2.laboratorijska naloga - 2nd lab assignment

Vaša naloga je, da vzpostavite navidezno lokalno omrežje (Virtual Private Network, VPN). Na tem omrežju bodo izbrancem na voljo različne multimedijske vsebine.

Cilj je sestaviti čim večje in po možnosti čim bolj komplicirano omrežje. Omrežje mora vsebovati vsaj dve podomrežji, ki bosta med seboj povezani z usmerjevalnikom in vsaj dve vstopni točki.

Za vzpostavitev virtualnega privatnega omrežja postavite najprej CA (certificate authority), s katero podpišite certifikate za VPN strežnik in kliente.

Na tem omrežju postavite HTTP strežnik, ki bo omogočal dostop do več zvočnih ali video datotek. Iste datoteke naredite dostopne še prek FTP, NFS in SMB. Za dotatne točke HTTP strežnik nastavite tako, da bo podpiral HTTPS in da se zadnji različici brskalnikov Firefox in Chromium v Debian ne bosta pritožili, da stran ni zaupanja vredna.

Postopek, kako ste rešili zgoraj opisano nalogo, opišite v 7 datotekah:

  • keys.txt - opis tega, kako ste ustvarili CA, ključe in certifikate, 2 točki.
  • vpn.txt - opis tega, kako ste vzpostavili VPN, 1 točka
  • http.txt - opis tega, kako ste postavili SMB, HTTP, FTP in NFS strežnike, 1 točka
  • https.txt - opis tega, kako ste nastavili strežnik https, 2 točki
  • network.svg - slika vašega omrežja (vektorska). Obvezno, 0 točk.
  • routing.txt - opis tega, kako ste nastavili usmerjevalne tabele, 1 točka
  • members.txt - seznam članov VPN. Datoteka naj vsebuje 3 stolpce: IP vsakega računalnika; ime in priimek lastnika; državo, iz katere je lastnik. Stolpci naj bodo ločeni z vejicami. Največ 2 točki.
  • auth.txt - opis tega, kako ste poskrbeli za preverjanje uporabniških imen in gesel na strežnikih, ki so v omrežju. 1 točka.

Dve točki (pod members.txt) dobi skupina, ki bo postavila največji VPN (zbrala največ točk za velikost). Vrednotenje velikosti VPN bo sledeče:

  • število povezanih računalnikov, 1 pika za velikost / računalnik
  • število povezanih študentov, 2 pika za velikost / študenta
  • število povezanih podomrežij, 3 pike za velikost / podomrežje
  • število različnih narodov, ki jih mreža povezuje, 4 pike za velikost / državljanstvo.

Za višjo oceno poskrbite, da bo na omrežju deloval "TV program", kjer se bodo predvajale video vsebine. Poskrbite lahko še za to, da bodo vsebine dostopne prek razpošiljanja (multicast). Na omrežju lahko (na skrivaj) predajate tudi IP TV signal, ki ga sicer dobivate na dom. Poleg tega lahko vse uporabnike shranite na enem mestu. Lahko jih celo shranite v podatkovno bazo, po možnosti dostopno prek LDAP.

Lahko tudi podpišete certifikat, ki ga je asistent postavil na učilnico V tednu po roku za oddajo se bo ob naključnem času skripta poizkusila povezati na vaše navidezno omrežje. Če bo v tistem trenutku omrežje delovalo in vaš strežnik dostopen, lahko dobite še 3 dodatne točke.

Storjeno opišite v naslednjih datotekah:

  • streaming.txt - opis vzpostavitve predvajanja "TV programa", 1 točka
  • dlna.txt - opis vzpostavitve predvajanja vsebin na sodobnih domačih napravah, 1 točka
  • multicast-txt - opis nastavitev, potrebnih za predajanje multicast paketov, 3 točke.
  • radius.txt - opis vzpostavitve centralnega strežnika za avtentikacijo, 2 točki.
  • ldap.txt - opis postavitve skupne baze s podatki o uporabnikih, 3 točke
  • iptv.txt - opis postavitve sistema za prepošiljanje IPTV signala, 3 točke
  • polz.crt - podpisan certifikat, s pomočjo katerega se lahko asistent poveže na vaše omrežje.
  • polz.cfg - konfiguracijska datoteka, s katero se lahko asistent poveže na vaše omrežje. Datoteka, ključi in certifikati bodo postavljeni v nek imenik, v katerem bo potem zagnan program openvpn.
  • ca.crt - the certificate of the CA which was used to sign the certificate of your server.
  • my_file.txt - URL z video ali slikovno datoteko, ki jo lahko kdorkoli s pomočjo wget potegne z vašega strežnika. IP v URL-ju MORA biti znotraj vašega navideznega omrežja. Če bosta imela dva študenta to datoteko enako, bosta pozvana na individualni zagovor. 3 točke.

Datoteke zapakirajte tako, kot ste jih za prejšnjo nalogo, z eno samo razliko - namesto podimenika files naj bo v njej podimenik hosts, v podimeniku hosts pa nadaljnji podimeniki, po en za vsak računalnik, ki ste ga nastavili.

Za napačno obliko oddane naloge boste izgubili 3 točke.

Veliko sreče pri reševanju!


Your mission today is to set up a virtual private network (VPN). This network will be used to distribute multimedia content.

Your goal is to make the network as large and complicated as possible. The network must consist of at least two sub-networks which must be connected by routers. There should be at least two entrance points.

To set up the VPN, you should first create a certificate authority (CA). Have this CA sign the certificates of each VPN server and client on your network.

Inside the network, set up an HTTP server. Have it serve multiple audio and video files. Make the same files available also over FTP, NFS and SMB. For additional points set up the HTTP server so that it supports HTTPS. Make sure that neither the latest Firefox nor Chromium available in Debian complain abut the certificate.

Describe how you completed the tasks above in the following files:

  • keys.txt - how you created the CA, all the keys and certificates, 2 points.
  • vpn.txt - how you set up the VPN network, 1 point
  • http.txt - how you set up the SMB, HTTP, FTP and NFS servers, 1 point
  • https.txt - how you set up the HTTP server, 2 points
  • network.svg - a schematic (picture) of your network in a vector format. Obligatory, 0 points.
  • routing.txt - a description of how you set up the routing tables, 1 point
  • members.txt - a list of VPN members. The file should contain three columns:the IP of each computer; the name and surname of the computer's owner; the country that the computer's owner is a citizen of. The columns should be separated by commas. Maximum - 2 points.
  • auth.txt - A description of how you configured authorization on servers. 1 point.

Two points (under members.txt) will be awarded to the group which sets up the largest network. The size of the network will be judged as follows:

  • the number of computers in the network, 1 unit / computer.
  • the number of students connected, 2 units / student.
  • the number of subnets connected, 3 units / student
  • the number of nations that the network connects, 4 units / citizenship.

(The network with the highest number of units is the largest network.)

To get a higher grade, make sure that there is a "TV channel" available on the network. This channel should broadcast video content. You can also configure the network so that the content is available over multicast. Secretely, you can also use the VPN to re-transmit the IPTV signal that gets sent to your home. You can make all the neccessarry user data available to all the servers in the network (e.g. through radius). The user data may be stored in a database - preferably accessible over LDAP.

Describe what you have done in the following files:

  • streaming.txt - how you set up video streaming, 1 point
  • dlna.txt - how you set up a multimedia server for modern appliances, 1 point
  • multicast-txt - how you set up multicast, 2 points.
  • radius.txt - how you set up authentication for all servers, 2 points.
  • ldap.txt - how you set up a common database for all users, 3 points
  • iptv.txt - how you set up IP, terrestrial or satelite TV forwarding, 3 points
  • polz.crt - a signed certificate which Polz can use to connect to your VPN.
  • polz.cfg - a configuration file Polz can use to connect to your network. The keys will be placed in the same directory as this configuration file.
  • ca.crt - the certificate of the CA which was used to sign the certificate of your server.
  • my_file.txt - a file containing an URL of a video or image file. This file should be accessible by anyone and should be downloadable using wget. The IP in the URL MUST be within your virtual network. If two students serve the same file, they will be called to defend their work individually. 3 points.

You must pack the files in almost the same manner as you did for the first lab assignment. Instead of creating a sub-directory called files, create a sub-directory called hosts and under that, a further sub-directory for each host on your network.

In the case of improper formatting, 3 points will be deducted from your score.

Good luck!