Revision as of 18:27, 18 November 2008

Intro

Testing with:

Dynagen & Dynamips (GNS3 not yet working on my Mac)

Future:

Asterisk with chan-ss7
Intel SS7 stack
OpenSS7 new release
Kannel

Network

tmp (France)

10.42.0-9.x

R1 dynamips Cisco ITP
- 10.0.0.150
- 10.42.1.1
- PC: 4.2.1
- x25: x25routerR1 250
R2 dynamips Cisco ITP
- 10.0.0.160
- 10.42.2.1
- PC: 4.2.2
- x25: x25routerR2 150

tw (Taiwan)

10.42.50-59.x

Configurations

(to be updated, testing now)

we will use tcp port 1337 (or should we use something more common like 80 or 53, 443?) for openvpn configuration. So your firewall should allow this port out.

OpenVPN Certificates

coming

OpenVPN Client configs

client
dev tap
proto tcp
remote lab.tstf.net 1337
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
ns-cert-type server
user nobody
group nogroup
ca ca.crt
cert client.crt
key client.key

OpenVPN Server configs

local [EXTERNALIP] port 1337 proto tcp dev tap0

we'll add section how to manage certs later

ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem

this will allow for people to get the same IP address after a reconnect

ifconfig-pool-persist /etc/openvpn/ipp.txt

keepalive 10 120 comp-lzo max-clients 10 user nobody group nobody persist-key persist-tun status /tmp/openvpn-status.log log-append /var/log/openvpn.log verb 6

Cisco ITP

cs7 variant itu
cs7 point-code 1.2.3
Maybe: cs7 capability-pc 1.2.3

Testing

Security

XOT

http://www.fyonne.net/

@@ Line 39: / Line 39: @@
 == OpenVPN Client configs ==
+<source>
 client
 dev tap
@@ Line 54: / Line 56: @@
 cert client.crt
 key client.key
+</source>
 == OpenVPN Server configs ==

Difference between revisions of "7lab"