Virtual Private Network (VPN) Lab

Overview

A Virtual Private Network (VPN) is used for creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the Internet. VPN is a widely used security technology. VPN can be built upon IPSec or Transport Layer Security (TLS/SSL). These are two fundamentally different approaches for building VPNs. In this lab, we focus on the TLS/SSL-based VPNs. This type of VPNs is often referred to as TLS/SSL VPNs.

The learning objective of this lab is for students to master the network and security technologies underlying SSL VPNs. The design and implementation of TLS/SSL VPNs exemplify a number of security principles and technologies, including crypto, integrity, authentication, key management, key exchange, and Public-Key Infrastructure (PKI). To achieve this goal, students will implement miniVPN, a simple TLS/SSL VPN, in the Linux operating system.

Lab Tasks

• VM version: This lab has been tested on our pre-built SEEDUbuntu16.04 VM.

Recommended Time

• Supervised situation (e.g. a closely-guided lab session):
• Unsupervised situation (e.g. take-home project):

Videos (New)

• This topic is covered in my Udemy course: Internet Security: A Hands-on Approach.
• If you are in Mainland China, you can access the same course from the NetEase platform.

Files that are Needed

• Sample VPN client and server programs (without encryption)
• Sample TLS client and server programs

Suggested Reading

• SEED Book by Wenliang Du (Book website) (Chinese version)
• Slides for the SEED book.
• Tun/tap interface tutorial
• OpenSSL Command-Line HOWTO
• Secure programming with the OpenSSL API, Part 1: Overview of the API

SEED Labs

• Home Page

SEED Books

• The 2nd Edition

SEED Lectures

• Udemy Courses