?? vpnlecture.html
字號:
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and lastly</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> lastly</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> there must be a firewall wall in
place (i say must but it is not a required element)</P>
<P style="MARGIN-BOTTOM: 0cm">--> piksel (none@ppqhKcCIihHc.oakland.cmc.net)
has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> this fire wall can be either
software, </P>
<P style="MARGIN-BOTTOM: 0cm"><-- Ralph[a
(Ralph@Ay7Xh0V8gbbw.gen.pacificcoast.net) has left #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm">--> Ralph
(Ralph@Ay7Xh0V8gbbw.gen.pacificcoast.net) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> packet filter like ipfw/ipf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> or cisco pix</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> lol</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> now on to QoS..</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> well</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> actually questions?</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> no!</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> i guess not many could ask</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> with +m on</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> can you -m</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> no</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> i'm not an op</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> but you are</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> well i don't know how to do it</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> oh well</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> oh wells</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> hehe</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> well, everyone!</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> well that was VPN security
fundamentals</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> message _Jonah_ for questions</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> now i mentioned</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><<Phaedrus> How is the encryption
handled?</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> encryption i will get into</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> but </P>
<P style="MARGIN-BOTTOM: 0cm"><hydeph> radius and tacas are what</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> there's different methods like
DES,3DES,ipsec</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> hydeph: those are authentication
protocols</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> similar to MD5</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> wait, jonah, so a vpn is simply a
p2p link between two shared networks? (jus need a confirmation)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> exactly</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> k</P>
<P style="MARGIN-BOTTOM: 0cm"><Phaedrus> (thought radius was a dialup user
directory like X.400)</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> can i ask an off topic question?</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> hydeph: simply its the protocols
used for authentication exchange...</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> sure</P>
<P style="MARGIN-BOTTOM: 0cm"><hydeph> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><hydeph> got it</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> how do you eat gummy bears?</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> btw AAA is cisco proprietary</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> bite the heads off</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> and then eat the rest?</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> of course</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> hm</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> those things are delicous</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> wait, so do p2p links between public
networks or public and private networks have any special names?</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> i eat them differently</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> first, bite the head of</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> hmm</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> well</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> in the olden days</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> then grab them with your thumb and
index finger</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> p2p was over uucp</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> or dial up</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> so your thumb points at their
backs</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> and rip their back open with your
thumb</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> like when you dial up to AOL ;-p
its a direct connection to their server</P>
<P style="MARGIN-BOTTOM: 0cm"><Phaedrus> (no it's not)</P>
<P style="MARGIN-BOTTOM: 0cm">--> dminus01
(dminus0123@wYX39ukTdeI.ipt.aol.com) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> heheh, unfortunately ;-p</P>
<P style="MARGIN-BOTTOM: 0cm"><hydeph> ralph: you have to bite off their
extremeities first</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><hydeph> the little nub feet and arms</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> hydeph, too small</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> so i shal continue with QoS</P>
<P style="MARGIN-BOTTOM: 0cm"><hydeph> it takes skill</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> hm, possibly</P>
<P style="MARGIN-BOTTOM: 0cm">--> _Trick-
(Trickwitha@j5vFjKG7x6Y.ncl0103.ncl.iprimus.net.au) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><Ralph> i like back ripping more</P>
<P style="MARGIN-BOTTOM: 0cm"><th0rn> so p2p links between other types of
networks don't have any special names?</P>
<P style="MARGIN-BOTTOM: 0cm"><b0ttyburp> pls carry on very good so far
happyhacker approved grrrrrrr... nice1 DF for kicking asshole</P>
<P style="MARGIN-BOTTOM: 0cm">--> Guest1021 (kf26t3a@mtdCfs6iqTg.eseenet.com)
has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> they are callled p2p links</P>
<P style="MARGIN-BOTTOM: 0cm"><DigitalFallout> lol</P>
<P style="MARGIN-BOTTOM: 0cm">--> rpc (rpc@pph7OxP7b1uY.unholy.net) has
joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> vpn just imparts security over
those p2p links</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and the p2p in VPN is VIRTUAL</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> although the packets are sent
through public network</P>
<P style="MARGIN-BOTTOM: 0cm">--- rpc is now known as _rpc-</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> since ints encrypted its provides
a virtual p2p</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i hope that cleared that up for
you</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok next QoS for VPNs</P>
<P style="MARGIN-BOTTOM: 0cm">--> T]-[3_RiPP3R
(Iooksharp3@1yisbvVaugQ.fibertel.com.ar) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><-- T]-[3_RiPP3R
(Iooksharp3@1yisbvVaugQ.fibertel.com.ar) has left #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> unlike regualr tcp/ip trans</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> you beat me</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ;-p</P>
<P style="MARGIN-BOTTOM: 0cm"><DigitalFallout> :)</P>
<P style="MARGIN-BOTTOM: 0cm">--- Guest1021 is now known as kf26t3a</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ulike regular tcp/ip transport</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> well lemme explain regular</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> you got a packet</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> suppose ur on DSL</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and ur downloading something from
yahoo</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the data gets sent around the
internet crossing routers</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and that data is inspected at each
router (each hop)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> for data integrity</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> etc</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> well not every hop</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> but</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> nevertheless</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> its hard to ensure QoS in a VPN
environment beacuse</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i hope i'm not getting ahead of
myself</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> but just take this in stride i
will explain it later</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> on packet formation</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> btw</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_>
http://unixd.com:81/lecture/vpn1.gif</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i put a graphic</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> of a vpn up on there</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> ok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i sure i gave you enough time to
get it</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> well</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> QoS is imparted in a VPN</P>
<P style="MARGIN-BOTTOM: 0cm"><-- hydeph has quit ()</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> by redesigning of the headers</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> since the headers are different in
VPN compared to</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> those in regular TCP/IP
transport</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the intermediate</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> routers are unable to do the
regular checksum test for integrity</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> so</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the QoS is primarily done at both
endpoint</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> endpoints</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> of the p2p connectok</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> connections</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> shit</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> connection</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> b/c the VPN Gateway has the
software to diagnose those packest</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> other forms of QoS</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> is Packet prioritizing at the
gateway</P>
<P style="MARGIN-BOTTOM: 0cm"><-- _Trick-
(Trickwitha@j5vFjKG7x6Y.ncl0103.ncl.iprimus.net.au) has left #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and traffic shaping</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> and weighted fair queing</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> all those ensure that packets get
a fair chance or more important packets</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> get dominant transfport rights
over the others</P>
<P style="MARGIN-BOTTOM: 0cm"><-- dminus01 has quit (Ping timeout: 180
seconds)</P>
<P style="MARGIN-BOTTOM: 0cm"><-- DigitalFallout has quit (Remote closed the
connection)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> so that time dependant data can
arrive efficiently at the other endnode</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> i would also like to mention</P>
<P style="MARGIN-BOTTOM: 0cm">--> Trick
(Trickwitha@j5vFjKG7x6Y.ncl0103.ncl.iprimus.net.au) has joined #bsrf</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> QoS is very difficult to employ on
dial up vpn users</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> mainly b/c</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> they are taking so many hops
around the shared network</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> unlike typicially with branch
users</P>
<P style="MARGIN-BOTTOM: 0cm"><-- CHAOS has quit (Ping timeout: 180
seconds)</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> they connect to the same telco
ISP</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> lastly</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> VPN management</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> is quite simple</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the most effective way is via
telnet/ssh, CLI editing</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> CLI=command line interface</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> also management can be done at the
CA</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> the certificate authority
server</P>
<P style="MARGIN-BOTTOM: 0cm"><_Jonah_> something i will get into in a
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -