Safe remote work during the coronavirus pandemic - part 2

Thu, 04/02/2020 - 11:20

 

Due to the current conditions of the country and the increasing spread of the corona virus, the use of virtual education systems, online meetings and remote working of employees has faced a significant increase. Doing administrative work for employees on the Internet platform can cause serious security threats and risks, and bring irreparable damages to an organization, it is necessary to have appropriate security measures in various organizations to establish the security of these systems and infrastructures, as well as to create platforms Secure communication for these communications should be thought out by network managers and experts. One of the most important and necessary things to create a secure communication platform is the implementation of tunnels for secure and isolated access from the Internet platform to the internal network of an organization, which is followed by security and important tips for creating these platforms.
 

Creation of VPN access for employees by network experts

One of the ways to create a secure communication platform is to implement a VPN service for organizations, so that the employees of an organization can access the organization's internal network on the Internet. Considering different VPN protocols such as L2TP and PPTP, etc., the L2TP protocol is recommended to various organizations and offices as a standard protocol due to its high security (strong 256-bit encryption) and advantages such as compatibility with all operating systems. Considering that this service must be set for network edge devices (Edge), therefore important security tips and also training to create this service in a safe and suitable way for various equipment such as Mikrotik and FortiGate - one of the most used edge devices in the network - as well as creating a connection Suitable for connecting to these services is provided below.

L2TP implementation for Mikrotik equipment

At first, after connecting to the router board through the Winbox software, we create a profile to specify the characteristics and conditions of users' connection to the network, which is available from the PPP section of the Profile section:

Important and necessary items are entered in this section as follows:

  • Name: Specify the name for the created profile.
  • Local Address : Specify the IP address of Mikrotik to establish a tunnel connection with the user.
  • Remote Address : Specify a Pool to assign IP addresses to remote users.
  • DNS : Specify the DNS address that is assigned to users after connection.

After creating the desired profile, a user account must be created for each user in the Secret tab:

The above items are entered as follows:

  • Name: Choose a name for the desired user.
  • Password : Choose the password for the desired user.
  • Service : Assigning the desired service to the user.
  • Profile : Assign the profile created in the previous steps.

* Create an account with a unique username and complex password for each network user.
After creating the desired profile and users, we select the PPP option from the left menu:


Next, in the opened window, click on the L2TP server and tick Enable to activate the L2TP VPN service on the MikroTik router, and assign the profile created in the previous step to it, finally in the Secret IPsec section by entering a complex password. Enable IPsec:

Finally, by selecting the OK option, the L2TP VPN service for the router is activated and you can connect to it by making a suitable connection.

 

L2TP implementation for FortiGate equipment

By connecting to the firewall management page and opening the User & Devices section and then User Definition, we create the desired user by selecting the Create New option:

In the next part, we specify the username and password for our user account:

Then, according to the following image, we create a group in the User Groups section and add the desired user to it:

Next, we will create an IPsec VPN by selecting the VPN header and then Ipsec Wizard, and then in the Name section, we will choose a name for this service and set it as Remote access:

In the next step, we specify the input interface from the Internet to the FortiGate device, and in the Pre-shared Key field, we consider a complex password for it, and finally, in the User Group field, we select the desired group to access this service.

In the final step, in the Local Interface field, we specify the connected interface of the internal network, and then in the Local Address field, we specify the desired range for users to access through VPN, and in the Client Address Range field, we specify a range for assigning IP addresses to remote users. and finally, by selecting the Create option, the IPsec VPN service has been set up for our device.

 

Creating a VPN connection by employees

Making L2TP connection for Linux systems

To create an L2TP connection in Linux operating systems, you must first add the NetworkManager-l2tp VPN package in your Linux system. To add this package, you can use the following commands:

1. Package installation instructions for Ubuntu distributions:

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt-get install network-manager-l2tp  network-manager-l2tp-gnome

2. Package installation instructions for Fedora distributions:

dnf install xl2tpd
dnf install NetworkManager-l2tp
dnf install NetworkManager-l2tp-gnome

After installing the required package, enter your network settings by entering the Network Settings window:

In the opened page, create a new connection:

Then, in the opened window, select Layer 2 Tunneling Protocol (L2TP):

In the opened page, enter the information as follows:

  • Name: Specify the arbitrary name of connection.
  • Gateway: Specify the desired server IP address.
  • User name: Enter the desired username.
  • Password: Enter the desired password.

Then by selecting the IPsec Settings option on the opened page, enter the Pre-shared key and click on the Ok option:

Finally, in the Network Settings window, the desired connection is added and you can establish your VPN connection by clicking on it:

 

Making L2TP connection for Windows systems

First, by selecting the Start option and then the Setting option, we enter the Network & Internet settings:

In the next step, we create a connection by selecting the VPN tab and then Add a VPN Connection:

In the opened window, select the fields as follows:

  • Connection name: Specify the desired name of the connection.
  • Server: Specify the IP address of the desired server.
  • VPN type: Select the type of VPN protocol.
  • Username:  Enter the desired username.
  • Password: Enter the desired password.
  • Pre-Shared key: We enter the password determined in the VPN creation process.

    Created by APA Center of Razi University