Virtual Private Network

Bongga Arifwidodo
 Definisi VPN

• Metode untuk menggunakan komunikasi privat yang aman

lewat jaringan publik lewat tunneling
• Dua grup atau lebih jaringan ingin berkomenikasi secara
aman lewat jaringan public seolah-oleh terhubung secara
point to point.
• Data dienkapsulasi dan dienkripsi sehingga aman melalui
jaringan publik
• Proses Enkripsi biasa disebut tunneling
 Kapan VPN dipakai ?
• Biasanya diterapkan pada lokasi yg terpisah secara
geografis

• Dedicated WAN sangat mahal, implementasi perlu

peralatan tambahan jika menambah koneksi. Jika network
berkembang perlu koneksi tambahan, perlu peralatan
tambahan dan sewa dedicated WAN tambahan

• Menggunakan tunneling dan software, komputer terkoneksi

secara logis ke jaringan yang tidak terkoneksi secara fisik
 Konfigurasi VPN

– Dua konfigurasi yang umum diterapkan :

• Remote-Access
– The typical example of this is a dial-up connection from home
or for a mobile worker, who needs to connect to secure
materials remotely
• Site-to-Site
– The typical example of this is a company that has offices in two
different geographical locations, and wants to have a secure
network connection between the two
Remote-Access Example

Mobile User

VPN over Internet

Network A VPN Enabled
Gateway

Home User
 Site-to-Site Example

VPN over Internet

Network A VPN Enabled VPN Enabled Network B
Gateway Gateway
 Protocol VPN
• PPTP
• L2TP
• IPSec
• PPTP Over L2TP
• IP in IP
 Teknologi tunneling

▪ Teknologi tunneling dikelompokkan secara garis besar

berdasarkan protokol tunneling layer 2 (Data Link Layer) dan
layer 3 (Network Layer) model OSI layer.
▪ Yang termasuk ke dalam tunneling layer 2 adalah L2F, PPTP,
dan L2TP.
▪ termasuk layer 3 adalah IPSec, VTP, dan ATMP.
 PPTP
• Singkatan dari Point To Point Tunneling Protocol
• Kelebihan dari protocol ini adalah mendukung
protocol non-IP misal IPX/SPX, NetBUI,
AppleTalk
• Protokol standar yang digunakan windows
• Berdasarkan Protokol PPP pada dial-up
connection.
• Protokol ini dikembangkan oleh Microsoft dan
Cisco.
 L2TP

• Singkatan dari Layer Two Tunneling Protocol

• Kombinasi dari dua buah protocol cisco L2F
dan PPTP
• L2TP lebih banyak digunakan untuk VPN non-
internet (dedicated line : Frame Relay, ATM)
 IPSec
• Protokol standar keamanan bagi IP Protokol.
Lebih kuat dibanding PPTP
• Implementation example :
– OpenS/WAN
– FreeS/WAN
 PPTP Over L2TP
• Sarana PPTP menggunakan protokol L2TP
 IP in IP

• Menyelubungi IP datagram dengan IP header

tambahan.
 VPN via SSH & PPP
• Point-to-Point Protocol over a Secure Shell
connection
• Establishing a Network Connection
– Establish an SSH connection
• VPN Client → VPN Server
– Each have PPP daemons that will communicate
through the SSH connection
– Viola! A VPN CONNECTION!
 Dengan skrip vpn-pppssh,
didapatkan gabungan ppp dan ssh
 VPN via SSL & PPP
• Point-to-Point Protocol over a Secure Socket
Layer connection
• Secure Socket Layer
– Built-in support for Host Authentication
– Certificates
 VPN via SSL & PPP (cont…)
• Establishing a Network Connection
– Initial Handshake for secure communication
– “Hello” messages establish:
• SSL Version, support for Cipher suites, and some random
data
– Key is determined separately from handshake
– SSL Connection Complete!
– Data transferred over the link
 OpenVPN

• Berjalan pada Linux, Windows 2000/XP and

higher, OpenBSD, FreeBSD, NetBSD, Mac OS X,
and Solaris.
• Tidak kompatibel dengan IPSec, L2TP, or PPTP
 VPN via Concentrator

• What is a Concentrator?
– Concentrator is NOT a gateway or firewall
– Specialized device that accepts connections from
VPN peers
– Authenticates clients
– Enforces VPN security policies
– Takes overhead of VPN management and
encryption off of gateways and local hosts
Enkapsulasi Paket VPN
 Tools – Tools Security
• Packet filtering – Nama lain firewall, bekerja dengan menolak
paket-paket TCP/IP dari jaringan luar berdasarkan nomor IP
dan akses layanan.
• Network Address Translation (NAT) – mengubah dan
menyamarkan alamat IP internal dari jaringan luar
• Proxy services – digunakan sebagai perantara untuk
melakukan permintaan dari dan ke internet. Dapat digunakan
untuk mengatur policy user dan content filtering.
• Otentikasi server – memungkinkan user untuk memisahkan
antara layanan dan otentikasi server. User harus mendapat
tiket dari otentikasi server sebelum memperoleh akses dari
server, cth : NIS, Kerberos, dll
 Advantages: Cost Savings

✓ Eliminating the need for expensive long-distance leased lines

✓ Reducing the long-distance telephone charges for remote
access.
✓ Transferring the support burden to the service providers
✓ Operational costs
 Advantages: Scalability

➢Flexibility of growth

➢Efficiency with broadband technology

 Kekurangan
VPNs require an in-depth understanding of public
network security issues and proper deployment of
precautions

Availability and performance depends on factors

largely outside of their control

Immature standards

VPNs need to accommodate protocols other than

IP and existing internal network technology
 Pop Quiz!
Q.1
VPN stands for…
a) Virtual Public Network b) Virtual Private Network
d) Virtual Perimeter
c) Virtual Protocol Network
Network
 Pop Quiz!

Q.2
What are the acronyms for the 3 most common VPN
protocols?
 Pop Quiz!

Q.3
What does PPTP stand for?
 Pop Quiz!

Q.4
What is the main benefit of VPNs compared to
dedicated networks utilizing frame relay, leased
lines, and traditional dial-up?

a) better network performance b) less downtime on average

c) reduced cost d) improved security

 Pop Quiz!

Q.5
In VPNs, the term "tunneling" refers to

a) an optional feature b) the encapsulation of packets inside

that increases network packets of a different protocol to
performance if it is create and maintain the virtual circuit
turned on

c) the method a system d) a marketing strategy that involves

administrator uses to selling VPN products for very low
detect hackers on the prices in return for expensive service
network contracts