VMware workstation and creating VMs in VMware work station will be studied and practiced well. Ubuntu 16.04 Server VM and UBUNTU 16.04 Client VM will be installed in the VMware work station. Here Ubuntu 16.04 Desktop OS is selected for both server and client purpose. Various features of Ubuntu server and clients will be studied and practiced. DHCP service installation will be studied and practiced. Ubuntu server will act as a DHCP server too. DNS service (BIND9) service will be studied and practiced. The Ubuntu server will act as a DNS server too. vibro0 issues will be rectified. Assuming that the Ubuntu server is used for many other purposes (LAMP). LAMP services will be studied, installed and practiced. The enterprise server will act as a VPN server (O’Brien, 2017) (Access.redhat.com, 2017) too. VPN services will be installed and studied. VPN client services will be installed in another Ubuntu 16.04 Desktop VM. Wireshark will be installed in the VPN client side. Client to server communication will be captured in pre-VPN installation and post VPN-installation. Effect of VPN will be studied. All the practical activities will be documented.
Installed Ubuntu16Server and Ubuntu16Client VMs. Both are based on Ubuntu 16.04 Desktop operating system.
All the references shown in the references are referred in all the activities.
All the references shown in the references are referred in all the activities
E: Some index files failed to download. They have been ignored, or old ones used instead.
All the references shown in the references are referred in all the activities.
Installation procedures of DHCP in Ubuntu16.o4 server
DHCP is the abbreviation of Dynamic Host Control Protocol. A network protocol is nothing but the system that hold the rules and regulations for the transfer of information. TCP describes the way how devices in one network communicate with another network. The DHCP can be configured in three ways. The ways include dynamic allocation, automatic allocation and the manual allocation. Dynamic allocation is a type where a pool of IP addresses are placed. Automatic allocation is nothing but assigning the IP addresses temporarily. Manual allocation is nothing but the private allocation of the IP addresses.
To install DHCP server in Ubuntu (SearchITChannel, 2017), the choosing of operating system, IP address specification and the host name fixing remains the first step. Open the terminal and type the following commands to install the DHCP server (Linuxhomenetworking.com, 2017) (Access.redhat.com, 2017).
"sudo apt-get install isc-dhcp-server"
After typing the command, the Ubuntu installs the DHCP server after reading the status information and it also installs additional packages provided. The command window notifies the names of the packages getting installed. It also describes the amount of disc space needed that is going to be used by the operating system. At the end of the step, a Y/N option is displayed on the command screen. If such option is seen, it’s clear that the server has been installed and the next step is nothing but the configuration of the DHCP server.
The DHCP client and the server communicates with the help of four commands (Petersen, 2008). The commands are the
This command is used to broad cast the client to the server.
This command is used to unicast the server to the client.
This command is also used to broadcast the client to the server.
This command is used to unicast the server to the client HCP client (150)
Configure DHCP server (150)
The default configuration that appears in the SHCP server is
According to the need, the default configuration can be edited. More than one interface can exist in th DHCP server. If more than one interfaces occur in the server, then the specification of the interface should be provided. To edit the interface name, the following commands has to be used. "sudo vi /etc/default/isc-dhcp-server". Assigning the interface network is also an important thing. The assigning is done using the following commands
In case of more interfaces, they should be mentioned with spaces. Saving the file is very important and loss of saving may lead to the wastage of command run. After saving, the file can be closed. After this "dhcpd.conf" file
can be edited. The editing can be carried out using the command "sudo vi /etc/dhcp/dhcpd.conf".
It can be modified and the domain name can be replaced. The name of the domain and the name of the domain-name-servers have to be entered. They can be entered using the command
The subnet range, domain name, domain, IP range can be defined using the appropriate commands. The IP address range can be defined and the client is able to get the IP address only from that range. Each client can also be set a specific IP address. The specific IP address can be set using the command "ifconfig".
Configure DHCP Clients
Ubuntu 16.04 can be used as the client. The operating system name and the IP address of the DHCP server have to be specified before configuring the DHCP client. To configure, select and open the Network connections. The network connections window appears .In the window select your Ethernet card and then click the edit option (Negus, 2011).
VPN solutions in linux server
A VPN (O’Brien, 2017) (Bischoff and Bischoff, 2017) (Linux.com | The source for Linux information, 2017) is permits one private network to send or receive data to other network through a public network. To access the internet safely from our laptop or smartphone while connected to an unsecured or untrusted network like Wi-Fi VPN can assist in this situation. If we are on a private network, Virtual Private Network (VPN) permits us to traverse these unsecured or untrusted networks. In this situation traffic occurs in the server of VPN and endures its journey to the terminus. VPN is pooled with HTTPS connections, this setup will allows us to safeguard our wireless transactions and logins. Geographical restriction and the censor ship can be avoided and the location can be shielded and any type of unencrypted HTTP traffic from the unsecured network.
A full-featured open VPN is considered as the open source for Secured Socket Layer which is a solution that adapt a variety of configurations (VPN Solutions for Linux server and Windows, 2017) (Ubuntu Netbooks, 2010). In this report set up of an OpenVPN server on the system and the access of the configuration from the Linux, Ubuntu, OS X, Android and iOS. This includes a simple and easy step for configuration and installation of VPN is considered.
Fundamentals for VPN Installation
For the completion of the project it is essential to access Ubuntu 16.04 server. Configuration of non-root user with “sudo” benefits before starting the setup.
As soon as finishing this log in to the Ubuntu server as in the name of “sudo“ and the further procedures are given below.
Phase 1: Installation of OpenVPN
Initially, installation of OpenVPN is done in the server (Anon, 2017) (Rankin and Hill, 2014). We can use “apt” for installation which is available in the default repositories of the Ubuntu, after completing this “easy-rsa” package is installed that help to setup the internal Certified Authority (CA) that can be used in the VPN.
For the server update of package index and for the installation of all the required type of packages the following code is used.
“$ sudo apt-get update”
“$ sudo apt-get install openvpn easy-rsa”
The software that is ready to be configured is now on the server.
Phase 2: CA Directory setup
OpenVPN is considered as a TLS/SSL VPN (Anon, 2017). It means that it operates the certificate for the purpose to encrypt the occurrence of traffic between client and the server. For issuing the trusted certificate, a simple own CA (Certified Authority) is being set up. Duplication of “easy-rsa” template directory can be made in the home directory by using the command “make-cadir”.
“$ make-cadir ~/ openvpn-ca”
To move into a newly created directory the command used is
“$ cd ~/openvpn-ca”
Phase 3: Certified Authority (CA) configuration
Some variables are found inside which can be accustomed for determining the creation of the certificates. The default settings are made in the bottom of the file is being made.
Finishing this phase save and close the file.
Phase 4: Certificate Authority building
The variables that is being set by us can be made use at this phase and the “easy-rsa” is for building our CA. Make sure that the present directory is CA and the source is “vars”. These commands are used to ensuring and the following output is obtained.
For the confirmation of working in a clean environment the following command is used.
By typing “./build-ca” the root CA can be built, the process of creating the root certificate and the root certificate key is initiated. All the values are given automatically due to the command “vars”. By pressing ENTER the confirmation is made.
Phase 5: Creation of key, Encryption files and Server Certificate.
The next step is to generate server certificate, key and some additional files that is used during process of encryption (Popov, 2017). By typing “./build-key-server server” the key and the server certificate is generated. The default values that is based on the argument is transferred through the server and the vars hold the content.
Diffie-Hellman keys was generated strongly by which is use during the generation of exchange of key “./build-dh”. For, the generation of HMAC that strengths the integrity “openvpn --genkey --secret keys/ta.key”.
Phase 6: Client Certificate and Key Pair generation
Even though the generation of client certificate and key pair can be succeeded through the client machine for the purpose of security it is signed by the Certified Authority of the server. A single client certificate and client key is generated. For the generating authorizations without the usage of the password and to make the connection automatic “build-key” command is used (Access.redhat.com, 2017).
Phase 7: Configuration of OpenVPN Service
The configuration of OpenVPN service using the credentials and the generated files.the following steps are included in the configuration procedures.
- The files are being copied to the OpenVPN directory. For this step the command “/etc/openvpn” is used. This can be started with all of the files that we are generated. The files that are created have a separate directory for storage. The HMAC signature and the Certified Authority is moved. After this the unzipped file is used as the setup basis.
- The configuration that is made in the OpenVPN is adjusted. Since the file are in the modified file it is easy to adjust the server file.
- For redirecting the traffic through the VPN the changes are made to the Push DNS this step is an optional. After this the setting is made between 2 machines that is the client and the server and to route the traffic in the VPN the DNS settings can be used. The section “redirect-gateway” is use and remove the semicolon to make it as uncomment.
- After the completion of the above step the adjustment to the port or protocol is made which is an optional step. The port 1194 is used by the OpenVPN server and also by the UDP protocol. In the situation of using the restricted network the modification in the port can be done. This modification changes can be changed with option “port”.
- The final step is the make the credentials from point to non-default. If a different name is selected during building the server the required changes can be made at this point
Phase 8: Server Network Configuration adjustment
To make the VPN correctly route the traffic adjustment is made in some aspects of the networking server. The adjustments that is made in the networking server depends on the following steps.
- Allowing the server for adjusting the traffic, this enables the OpenVPN to to route the traffic correctly. Modification is made by “/etc/sysctl.conf” after this the proper line set is noted down and the # symbol is removed for the uncommand purpose.
- UFW must be followed in the case of Ubuntu. So the adjustments is made to the rule of UFW for the purpose of masquerade client connections. The unwanted traffic is blocked even though the firewall is enabled. The public network is find and the modifications are made according to the requirement.
- It is essential that the public interface should follow the “dev”, its results in showing the . The UFW rules are given before the handling of the configuration. After this step save and close it.
- The port of OpenVPN is opened for enabling the changes if any modifications in the protocol or port is not done. After this the changes are done in the UFW. Thus this support the server to clearly route the traffic.
Phase 9: Enabling the OpenVPN
Now the OpenVPN is read to provide the necessary services. Open the specified configuration as an instant variable. To find the successful implementation “sudo systemctl status [email protected]”. The system automatically reboots after enabling the OpenVPN.
Phase 10: Infrastructure of client Configuration creation
A system is needed to setup for the configuration of the client. This includes the following steps.
- The client configuration directory structure is created. It includes the locking of the embedded files of the client key.
- The base configuration is created, after this the file can be opened and few adjustments are made. All the requirements are given in the Public IP. The changes that is made in the selected port can also be made.
- The configuration of the generation script is made, his include the generation of a simple script. This is relevant to the certified keys that is made. Save the process and for the execution purpos4e the following command is done “chmod 700 ~/client-configs/make_config.sh”
Phase 11: Client Configuration generation
The previous steps involved the steps for the creation of client certificate and the client key. The already created client certificate is named as the client1.crt.The already created client key is named as the client1.key.The client key is created by running the command "./build-key client1".The certificate and the key are termed as the credentials. These credentials can be configured by entering into directory called the “config” directory by using the command “~/client-configs”. The script we contributed can also be used for the change of credentials. The script can be used by using the following command
“$ cd ~/client-configs”
If proper steps are followed, the config file will be traced and it would be in the format of client1.ovpn .The directory configuration path is "$ ls ~/client-configs/files". After the configuration of the client, the next step is the transfer of the configuration file to the appropriate device. For the purpose of this transfer, it is important thing for the application to have SSH or SCP file. The command useful for the transfer is the
“local$ sftp [email protected]_server_ip:client-configs/files/client1.ovpn ~/”
There are many tools that aids the transfer of files from server to the computer. Some of the tools are
Phase 12 : Installation
This step deals with the installation of client VPN profile on any operating system. The operating system can be the system of our choice. The installations procedures for the Linux operation system are as follows. There are variety of tools in Linux that can be used depending on the requirement. On Ubuntu it can be installed by using the commands
“client$ sudo apt-get update”
“client$ sudo apt-get install openvpn”
After installing, configuration has to be done. First check if the directory holds the distribution. If the directory holds then the file can be edited and uncommented.To edit the file "client$ nano client1.ovpn".Finally save the file.
It is an open source tool. Wire shark tool for examining packets and profiling network traffic. It is named as analyzer of network protocol, sniffer or analyzer of network. It is used for analyzing the traffic details at different levels vary from information of connection level to bit which form a single packet. Capturing packet able to give a system administrator having data about the separate packets like source, header data, protocol type, and destination and transmit time. It is used to troubleshoot the issues on the devices of network security and analyze events of the security. In 3 panels, it will display data. On a single line, with fundamental information, the head panel enters frames separately. In the middle panel, wire shark displays details of the packet showing the different features of the frame connects to layer of network, layer of data link, layer of application and layer of transport. Eventually, raw frame display in the bottom panel having hexadecimal performance on the left side. On the right side the values of ASCII displays in the bottom panel of the wire shark tool.
Usage of wire shark for filter, inspect and capture packets:
The tool of network analysis previously called as Ethereal. It captures packets and present in the format of human-readable. The tool network analysis involves color coding, filters and further characteristics like network traffic and examine individual packets. The usage of wire shark is to analyze network traffic programs, troubleshoot the issues on the network and inspect the flow of traffic.
Acquiring wire shark:
In Linux or UNIX system, we will get wire shark in its packet storage. Suppose we are work with Ubuntu, we will get wire shark in software center of Ubuntu. Only permitted organization uses the wire shark and tools on networks.
We can create it after down load and installation of the wire shark. To begin capture packet, under the capture, double click the network interface name. On the wireless network, if we need to capture traffic then click the wireless interface.
We will observe the packets after clicking the name of the interface and each packet are captured by wire shark. Suppose we are having the enable of promiscuous mode we will observe all other packets addressed to adapter of network. Click the options on capture and check the promiscuous mode to be enabled on all interfaces. At the bottom, check box is started.
If we need to stop the capturing traffic, click stop button which indicates in red color near the corner of top left of the window.
We will observe packets which are highlighted in various colors. The purpose of the color is to specify the traffic types. Normally, traffic of TCP indicates color in light purple, traffic of UDP indicates in light blue color and the color black specifies packets having errors. View > coding rules is to view the meaning of the color code.
Typing it in the box of the filter at the head of the window is the fundamental method to apply filter.
In Linux or UNIX system, wire shark is acquired in its packet storage. The traffic details are analyzed by using wire shark which is named as network analyzer. The usage of wire shark for filter is briefly described. The capture packets are briefly discussed. The color coding in the wire shark is discussed. By using network analyzer, the network traffic programs are analyzed. The flow of traffic is inspected by using wire shark or the network analyzer. The trouble shooting issues on the networks are discussed. DHCP is successfully installed. DNS and VM Box are also installed. The server client using Linux as a server is discussed. Using open source software, the performance of the direct connection between client and server is measured and compared. The VPN client software is installed.VPN solution on the Linux server is implemented. All the administration work and testing work is clearly documented. Capture the traffic between two machines is done and correct encryption is used. The working system consisting of a server and a client is designed and implemented. Using VM ware workstation or virtual box the network is implemented with number of essential services. The full operation of the server and client is successfully installed, configured and demonstrated.
VPN traffic capturing using Wireshark
Traffic is captured using TCP-DUMP from and the packets are investigated using wireshark. Wire shark is used to reduce or capture traffic and it can also be used to deal about the connectivity issues in conjunction with the client. There are some basic steps that can be used to reduce traffic or connectivity issues. They are as follows. The first step is going to the start menu and selecting the computer option and right clicking the manage option. In the manage tab, choose device manager. Inside the device manager, select the view option and then select show hidden devices option. A list of hidden devices will appear. Select and double click the Network Packet Filter Driver and then select properties. The driver tab holds many options. Using the options change the start settings to system. After this reboot the system and re launch the client and try connecting it (sonicwall.com, 2017). There can be many problems while reducing traffic. The problem can arise when the packets get changed. In such case, we have to notice the type of packets that are exchanged. The server reaction to the packets also has to be recorded. This recording helps in the identification of the type of problem very easily. If suppose we fail to record the reaction, then we would enter in to the trouble in identifying the problem. If the server gives the reaction as the wrong packets, then we need to look in to the VPN connection. To monitor the VPN connection, tools like wire shark is needed. Every packet gets it connected or assigned to an interface. When we try to connect the software like wire shark to check the VPN connection, the software automatically creates a virtual network interface. After creating the virtual network interface, it gets assigned with an IP address. The originally routed packets are encrypted and put inside the other packets which gets assigned or routed to another device. The device can be a Wi-Fi device. There are two types of traffic. They are inside traffic and outside traffic. The wire shark can monitor any type of traffic whether inside or outside without specifying the type of the traffic (superuser.com, 2015). Wire shark is one of the most famous network security analysis tool now a days. Wire shark has many applications. It can troubleshoot devices and it can also inspect traffic. Wire shark has the capacity to go inside the network and it can examine the traffic data. To check traffic, installation of wire shark on PC is very important. After wire shark gets installed, a blank window appears. The blank window is called the wire shark network analyzer window. Scanning is the important process that has to be carried out first. The scanning process can be carried out by selecting the capture option from the window. After selecting the capture option, a window will popup. The popup window is named as the Wire shark capture interfaces. The capture interfaces window shows all the interfaces. To configure an interface, options link near the interface has to be clicked. The options link allows for captivation of a file, solvation of DNS names. This configuration is done to improve the performance of the wire shark. After configuration just click the start button near the interface. The wire shark screen appears after clicking the start button. The wire shark screen shows details about the traffic in the interface. Wire shark has its own color codes. The result of wires hark can be interpreted with the color codes(techtarget.com,2017).
VMware workstation and creating VMs in VMware work station are studied and practiced well. Ubuntu 16.04 Server VM and UBUNTU 16.04 Client VM are installed in the VMware work station. Various features of Ubuntu server and clients are studied and practiced. DHCP service installation is studied and practiced. Ubuntu server acted as a DHCP server too. DNS service (BIND9) service is studied and practiced. The Ubuntu server acted as a DNS server too. vibro0 issues will be rectified. Assuming that the Ubuntu server is used for many other purposes (LAMP). LAMP services are studied, installed and practiced. The enterprise server acted as a VPN server too. VPN services are be installed and studied. VPN client service is installed in another Ubuntu 16.04 Desktop VM. Wireshark is installed in the VPN client side. Client to server communication is captured in pre-VPN installation and post VPN-installation. Effect of VPN is studied. All the practical activities are documented.
Access.redhat.com. (2017). Virtual Private Networks. [online] Available at: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/ch-vpn.html [Accessed 12 Sep. 2017].
Access.redhat.com. (2017). 16.2. Configuring a DHCPv4 Server. [online] Available at: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-dhcp-configuring-server.html [Accessed 12 Sep. 2017].
Anon, (2017). [online] Available at: https://www.thegeekstuff.com/2013/09/openvpn-setup/ [Accessed 12 Sep. 2017].
Bischoff, P. and Bischoff, P. (2017). 6 Best VPNs for Linux in 2017 and Which to Avoid. [online] Comparitech. Available at: https://www.comparitech.com/blog/vpn-privacy/best-vpn-for-linux/ [Accessed 12 Sep. 2017].
Digitalocean.com. (2017). A Comparison of DNS Server Types: How To Choose the Right DNS Configuration | DigitalOcean. [online] Available at: https://www.digitalocean.com/community/tutorials/a-comparison-of-dns-server-types-how-to-choose-the-right-dns-configuration [Accessed 12 Sep. 2017].
Docs.microsoft.com. (2017). DNS Name resolution options for Linux virtual machines in Azure. [online] Available at: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/azure-dns [Accessed 12 Sep. 2017].
Isc.org. (2017). BIND Open Source DNS Server | Internet Systems Consortium. [online] Available at: https://www.isc.org/downloads/bind/ [Accessed 12 Sep. 2017].
Linux.com | The source for Linux information. (2017). Setting up VPN on Linux. [online] Available at: https://www.linux.com/blog/setting-Vpn-Linux [Accessed 12 Sep. 2017].
Linuxhomenetworking.com. (2017). Quick HOWTO : Ch08 : Configuring the DHCP Server - Linux Home Networking. [online] Available https://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_DHCP_Server#.WbfuCLIjHcs [Accessed 12 Sep. 2017].
Negus, C. (2011). Linux bible. Hoboken, N.J: Wiley.
O’Brien, P. (2017). Best VPN solutions for Linux users. [online] TechRadar. Available at: https://www.techradar.com/news/best-vpn-solutions-for-linux-users [Accessed 12 Sep. 2017].
Petersen, R. (2008). Ubuntu. New York, USA: McGraw-Hill Professional Publishing.
Popov, D. (2017). StrongVPN on Ubuntu: Simple VPN Solution That... » Linux Magazine. [online] Linux Magazine. Available at: https://www.linux-magazine.com/Online/Blogs/Productivity-Sauce/StrongVPN-on-Ubuntu-Simple-VPN-Solution-That-Works [Accessed 12 Sep. 2017].
Rankin, K. and Hill, B. (2014). The official Ubuntu server book. Upper Saddle River, N.J., Mu?nchen [u.a.]: Prentice Hall.
Real-time.com. (2017). Linux DNS Server. [online] Available at: https://www.real-time.com/linuxsolutions/dnsserver.html [Accessed 12 Sep. 2017].
SearchITChannel. (2017). Linux DHCP server and client: Configuration and deployment. [online] Available at: https://searchitchannel.techtarget.com/feature/Linux-DHCP-server-and-client-Configuration-and-deployment [Accessed 12 Sep. 2017].
Ubuntu Netbooks. (2010). Apress. Ubuntu. (2008). The happiness we share. Sydney: Hachette.
VPN Solutions for Linux server and Windows, a. (2017). VPN Solutions for Linux server and Windows, Linux, and OSX clients?. [online] Serverfault.com. Available at: https://serverfault.com/questions/2199/vpn-solutions-for-linux-server-and-windows-linux-and-osx-clients [Accessed 12 Sep. 2017].