VPN Tunneling Lab - Nifalnasar/Fundamentals-of-Network GitHub Wiki

Task 1: Network Setup We need at least three VMs:

image image

VPN client can communicate with VPN Server

image image

VPN Server can communicate with Host V

VPN Server and Host V must be statically configured

VPN Server

image image

Host v

image image

Client should not be able to communicate with Host V

image

Task 2: Create and Configure TUN Interface

3.1 Task 2.a: Name of the Interface

image

image

After changing tun as the prefix of the interface as my name

image

image

3.2 Task 2.b: Set up the TUN Interface

image

After running the two commands,run the "ip address" command again we can notice that ip address are assigned

image

Task 2.c: Read from the TUN Interface

image

• On Host U, ping a host in the 192.168.53.0/24 network. What are printed out by the tun.py program? What has happened? Why?

The tun interface 192.168.53.99 is sending ICMP packets to the host queried 192.168.53.1. This happens because when the host is pinged, the ICMP packet would be sent through the TUN interfaceas it is in the same subnet.

• On Host U, ping a host in the internal network 192.168.60.0/24, Does tun.py print out anything? Why?

Nothing is printed when ping is invoked to the 192.168.60.1. This is because the host is in an internal network, and the sent packets would not be passed to the tun interface. Since tun.py only prints when the packets are received, tun.py did not print anything in this scenario.

Task 2.d: Write to the TUN Interface

Yes, this packet is an ICMP echo request packet

image

3.1 Task 2.a: Name of the Interface

image

image

After changing tun as the prefix of the interface as my name

image

image

3.2 Task 2.b: Set up the TUN Interface

image

After running the two commands,run the "ip address" command again we can notice that ip address are assigned

image

Task 2.d: Write to the TUN Interface

Yes,this packet is an ICMP echo request packet

image

Task 3: Send the IP Packet to VPN Server Through a Tunnel

After modifing the code

image

image

image

image

Task 4: Set Up the VPN Server

Please modify tun_server.py, so it can do the following:

Create a TUN interface and configure it.

#!/usr/bin/python3

import fcntl
import struct
import os
from scapy.all import *

TUNSETIFF = 0x400454ca
IFF_TUN = 0x0001
IFF_TAP = 0x0002
IFF_NO_PI = 0x1000
# The IP address is set so that it is on the same subnet
# This is not the IP address that is set on the tun_client
TUN_IP = "192.168.53.98"

# Create the tun interface
tun = os.open("/dev/net/tun", os.O_RDWR)
# The tun interface name should match the name set on the tun_client
ifr = struct.pack('16sH', b'Ananthan%d', IFF_TUN | IFF_NO_PI)
ifname_bytes = fcntl.ioctl(tun, TUNSETIFF, ifr)

# Get the interface name
ifname = ifname_bytes.decode('UTF-8')[:16].strip("\x00")
print("Interface Name: {}".format(ifname))

# Set up the tun interface
os.system("ip addr add {}/24 dev {}".format(TUN_IP, ifname))
os.system("ip link set dev {} up".format(ifname))

IP_A = "0.0.0.0"
PORT = 9090

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((IP_A, PORT))

while True:
  data, (ip, port) = sock.recvfrom(2048)
  print("{}:{} --> {}:{}".format(ip, port, IP_A, PORT))
  pkt = IP(data)
  print("Inside: {} --> {}".format(pkt.src, pkt.dst))

  • Get the data from the socket interface; treat the received data as an IP packet.

  • Write the packet to the TUN interface

#!/usr/bin/python3

import fcntl
import struct
import os
from scapy.all import *

TUNSETIFF = 0x400454ca
IFF_TUN = 0x0001
IFF_TAP = 0x0002
IFF_NO_PI = 0x1000
# The IP address is set so that it is on the same subnet
# This is not the IP address that is set on the tun_client
TUN_IP = "192.168.53.98"

# Create the tun interface
tun = os.open("/dev/net/tun", os.O_RDWR)
# The tun interface name should match the name set on the tun_client
ifr = struct.pack('16sH', b'uk%d', IFF_TUN | IFF_NO_PI)
ifname_bytes = fcntl.ioctl(tun, TUNSETIFF, ifr)

# Get the interface name
ifname = ifname_bytes.decode('UTF-8')[:16].strip("\x00")
print("Interface Name: {}".format(ifname))

# Set up the tun interface
os.system("ip addr add {}/24 dev {}".format(TUN_IP, ifname))
os.system("ip link set dev {} up".format(ifname))

IP_A = "0.0.0.0"
PORT = 9090

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# bind the socket to the specified port
sock.bind((IP_A, PORT))

while True:
  data, (ip, port) = sock.recvfrom(2048)
  print("{}:{} --> {}:{}".format(ip, port, IP_A, PORT))
  # treat the received data as an IP packet
  pkt = IP(data)
  os.write(tun, bytes(pkt))

Before running the modified tun server.py, we need to enable the IP forwarding. Unless specifically configured, a computer will only act as a host, not as a gateway. VPN Server needs to forward packets between the private network and the tunnel, so it needs to function as a gateway. We need to enable the IP forwarding for a computer to behave like a gateway. IP forwarding can be enabled using the following command: