VPNs ~Virtual Private Networks~

4D0e5a8d5Lo4c8k5Inc2
by 4D0e5a8d5Lo4c8k5Inc2 · 3 posts
13 years ago in Trackers
Posted 13 years ago · Author
Image
VPN
Virtual Private Networks


DeadLock Inc Tutorials


What is a VPN you ask?


A virtual private network (VPN) is a network that uses prime public telecommunication ways, such as the Internet, to provide remote offices or traveling users access to a central organization's network.

VPN's USE

VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.

Step 1. Choose a network you wish too use, here a few I pre-selected for you all. I've test all of them never had problems and i've also had people test how long too track etc.. they couldn't and some were military! So methods will save you!

The List
Code
* SecurityKIS http://www.securitykiss.com/sk/index.php
* Free VPN http://thefreevpn.com/
* proXPN http://proxpn.com/
* USA IP http://www.usaip.eu/en/free_vpn.php
* Open VPN http://openvpn.net/
* Its Hidden http://itshidden.com/
* Cyberghost http://cyberghostvpn.com/ --> Good for germany
* Hotspot Shield http://anchorfree.com/downloads/hotspot-shield/
* VPN Tool http://www.vpntool.com/services.php --> good US
* Tor VPN https://torvpn.com/information.html


Step 2. Once you chosen which, VPN you use you need too download or connect via the instructions it gives you. Then you begin too format how you use it. Usally they will come us as programs now with an "On" and "Off" button and they hide very easy if you don't want anyone too know you use it upon your system.

Quick Note
You can use it in three different modes or settings
*Remote access client connections
*LAN-to-LAN internetworking
*Controlled access within an intranet


Remote access client connections
The creation of a remote access connection for either a dial-up or VPN remote access connection occurs in the following three steps:

Physical or logical link setup

The physical or logical link setup creates the point-to-point link between the remote access client and the remote access server for the purposes of sending PPP protocol suite frames or PPP frames containing data. A physical link is used for a dial-up connection, in which the phone line is the physical link. A logical link is used for VPN connections, in which the VPN tunnel represents a logical point-to-point link. With the Windows 2000 remote access client, the message displayed to the user during the physical or logical link setup is "Connecting."

PPP connection setup

The PPP connection setup uses the suite of PPP protocols to negotiate the parameters of the PPP link, authenticate the credentials of the remote access user, perform callback, and negotiate the use of and the parameters for the protocols that will be operating over the PPP link. With the Windows 2000 remote access client, the message displayed to the user during the PPP connection setup is "Verifying user name and password."

Remote access client registration

During the remote access client registration, the remote access client obtains addition configuration parameters and registers itself for name resolution. With the Windows 2000 remote access client, the message displayed to the user during remote access client registration is "Registering your computer on the network."

Step 1: Physical or logical link setup

The process for the physical or logical link setup depends on whether the connection is a dial-up or a VPN connection.

Dial-up connection

For the dial-up connection, the following process occurs:

The user of the remote access client computer initiates the dial-up connection. In Windows 2000, the user double-clicks the connection in the Network and Dial-up Connections folder.

The modem picks up phone line and gets a dial tone.

The modem then dials the phone number of the remote access server.

The remote access server answers the incoming call.

The modems of the remote access client and the remote access server use modem negotiation protocols to determine line speed and other modem communication parameters.

The physical connection is established and the dial-up call is complete.

PPTP

For a PPTP-based VPN connection, the connection is established in the following two phases:

Phase 1

A TCP connection is initiated from the remote access client using a dynamically allocated TCP port to the remote access server using TCP port 1723.

Phase 2

The remote access client and the remote access server exchange a series of PPTP messages to negotiate the use of a PPTP tunnel and a specific call ID to identify the PPTP connection. For more information, see RFC 2637. The result of the negotiation is a call ID that is used when sending PPTP-encapsulated data using the PPTP Generic Routing Encapsulation (GRE) header.

When the PPTP connection setup begins, the remote access client must already be connected to the Internet. If not, a dial-up connection to an Internet service provider can be made prior to initiating the PPTP connection.

L2TP/IPSec

For an L2TP/IPSec-based VPN connection, the connection is established in the following two phases:

Phase 1

The IPSec security associations needed to protect IPSec-based communications and data are negotiated and created. IPSec uses the Internet Key Exchange (IKE) protocol to negotiate the IKE main mode and quick mode security associations (SAs). The main mode SA is used to protect IPSec negotiations. The quick mode SAs—one for inbound packets and one for outbound packets-are used to protect L2TP data using UDP port 1701. The main mode SA is authenticated using either certificates or a preshared key.

For certificate authentication, the remote access server sends the remote access client a list of acceptable root certification authorities (CAs) from which a certificate will be accepted for authentication. The remote access client responds with a certificate chain (ending at a root CA certificate for a root CA from the list sent by the remote access server) and its own list of root CAs from which a certificate will be accepted for authentication. The remote access server verifies the certificate chain of the remote access client, and then sends a certificate chain (ending at a root CA certificate for a root CA from the list sent by the remote access client). The remote access client verifies the certificate chain of the remote access server.

For preshared key authentication, both the remote access client and remote access server send a hash value that incorporates the preshared key. The hash value sent by the remote access client is verified by the remote access server and the hash value sent by the remote access server is verified by the remote access client.

For more information about main mode and quick mode negotiations, see IKE Negotiation for IPSec Security Associations.

Phase 2

The remote access client and the remote access server exchange a series of L2TP messages to negotiate the use of an L2TP tunnel and a specific call ID to identify a connection within the L2TP tunnel. For more information, see RFC 2661. The result of the negotiation is a tunnel ID and a call ID that is used when sending L2TP-encapsulated data using the L2TP header.

When the L2TP/IPSec connection setup begins, the remote access client must already be connected to the Internet. If not, a dial-up connection to an Internet service provider can be made prior to initiating the L2TP/IPSec connection.

Top of page
Step 2: PPP connection setup

The PPP connection process occurs in the following phases:

Link negotiation

Authentication

Callback (dial-up only)

Network protocol negotiation

PPP phase 1: Link negotiation

The remote access client and remote access server exchange the following series of Link Control Protocol (LCP) messages to negotiate the parameters of the PPP links:

The authentication protocol to use to verify the credentials of the remote access client, and for mutual authentication protocols, the remote access server, in the authentication phase.

The PPP maximum receive unit (MRU), the maximum number of bytes in a PPP frame.

Whether to use protocol and address and control field compression.

The use of callback.

PPP phase 2: Authentication

The remote access client and remote access server exchange a series of messages for the authentication protocol specified in the link negotiation phase. For PAP, SPAP, CHAP, MS-CHAP, and MS-CHAP v2, a fixed set of messages is exchanged. For EAP, an EAP type is negotiated and then a set of messages corresponding to the EAP type are exchanged. EAP negotiations can have a variable number of messages.

MS-CHAP v2 and EAP-TLS provide mutual authentication, in which the remote access client authenticates itself to the remote access server and the remote access server authenticates itself to the remote access client.

PPP phase 3: Callback (dial-up only)

If negotiated during the link negotiation phase, the dial-up remote access client and the remote access server use the Callback Control Protocol (CBCP) to determine the phone number at which the remote access client is to be called back. Based on the Callback Options settings on the Dial-in tab on the properties of the remote access client user account, either the callback number is specified or the user at the remote access client is either prompted for the callback number. In either case, the following actions occur:

The remote access server hangs up.

The remote access server calls the remote access client back at the determined phone number.

The remote access connection proceeds to the next phase.

PPP phase 4: Network protocol negotiation

After authentication and callback, protocols known as Network Control Protocols (NCPs) are used to negotiate the use of and configuration for network protocols, such as TCP/IP and IPX. The following NCPs are used:

Internet Protocol Control Protocol (IPCP)

Used to negotiate parameters for the TCP/IP protocol, including IP address, the use of IP compression, and the addresses of DNS and WINS servers.

IPX Control Protocol (IPXCP)

Used to negotiate parameters for the IPX protocol, including the IPX network and node numbers.

AppleTalk Control Protocol (ATCP)

Used to negotiate parameters for the AppleTalk protocol, including the AppleTalk network and node numbers.

NetBIOS Frames Control Protocol (NBFCP)

Used to negotiate parameters for the NetBIOS Extended User Interface (NetBEUI) protocol.

Bandwidth Allocation Control Protocol (BACP)

Used to negotiate parameters for the Bandwidth Allocation Protocol (BAP). BAP is used to dynamically add and remove links from a Multilink Protocol (MP) connection based on bandwidth needs. BAP only applies to dial-up connections.

Compression Control Protocol (CCP)

For Microsoft remote access clients and servers, CCP is used to negotiate the use of Microsoft Point-to-Point Compression Protocol (MPPC) and the use of and encryption strength for Microsoft Point-to-Point Encryption (MPPE).

Top of page
Step 3. Remote access client registration

Registration for remote access clients consists of using a DHCPInform message to obtain additional TCP/IP configuration parameters and performing name registration.

Using a DHCPInform message

The remote access client uses a DHCPInform message using the following process:

The remote access client sends a DHCPInform message on the PPP link to the remote access server.

The remote access server, configured with the DHCP Relay Agent and at least one address of a DHCP server, relays the DHCPInform message to the DHCP server.

The DHCP server sends back a DHCPAck message, which contains the requested options that are configured on the DHCP server.

The remote access server relays the DHCPAck to the remote access client.

The principal use of the DHCPInform message is to obtain TCP/IP configuration parameters that are not obtained using IPCP, such as the domain name assigned to the PPP connection. Only Windows 2000 and Windows XP remote access clients send the DHCPInform message.

Name registration

To allow nodes on the private network to resolve the names of remote access clients while they are connected, the names and IP addresses of the remote access clients must be registered in the DNS and NetBIOS namespaces of the private network. Because a remote access client is typically assigned a different IP address any time they connect, names in the namespaces should be dynamic, rather than static. To achieve dynamic registration of DNS and NetBIOS names for the private network, remote access client name registration consists of the following:

The remote access client sends NetBIOS name registration messages to its configured WINS server to register its NetBIOS names.

The remote access client sends dynamic DNS update messages to its configured DNS server to register its DNS names.


LAN-to-LAN inter-networking
Besides using virtual private networks for remote access, a VPN can also bridge two networks together. In this mode of operation, an entire remote network (rather than just a single remote client) can join to a different company network to form an extended intranet. This solution uses a VPN server to VPN server connection.


Controlled access within an intranet
Internal networks may also utilize VPN technology to implement controlled access to individual subnets within a private network. In this mode of operation, VPN clients connect to a VPN server that acts as the network gateway.
This type of VPN use does not involve an Internet Service Provider (ISP) or public network cabling. However, it allows the security benefits of VPN to be deployed inside an organization. This approach has become especially popular as a way for businesses to protect their WiFi local networks.


VPN Pros and Cons

Like many commercialized network technologies, a significant amount of sales and marketing hype surrounds VPN. In reality, VPNs provide just a few specific potential advantages over more traditional forms of wide-area networking. These advantages can be significant, but they do not come for free.

The potential problems with the VPN outnumber the advantages and are generally more difficult to understand. The disadvantages do not necessarily outweigh the advantages, however. From security and performance concerns, to coping with a wide range of sometimes incompatible vendor products, the decision of whether or not to use a VPN cannot be made without significant planning and preparation.


I have brought many of them free! Some of the best ones!

Step 3. Enjoy your privacy!
Last edited by 4D0e5a8d5Lo4c8k5Inc2 on Sat Nov 12, 2011 1:48 am, edited 5 times in total.
Posted 13 years ago · Author
Don Von Free Credits wrote:
Can you please explain the different modes and settings?


Sure thing when I back from school today i'll write that =)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Sign in

Already have an account? Sign in here

SIGN IN NOW

Create an account

Sign up for a new account in our community. It's easy!

REGISTER A NEW ACCOUNT