Building And Integrating Virtual Private Networks With Openswan

Paul Wouters, Ken Bantoft

  • 出版商: Packt Publishing
  • 出版日期: 2006-01-20
  • 售價: $2,350
  • 貴賓價: 9.5$2,233
  • 語言: 英文
  • 頁數: 360
  • 裝訂: Paperback
  • ISBN: 1904811256
  • ISBN-13: 9781904811251
  • 無法訂購

買這商品的人也買了...

相關主題

商品描述

Description

TECHNOLOGY
With the widespread use of wireless and the integration of VPN capabilities in most modern laptops, PDA's and mobile phones, there is a growing desire for encrypting more and more communications to prevent eavesdropping. Can you trust the coffee shop's wireless network? Is your neighbor watching your wireless? Or are your competitors perhaps engaged in industrial espionage? Do you need to send information back to your office while on the road or on board a ship? Or do you just want to securely access your MP3's at home? IPsec is the industry standard for encrypted communication, and Openswan is the de-facto implementation of IPsec for Linux.

Whether you are just connecting your home DSL connection with your laptop when you're on the road to access your files at home, or you are building an industry size, military strength VPN infrastructure for a medium to very large organization, this book will assist you in setting up Openswan to suit those needs.

The topics discussed range from designing, to building, to configuring Openswan as the VPN gateway to deploy IPsec using Openswan. It not only for Linux clients, but also the more commonly used Operating Systems such as Microsoft Windows and MacOSX. Furthermore it discusses common interoperability examples for third party vendors, such as Cisco, Checkpoint, Netscreen and other common IPsec vendors.

The authors bring you first hand information, as they are the official developers of the Openswan code. They have included the latest developments and upcoming issues. With experience in answering questions on a daily basis on the mailing lists since the creation of Openswan, the authors are by far the most experienced in a wide range of successful and not so successful uses of Openswan by people worldwide.

 

Table of Contents

Chapter 1 presents some historical context of IPsec and Openswan, and discusses the legal aspects about using and selling cryptography such as Openswan, and discusses some of the aspects of weighing encryption privacy and law enforcement.

Chapter 2 explains in non-mathematical terms how the IPsec protocols work. It is written especially with the system administrator in mind, and should appeal to both experts and beginners in the world of cryptography.

Chapter 3 contains all you need to know to install Openswan on your Linux distribution. It covers installing available binary packages, as well as how to build Openswan from  source. It also guides you through the options your kernel needs to support, and helps you choose between the two IPsec stacks that are currently available - KLIPS and NETKEY. 

Chapter 4 is a step by step tutorial on how to configure the most common type of VPN connections using Openswan. These include net-to-net, host-to-net, roaming users and head office to branch offices. In other words, all the possible Openswan-to-Openswan connections. It also discusses commonly deployed third party scenarios, including Cisco implementations using Aggressive Mode and XAUTH with Openswan as the IPsec client.

Chapter 5 introduces X.509 certificate based authentication for IPsec. It explains how X.509 certificates work, how to generate them for Linux, Windows and MacOSX clients, and how to run your own Certificate Agency.

Chapter 6 explains the Openswan feature called Opportunistic Encryption ("OE"). This method of allows one to automate host-to-host encryption for machines without any specific configuration by the end-user. Using OE, anyone can use IPsec protected connections to your servers without even realizing they are using IPsec. The goal of OE is to make IPsec the de-facto standard for all communication on the internet.

Chapter 7 goes right down to the packet level and discusses common problems that you might face on your IPsec gateway. These include special firewalling rules, handling broken IPsec implementations and the various MTU related issues that can come up.

Chapter 8 discusses IPsec from the two most popular end-user Operating Systems: Microsoft Windows and Apple MacOSX. It helps you decide on whether you would prefer X.509 certificate based IPsec, or the less complex L2TP/IPsec. It has a step by step guide on how to setup L2TP on your Openswan VPN server. It also explains how to configure X.509 or L2TP on your Microsoft Windows or Apple MacOSX clients, and includes all the screenshots to guide your way. It closes with a description on how to configure commonly used third-party software packages for Openswan.

Chapter 9 deals with getting Openswan to properly interoperate with third party IPsec VPN servers such as Cisco, Checkpoint, Netscreen, Watchguard and various DSL based modem/router appliances commonly used by end-users.

Chapter 10 explores how to use IPsec to encrypt all traffic between local machines. It specifically focuses on 802.11 type wireless connections, but it applies in general to all LAN based computers. It discusses the Xelerance designed IPsec deployment scenario called WaveSEC: the implementation used at IETF, BlackHat and DefCon to encrypt their wireless networks.

Chapter 11 discusses the advanced use of Openswan. It discusses how to setup a proper fail-over VPN server with Openswan, and discusses large enterprise deployments bottlenecks,  as well as how to deal with BGP and OSPF using IPsec and Openswan.

Chapter 12 is the culmination of two years of end-user support on the public mailing lists. It discusses the common mistakes and issues that people who are not working with IPsec on a daily basis tend to run into. Unless you are doing something extremely specific to your particular setup, your problem will be shown in this chapter, along with the explanation of what went wrong and how to remedy your situation.

Appendix A is our last minute update to the current events of Openswan. It discusses bleeding edge Linux kernel issues, the latest security vulnerabilities and upcoming features for end-users and developers that did not exist when the authors were writing the bulk of this book. It also discusses known but unsolved bugs existing at the time this book went to the printer.

商品描述(中文翻譯)

描述
隨著無線網路的廣泛使用以及大多數現代筆記型電腦、PDA 和手機中 VPN 功能的整合,對於加密越來越多的通訊以防止竊聽的需求日益增加。你能信任咖啡店的無線網路嗎?你的鄰居在監視你的無線網路嗎?或者你的競爭對手是否可能從事工業間諜活動?你是否需要在路上或船上將資訊發送回辦公室?還是你只是想安全地訪問家中的 MP3?IPsec 是加密通訊的行業標準,而 Openswan 是 Linux 上 IPsec 的事實上實現。

無論你是在路上使用筆記型電腦連接家中的 DSL 以訪問檔案,還是為中型到大型組織建立軍事級別的 VPN 基礎設施,本書將協助你設置 Openswan 以滿足這些需求。

討論的主題涵蓋了設計、建構和配置 Openswan 作為 VPN 閘道,以使用 Openswan 部署 IPsec。它不僅適用於 Linux 客戶端,還適用於更常用的作業系統,如 Microsoft Windows 和 MacOSX。此外,它還討論了第三方供應商的常見互操作性範例,例如 Cisco、Checkpoint、Netscreen 和其他常見的 IPsec 供應商。

作者提供第一手資訊,因為他們是 Openswan 代碼的官方開發者。他們已包含最新的發展和即將出現的問題。自 Openswan 創建以來,作者每天在郵件列表中回答問題,擁有廣泛的經驗,涵蓋了全球人們對 Openswan 的成功和不那麼成功的使用案例。

目錄
第一章提供了 IPsec 和 Openswan 的一些歷史背景,並討論了使用和銷售加密技術(如 Openswan)的法律方面,以及在加密隱私和執法之間的權衡。

第二章以非數學的術語解釋了 IPsec 協議的運作方式。這一章特別針對系統管理員撰寫,應該能吸引加密領域的專家和初學者。

第三章包含了安裝 Openswan 所需的所有資訊,涵蓋了可用的二進位包的安裝,以及如何從源碼構建 Openswan。它還指導你了解內核需要支持的選項,並幫助你在目前可用的兩個 IPsec 堆疊之間進行選擇 - KLIPS 和 NETKEY。

第四章是一個逐步教程,教你如何使用 Openswan 配置最常見的 VPN 連接類型。這些包括網對網、主機對網、漫遊用戶以及總部到分支辦公室的連接。換句話說,所有可能的 Openswan 到 Openswan 連接。它還討論了常見的第三方部署場景,包括使用 Aggressive Mode 和 XAUTH 的 Cisco 實現,並將 Openswan 作為 IPsec 客戶端。