International Journal of Trend in Research and Development, Volume 3(4), ISSN: 2394-9333 www.ijtrd.com Designing a Secured Private Network Connection across a Public Network 1Ifeagwu N. E., 2Alor M. 2Ugwu K.I. 1Michael Okpara University of Agriculture (MOUA),Umudike, Abia State, Nigeria 2Enugu State University of Science and Technology, Nigeria Abstract-- This paper is on designing a secure site-to-site VPN connection (also known as a router-to-router VPN private network connection across a public network. Cisco connection) [3]. packet tracer version 5.3.3a network simulation tool was used A. Types of VPN for carrying out the design and the materials used comprised of laptops, switches, routers, straight-through cable and a a. Remote access VPN crossover cable. Implementing this design involves, A remote access VPN connection is made by a remote access installation of the packet tracer, recognizing the devices client. A remote access client is a single computer user who needed, connecting the devices together through network connects to a private network from a remote location. The cables, configuring the devices and setting up its interface to VPN client authenticates itself to the VPN server and, for allow the flow of packets and setting up a tunnel in between the two sites for the security of the packets being shared. Its mutual authentication; the VPN server authenticates itself to result shows that there is connectivity between the two sites the VPN client [4]. The diagram of Remote access VPN is shown in figure 1. and a successful communication of the devices interface without any drop in the flow of the network. Keywords-- Cisco packet tracer, Private network, Tunnel, Routers I. INTRODUCTION An unsecured communication channels or a network is prone to network attacks and this always lead to ineffective communication. Security of data flowing across the public/strange networks that supports communication from one endpoint to another became a challenge. But with the introduction of Virtual Private Networks (VPN), which is characterized by maintaining privacy, data being sent from the sender to the receiver will be made to pass through Figure 1: Remote Access VPN [2]. tunnels that cannot be accessed by data that is not properly encrypted from the sender, and decrypted by the receiver using b. Site-to-site VPN some agreed encryption method by both sender and receiver. A site-to-site VPN connection as shown in figure 2 connects A Virtual Private Networks (VPN) is a supplement of an two portions of a private network or two private networks. For enterprise’s private internet across a public network, creating a example, this allows an organization to have routed secure private connection essentially through a private tunnel connections with separate offices, or with other organizations, [1]. VPNs securely convey information across the internet by over the internet. A routed VPN server provides a routed connection of remote users, branch offices and business connection to the network to which the VPN server is attached. partners into an extended corporate network. It is called VPN On a site-to-site VPN connection, the packets sent from either because the infrastructure of the network is transparent to any router across the VPN connection typically do not originate at VPN connection, there is privacy for the traffic that is to flow the routers, the calling router (the VPN client) authenticates over the VPN, and must effectively be perceived and treated as itself to the answering router (the VPN server) and for mutual an extension to the company’s network infrastructure. authentication, the answering router authenticates itself to the calling router [5]. II. VIRTUAL PRIVATE NETWORK Organizations use Virtual Private Networks (VPNs) to secure network traffic over an unsecured network, such as the internet. VPN helps to provide a secure mechanism for encrypting and encapsulating private network traffic and moving it through an intermediate network. Data is encrypted for confidentiality and packets that might be intercepted on the shared or public network are indecipherable without the correct encryption keys. Data is also encapsulated, or wrapped, with an IP header containing routing information [2]. Figure 2: Site-to-Site VPN [5]. There are number of ways to use VPN. The most common scenario is when a remote user accesses a private network c. Site-to-multisite VPN across the internet using a remote access VPN connection. In A site-to-multisite VPN connection as shown in figure 3 another scenario, a remote office connects to the corporate connects multiple portions of private network or three or more network using either a persistent or an on-demand site-to-site IJTRD | Jul-Aug 2016 Available [email protected] 509 International Journal of Trend in Research and Development, Volume 3(4), ISSN: 2394-9333 www.ijtrd.com private networks. It has same properties of a site-to-site C. Tunneling Protocols network except that multiple endpoints are at one end of the The various tunneling protocols include: network. This VPN allows an organization to have several secure connections with separate offices spread over various 1. Point-to-point tunneling protocol (PPTP) geographical locations over the internet. Here, the calling 2. Layer two tunneling protocol (L2TP) router authenticates itself to the answering router. 3. Internet protocol security ( IPsec) 4. Site-to-site VPN 5. Secure Socket Layer (SSL) 6. Generic Routing Encapsulation (GRE) 7. Transfer Layer Security (TSL) a. Point-to-point tunneling (PPTP) PPTP encapsulates point-to-point protocol (PPP) frames into IP datagrams for transmission over an IP based network, such as the internet or over a private intranet. PPTP uses a TCP connection, known as the control connection, to create, maintain, and terminate the tunnel. PPTP uses a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames as tunneled data, which can be encrypted, compressed or both. b. Layer two tunneling protocol (L2TP) Figure 3: Site-to-Multisite VPN [5]. This is combination of PPTP and layer2 forwarding (L2F) a technology developed by cisco systems, Inc. rather than having B. VPN Tunneling two incompatible tunneling protocols competing in the Tunneling is a network technology that enables the marketplace and causing customer confusion, the Internet encapsulation of one type of protocol packet within the Engineering Task Force (IETF) mandated that the two datagram of a different protocol [6]. After the tunnel is technologies be combined into a single tunneling protocol that established, data can be sent. The tunnel client or server uses a represent the best features of PPTP and L2F. L2TP is tunnel data transfer protocol to prepare the data for transfer. described in RFC 2661 in the IETC RFC Database, while For example, when the tunnel client sends a payload to the PPTP is described in RFC 2637 in the IETF RTC Database. tunnel server, the tunnel client first appends a tunnel data c. Internet protocol security (IPsec) transfer protocol header to the payload. The client then sends the resulting encapsulated payload across the network, which IPsec functions at the network layer, and its components are routes it to the tunnel server. The tunnel server accepts the defined by IETF in RFC 2401. It however, is made up of many packets removes the tunnel data transfer protocol header, and standards, including RFCs. It is add-on in IPv4, requiring forwards the payload to the target network. Information sent additional software on a device to implement it. However, it is between the tunnel server and the tunnel client behaves built into the IPv6 protocols stack. IPsec performs these main similarly. functions: There are two types of tunneling: 1. Authentication: It verifies the identity of the remote peer. This is accomplished by using digital signatures alongside 1. Voluntary tunneling symmetric or asymmetric (RSA) keys 2. Compulsory tunneling 2. Confidentiality: It guarantees that no intermediate device a. Voluntary tunneling can decipher the contents of the payload in a packet. It accomplishes this by using an encryption algorithm (DES, Voluntary tunneling occurs when a client computer or routing 3DES, SEAL, AES). server creates a virtual connection to the target tunnel server. To accomplish this, tunneling client software and the 3. Packet integrity: It guarantees that the contents of a packet appropriate tunneling protocol must be installed on the client have not been tampered with (changed) by an computer. A user or client computer can issue a VPN request intermediate device and are received from an authorized to configure and create voluntary tunnel. In this case, the device. user’s computer is a tunnel endpoint and acts as the tunnel 4. Encapsulation: it transports the data between two IPsec client [7]. devices; this is accomplished using an IPsec encapsulation b. Compulsory tunneling protocol (AH and ESP). In compulsory tunneling, a VPN capable remote access server 5. Antireplay protection: it ensures that a valid packet is not configures and creates a compulsory tunnel. With a replayed by an attacker, creating a Dos attack; this is compulsory tunnel, the user’s computer is not a tunnel accomplished using protected sequence numbers. endpoint. Another device, the dial-up access server, between d. Site-to-site VPN protocol the user’s computer and the tunnel server is the tunnel endpoint and acts as the tunnel client. This protocol allows two, or more, sites with their own networks, usually LANs, to connect together to form a VPN. A IJTRD | Jul-Aug 2016 Available [email protected] 510 International Journal of Trend in Research and Development, Volume 3(4), ISSN: 2394-9333 www.ijtrd.com Site-To-Site protocol involves a much larger scale encryption, The TLS protocol is designed to provide three essential and encryption and decryption is done by the routers at the services to all applications running above it: encryption, ends.