就是“虚拟专用网络”。 环境: 美国VPS(256Mem 512Swap CentOS5.6-64bit) 一.检查你VPS的PPP和TUN有没有启用 要注意的是,Xen的VPS一般...

isweet ⋅ 2012/05/23 ⋅ 0

OTC(Open Telekom Cloud)与AWS对比之VPC

VPC(Virtual Private Cloud)作为云计算最基础的服务,在云计算使用中有着重要的作用。下面我们对OTC和AWS中的提供的VPC服务进行一下详细的比较。 提供的服务种类 OTC: AWS: 从数量上来看...

kdouglas ⋅ 2017/05/07 ⋅ 0

Win10下配置Hyper-V虚拟机通过NAT或桥接方式联网

首先确保为虚拟机启用了Integration Services, 并在虚拟机内安装了相关组件, 否则可能会遇到网卡无法识别的情况. 安装方法用CDROM挂载vmguest.iso, 在虚拟机里面打开该盘并找到setup.exe进行...

wjf1997 ⋅ 2016/04/16 ⋅ 0

Understanding NAT

Understanding NAT Network address translation - or NAT - is a networking option that first appeared in VMware Workstation 3.0. NAT provides a simple way for virtual machines to ......

Oscarfff ⋅ 2016/09/21 ⋅ 0

如何通过VPC在本机搭建局域网

前几天在家里测试一个基于WS-AT的分布式应用,但是连接公司网络的VPN出现了问题,不得不采用VPC在本机搭建一个局域网。虽然以前也做过这样的尝试,可能是很久没有弄过了,一些细节记不清了,...

长平狐 ⋅ 2012/09/04 ⋅ 0

Linux下的加密VPN软件--CIPE

CIPE(Crypto IP Encapsulation)是一种对IP数据包进行封装以实现通信双方安全传输的技术,可以应用于包括VPN(Virtual Private Network)在内的许多领域。目前,IPv6环境下的CIPE还没有具体的软件...

匿名 ⋅ 2009/11/23 ⋅ 0

没有更多内容

加载失败,请刷新页面

加载更多

下一页

用ZBLOG2.3博客写读书笔记网站能创造今日头条的辉煌吗?

最近两年,著名的自媒体网站今日头条可以说是火得一塌糊涂,虽然从目前来看也遇到了一点瓶颈,毕竟发展到了一定的规模,继续增长就更加难了,但如今的今日头条规模和流量已经非常大了。 我们...

原创小博客 ⋅ 今天 ⋅ 0

MyBatis四大核心概念

本文讲解 MyBatis 四大核心概念(SqlSessionFactoryBuilder、SqlSessionFactory、SqlSession、Mapper)。 MyBatis 作为互联网数据库映射工具界的“上古神器”,训有四大“神兽”,谓之:Sql...

waylau ⋅ 今天 ⋅ 0

以太坊java开发包web3j简介

web3j(org.web3j)是Java版本的以太坊JSON RPC接口协议封装实现,如果需要将你的Java应用或安卓应用接入以太坊,或者希望用java开发一个钱包应用,那么用web3j就对了。 web3j的功能相当完整...

汇智网教程 ⋅ 今天 ⋅ 0

2个线程交替打印100以内的数字

重点提示: 线程的本质上只是一个壳子,真正的逻辑其实在“竞态条件”中。 举个例子,比如本题中的打印,那么在竞态条件中,我只需要一个方法即可; 假如我的需求是2个线程,一个+1,一个-1,...

Germmy ⋅ 今天 ⋅ 0

Springboot2 之 Spring Data Redis 实现消息队列——发布/订阅模式

一般来说,消息队列有两种场景,一种是发布者订阅者模式,一种是生产者消费者模式,这里利用redis消息“发布/订阅”来简单实现订阅者模式。 实现之前先过过 redis 发布订阅的一些基础概念和操...

Simonton ⋅ 今天 ⋅ 0

error:Could not find gradle

一.更新Android Studio后打开Project,报如下错误: Error: Could not find com.android.tools.build:gradle:2.2.1. Searched in the following locations: file:/D:/software/android/andro......

Yao--靠自己 ⋅ 昨天 ⋅ 0

Spring boot 项目打包及引入本地jar包

Spring Boot 项目打包以及引入本地Jar包 [TOC] 上篇文章提到 Maven 项目添加本地jar包的三种方式 ,本篇文章记录下在实际项目中的应用。 spring boot 打包方式 我们知道,传统应用可以将程序...

Os_yxguang ⋅ 昨天 ⋅ 0

常见数据结构(二)-树(二叉树,红黑树,B树)

本文介绍数据结构中几种常见的树:二分查找树,2-3树,红黑树,B树 写在前面 本文所有图片均截图自coursera上普林斯顿的课程《Algorithms, Part I》中的Slides 相关命题的证明可参考《算法(第...

浮躁的码农 ⋅ 昨天 ⋅ 0

android -------- 混淆打包报错 (warning - InnerClass ...)

最近做Android混淆打包遇到一些问题,Android Sdutio 3.1 版本打包的 错误如下: Android studio warning - InnerClass annotations are missing corresponding EnclosingMember annotation......

切切歆语 ⋅ 昨天 ⋅ 0

eclipse酷炫大法之设置主题、皮肤

eclipse酷炫大法 目前两款不错的eclipse 1.系统设置 Window->Preferences->General->Appearance 2.Eclipse Marketplace下载【推荐】 Help->Eclipse Marketplace->搜索‘theme’进行安装 比如......

anlve ⋅ 昨天 ⋅ 0

没有更多内容

加载失败,请刷新页面

加载更多

下一页

返回顶部
顶部