Difference between revisions of "7lab"

From Tmplab
(Network)
(Configurations)
Line 30: Line 30:
  
 
= Configurations =  
 
= Configurations =  
 +
(to be updated, testing now)
 +
 +
we will use tcp port 1337 (or should we use something more common like 80 or 53, 443?) for openvpn configuration. So your firewall should allow this port out.
 +
 +
== OpenVPN Certificates ==
 +
 +
coming
 +
 +
== OpenVPN Client configs ==
 +
client
 +
dev tap
 +
proto tcp
 +
remote lab.tstf.net 1337
 +
resolv-retry infinite
 +
nobind
 +
persist-key
 +
persist-tun
 +
comp-lzo
 +
ns-cert-type server
 +
user nobody
 +
group nogroup
 +
ca ca.crt
 +
cert client.crt
 +
key client.key
 +
 +
== OpenVPN Server configs ==
 +
local [EXTERNALIP]
 +
port 1337
 +
proto tcp
 +
dev tap0
 +
# we'll add section how to manage certs later
 +
ca /etc/openvpn/easy-rsa/keys/ca.crt
 +
cert /etc/openvpn/easy-rsa/keys/server.crt
 +
key /etc/openvpn/easy-rsa/keys/server.key 
 +
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
 +
 +
#this will allow for people to get the same IP address after a reconnect
 +
ifconfig-pool-persist /etc/openvpn/ipp.txt
 +
 +
keepalive 10 120
 +
comp-lzo
 +
max-clients 10
 +
user nobody
 +
group nobody
 +
persist-key
 +
persist-tun
 +
status /tmp/openvpn-status.log
 +
log-append  /var/log/openvpn.log
 +
verb 6
 +
 +
 
== Cisco ITP ==
 
== Cisco ITP ==
 
# cs7 variant itu
 
# cs7 variant itu

Revision as of 17:23, 18 November 2008

Intro

Testing with:

  • Dynagen & Dynamips (GNS3 not yet working on my Mac)

Future:

  • Asterisk with chan-ss7
  • Intel SS7 stack
  • OpenSS7 new release
  • Kannel

Network

tmp (France)

  • 10.42.0-9.x
  • R1 dynamips Cisco ITP
    • 10.0.0.150
    • 10.42.1.1
    • PC: 4.2.1
    • x25: x25routerR1 250
  • R2 dynamips Cisco ITP
    • 10.0.0.160
    • 10.42.2.1
    • PC: 4.2.2
    • x25: x25routerR2 150

tw (Taiwan)

  • 10.42.50-59.x

Configurations

(to be updated, testing now)

we will use tcp port 1337 (or should we use something more common like 80 or 53, 443?) for openvpn configuration. So your firewall should allow this port out.

OpenVPN Certificates

coming

OpenVPN Client configs

client dev tap proto tcp remote lab.tstf.net 1337 resolv-retry infinite nobind persist-key persist-tun comp-lzo ns-cert-type server user nobody group nogroup ca ca.crt cert client.crt key client.key

OpenVPN Server configs

local [EXTERNALIP] port 1337 proto tcp dev tap0

  1. we'll add section how to manage certs later

ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem

  1. this will allow for people to get the same IP address after a reconnect

ifconfig-pool-persist /etc/openvpn/ipp.txt

keepalive 10 120 comp-lzo max-clients 10 user nobody group nobody persist-key persist-tun status /tmp/openvpn-status.log log-append /var/log/openvpn.log verb 6


Cisco ITP

  1. cs7 variant itu
  2. cs7 point-code 1.2.3
  3. Maybe: cs7 capability-pc 1.2.3

Testing

Security

XOT