VPN server setup

Anulat Postat la Mar 20, 2010 S-au achitat serviciile după ce au fost prestate
Anulat S-au achitat serviciile după ce au fost prestate

We currently run a VPN service utilizing the OpenVPN protocol. We wish to expand into offering additional protocols including PPTP (Point-to-Point Tunneling Protocol). For this project we require server-side installation, modifications and patches for the opensource PPTP server ([url removed, login to view]) to be setup on our VPN servers currently utilizing OpenVPN.

## Deliverables

Hello,

We currently run a VPN service utilizing the OpenVPN protocol. We wish to expand into offering additional protocols including PPTP (Point-to-Point Tunneling Protocol).

For this project we require server-side installation, modifications and patches for the opensource PPTP server ([url removed, login to view]) to be setup on our VPN servers currently utilizing OpenVPN.

Since we run a customized VPN setup and service we require the following modifications to POPTOP:

#########################################################################

1) Authentication file modification

By default POPTOP stores user authentication (username, password) in a single flat file.

-----------------------------------------------------------------

Plan A (MYSQL):

We require authentication to use a MySQL database already setup on all of our VPN servers as this is what OpenVPN uses. The database is automatically replicated to all VPN servers. This database contains data such as:

Username

Password

Status_id; this tells the server if the users account is in an active state or is disabled (e.g. no payment).

What we need is the PPTP server to be linked to this database and not the default flat-file setup. The PPTP server must also only let users in an 'active' status_id to be able to connect.

-----------------------------------------------------------------

Plan B (cronjob):

If the MySQL authentication can not be achieved 100%, then we will have to go down the cronjob route.

Every 1 minute or so the cronjob would query the MySQL database for users in an active state and import their username and password into the flat-file.

Not ideal and I would strongly prefer going down the Plan A route.

#########################################################################

2) Password encryption

By default the PPTP server stores users passwords as plain-text. I am 100% NOT having any plan-text passwords on the servers. Passwords must be encrypted. OpenVPN uses MD5 passwords from the database, therefore it would be pointless storing the plain-text version for PPTP on the same server.

-----------------------------------------------------------------

Plan A (ensure there is no 'natural/default' way):

I require confirmation that PPTP can not by default use encrypted passwords (e.g. MD5). By default I mean no heavy patches or anything (like in Plan B).

-----------------------------------------------------------------

Plan B (hack):

There is a way we can STORE users passwords in MD5 format using a little hack.

Currently users passwords are stored in MD5 format in the MySQL database on every VPN server (OpenVPN for example uses this password). So we already have the users password encrypted. What we will do is to use the users MD5 password hash value from the existing database as the ACTUAL PPTP password.

Now we have various problems; 1) the user will need to know what their existing password is in MD5 format. 2) As you know MD5 passwords are fairly long and this would be annoying for the user to remember, or to type in on say a mobile phone (most phones have PPTP built in). 3) It would also mean the user would have two passwords, one for OpenVPN and one for PPTP. NOT ideal at all. We are dealing with customers from all sorts of technical backgrounds and we need to make our service easy to use.

Therefore I propose we hack the PPTP authentication (server-side). When a user connects to the PPTP server, they use their normal password, the server then converts their password into the corresponding MD5 value and checks if it matches the same MD5sum which exists in the auth database.

The PPTP server should also be able to cope with accepting MD5 passwords straight from the users client AS WELL. What I mean by this is, if users want they can connect to the PPTP server using the MD5sum of their password if they choose too, but in this case the server will not try to convert the MD5sum into another MD5sum and will instead try to match it to the existing MD5sum. The reason for this is because PPTP is not known for great security and by letting the user connect via their MD5sum password anyone sniffing their network will not be able to see their plain-text password being sent to our server and will only see the MD5value.

So ideally the server would:

1) Check if the password being sent matches the MD5sum in the auth database, if it does (e.g. the user is connecting using the MD5sum value as a password) it connects the user.

2) If the password sent to the server does NOT match the MD5sum in the auth database, the server assumes the user is sending us their plain-text password and then converts the password into the corresponding MD5 value, if this MD5 value matches the same MD5 value in the database the user can connect.

#########################################################################

3) Session logging

The PPTP server should log various connection details, such as:

1) Connection date/time

2) Disconnection date/time

3) Time connected (difference between 1/2)

4) Users actual IP address

5) Server IP address

IF POSSIBLE:

6) Bandwidth logging per session (up/down).

It should store the sessions logs in a .txt file on the PPTP server for now.

#########################################################################

4) Connection list

We should have the ability to see which users are currently connected and a connection count, example format:

XX users are connected

<session logs for users currently connected in '3)' format>

#########################################################################

5) PPTP to use additional subnet

We can't use the same subnet as OpenVPN for obvious reasons, so PPTP will use an additional subnet provided. Very easy and should cause no problems.

#########################################################################

6) Random IP upon connection

Each time a user connects they should be allocated a random IP address from the subnet provided. They should not be allocated the same IP address as per their last session. Ideally we would have the system remember all of their past IP addresses to ensure they get a random IP address up until they have used the entire subnet. So say its a /26 that's around 60 IP addresses.

User must never be allocated an IP address already in use by another user *IMPORTANT* otherwise connection will fail.

#########################################################################

7) Additional information and final notes

Server wise:

You will be given access to one live VPN server already running OpenVPN. The OS we use is Debian.

We may later hire you to setup 20-30 VPN servers once we are sure the setup is running fine. This would be considered as a separate project.

About you:

You must be a full time software developer / sysadmin, either working freelance or for a company. Part-timers are not welcome.

You will be required to document every part of the setup.

You must be able to provide FREE support for at least 1 month after you have finished the setup.

You must be able to provide support after 1 month at an agreeable rate and response time.

You must reply to all emails within 12-24 hours max. Communication is everything.

You must ideally work solidly on our project until completion, you are welcome to take on work from other clients but this must not affect the completion time of our project.

You must have had experience with VPN technologies and an understanding of the PPTP protocol.

You must agree that any work produced to me will be copyrighted and property of my business, cannot be used elsewhere, published elsewhere or sold to a competitor.

If you have any questions please feel free to ask. You can also talk to me via phone if needed.

Programare C Inginerie Linux MySQL PHP Gestionarea proiectului Arhitectură software Testare software

ID Proiect: #3277373

Detalii despre proiect

6 propuneri Proiect la distanță Activ Apr 1, 2010

6 freelanceri plasează o ofertă medie de 1458$ pentru proiect

rodrigogonzalez

See private message.

$680 USD în 14 zile
(100 recenzii)
5.8
Othila

See private message.

$2975 USD în 14 zile
(2 recenzii)
4.5
coderyvw

See private message.

$1699.15 USD în 14 zile
(1 părere)
2.2
deegital

See private message.

$586.5 USD în 14 zile
(1 părere)
0.0
amitusaineu

See private message.

$1530 USD în 14 zile
(0 recenzii)
0.0
coderscentral

See private message.

$1275 USD în 14 zile
(1 părere)
0.0