Overview

A Virtual Private Network (VPN) is used for creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the Internet. VPN is a widely used security technology. VPN can be built upon IPSec or Transport Layer Security (TLS/SSL). These are two fundamentally different approaches for building VPNs. In this lab, we focus on the TLS/SSL-based VPNs. This type of VPNs is often referred to as TLS/SSL VPNs.

The learning objective of this lab is for students to master the network and security technologies underlying SSL VPNs. The design and implementation of TLS/SSL VPNs exemplify a number of security principles and technologies, including crypto, integrity, authentication, key management, key exchange, and Public-Key Infrastructure (PKI). To achieve this goal, students will implement miniVPN, a simple TLS/SSL VPN, in the Linux operating system.

Tasks (PDF)

• VM version: This lab has been tested on our SEED Ubuntu-20.04 VM

Time (Suggested)

• Supervised (closely-guided lab session): 2 hours
• Unsupervised (take-home project): 1 week

Files Needed

• Sample VPN client and server programs (without encryption)
• Sample TLS client and server programs

SEED Videos

• Udemy: Internet Security: A Hands-on Approach (§ 8)
• Identical videos are available on NetEase (for Mainland China)

SEED Books (English) (Chinese)

• Computer & Internet Security: A Hands-on Approach, 3rd edition (§ 19, 27)
• Internet Security: A Hands-on Approach, 3rd edition (§ 8, 18, 19)

Additional Reading

• Tun/tap interface tutorial
• OpenSSL Command-Line HOWTO

Feedback and Help