Organization of remote interaction of employees with the information infrastructure of the enterprise

Abstract

Currently, an acute problem is the issue of providing remote connection of foreign institutions and enterprise personnel to its information network through the public Internet network, while other users of the public network cannot access information resources within the enterprise. The paper describes the sequential steps of configuring a server based on Ubuntu 20.04 using StrongSwan, an IPsec daemon that supports both IKEv1 and IKEv2. During the setup process, a 4096-bit RSA key was generated to sign the root CA. The VPN server's private key was then generated, which was signed by the VPN server's certificate using the certificate authority's key. IPsec configuration was also performed by making the necessary changes to the configuration file. Further, the work describes the process of setting up authentication, including setting up an identifier (login) and password. The final step was to configure the firewall, allow access for OpenSSH to remotely manage the server, specify the standard IPsec ports, and set the forwarding settings. This type of communication provides a high level of security, as the server asks the client for a certificate and authentication data. Another advantage is the use of encryption, which is compatible with all platforms. This provides an encrypted and secure network connection, which is important for remote workers as it gives them direct access to the organization's resources without being in the office. Users can connect to the network from different regions around the world using their devices.