Download - Vpn
![Page 1: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/1.jpg)
Virtual Private Network
![Page 2: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/2.jpg)
Definisi VPN
• Metode untuk menggunakan komunikasi privat yang aman lewat jaringan publik lewat tunneling
• Dua grup atau lebih jaringan ingin berkomenikasi secara aman lewat jaringan public seolah-oleh terhubung secara point to point.
• Data dienkapsulasi dan dienkripsi sehingga aman melalui jaringan publik
• Proses Enkripsi biasa disebut tunneling
![Page 3: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/3.jpg)
Kapan VPN dipakai ?• Biasanya diterapkan pada lokasi yg terpisah
secara geografis • Dedicated WAN sangat mahal, implementasi
perlu peralatan tambahan jika menambah koneksi. Jika network berkembang perlu koneksi tambahan, perlu peralatan tambahan dan sewa dedicated WAN tambahan
• Menggunakan tunneling dan software, komputer terkoneksi secara logis ke jaringan yang tidak terkoneksi secara fisik
![Page 4: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/4.jpg)
Konfigurasi VPN
– Dua konfigurasi yang umum diterapkan :• Remote-Access
– The typical example of this is a dial-up connection from home or for a mobile worker, who needs to connect to secure materials remotely
• Site-to-Site– The typical example of this is a company that has offices
in two different geographical locations, and wants to have a secure network connection between the two
![Page 5: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/5.jpg)
Remote-Access Example
Network A VPN EnabledGateway
VPN over Internet
Mobile User
Home User
![Page 6: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/6.jpg)
Site-to-Site Example
Network A VPN EnabledGateway
VPN over InternetNetwork BVPN Enabled
Gateway
![Page 7: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/7.jpg)
Protocol VPN
• PPTP• L2TP• IPSec• PPTP Over L2TP• IP in IP
![Page 8: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/8.jpg)
PPTP
• Singkatan dari Point To Point Tunneling Protocol
• Kelebihan dari protocol ini adalah mendukung protocol non-IP misal IPX/SPX, NetBUI, AppleTalk
• Protokol standar yang digunakan windows• Berdasarkan Protokol PPP pada dial-up
connection
![Page 9: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/9.jpg)
L2TP
• Singkatan dari Layer Two Tunneling Protocol
• Kombinasi dari dua buah protocol cisco L2F dan PPTP
• L2TP lebih banyak digunakan untuk VPN non-internet (dedicated line : Frame Relay, ATM)
![Page 10: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/10.jpg)
IPSec
• Protokol standar keamanan bagi IP Protokol. Lebih kuat dibanding PPTP
• Implementation example : – OpenS/WAN– FreeS/WAN
![Page 11: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/11.jpg)
PPTP Over L2TP
• Sarana PPTP menggunakan protokol L2TP
![Page 12: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/12.jpg)
IP in IP
• Menyelubungi IP datagram dengan IP header tambahan.
![Page 13: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/13.jpg)
VPN via SSH & PPP
• Point-to-Point Protocol over a Secure Shell connection
• Establishing a Network Connection– Establish an SSH connection
• VPN Client VPN Server– Each have PPP daemons that will
communicate through the SSH connection– Viola! A VPN CONNECTION!
![Page 14: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/14.jpg)
Dengan skrip vpn-pppssh, didapatkan gabungan ppp dan ssh
![Page 15: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/15.jpg)
![Page 16: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/16.jpg)
VPN via SSL & PPP
• Point-to-Point Protocol over a Secure Socket Layer connection
• Secure Socket Layer– Built-in support for Host Authentication– Certificates
![Page 17: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/17.jpg)
VPN via SSL & PPP (cont…)
• Establishing a Network Connection– Initial Handshake for secure communication– “Hello” messages establish:
• SSL Version, support for Cipher suites, and some random data
– Key is determined separately from handshake– SSL Connection Complete!– Data transferred over the link
![Page 18: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/18.jpg)
OpenVPN
• Berjalan pada Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris.
• Tidak kompatibel dengan IPSec, L2TP, or PPTP
![Page 19: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/19.jpg)
VPN via Concentrator
• What is a Concentrator?– Concentrator is NOT a gateway or firewall– Specialized device that accepts connections
from VPN peers– Authenticates clients– Enforces VPN security policies– Takes overhead of VPN management and
encryption off of gateways and local hosts
![Page 20: Vpn](https://reader035.vdokumen.com/reader035/viewer/2022070515/5875ef3f1a28ab006e8b46df/html5/thumbnails/20.jpg)