VPNs: Fundamentals and basics

VPNs are discussed in this introductory tip on the fundamentals of virtual private networks.

A virtual private network (VPN) is a private network that uses a public network (the Internet) to connect users. These users can be located in branch or home offices. Years ago, companies would either procure leased lines or create a frame relay network for this purpose, both solutions being very expensive. VPN technology is much more efficient because it uses virtual connections routed through the Internet, from the corporate LAN to...

the remote site. Best of all, there is no need to pay some carrier to take care of these services because the Internet is the carrier. Some other advantages of a VPN are encrypted security, broadband network support, ease of maintenance, simplified network topology and the ability to provide support to individual users or branch offices.

More on this topic

IPSec VPN clients

Crash Course: VPNs

Crash Course: SSL VPNs

More VPN tips

Several methods of configuration can be used with VPNs. One method is an intranet-based VPN, which is defined as a network that links remote locations to create a single private network. This type of network connects LANs. A single department's network may be physically connected to the intranet but separated by VPN servers. These servers do not provide a directly routed connection. Only users on the corporate intranet with the appropriate rights can establish a remote-access VPN connection with the server. There is another enhanced level of security provided by VPN -- all communication is encrypted. If users do not have rights to establish a VPN connection, the network is completely hidden from them.

Another way of setting up a VPN network is to use routers for the VPN connections. In this example, departments must be connected to an intranet with computers that act as VPN routers. Once the connections are established, PC users on each network can exchange information over the Internet.

As shown in the diagram, each branch office has PC clients connected to a switch that also functions as a VPN router. This in turn connects to a firewall, which then sends its information encrypted through a tunnel that is linked with the VPN connection. The laptop user is a home-based user who does not need a router or a firewall. He uses a VPN client to establish his tunnel. The beauty of using VPN for this solution is that -- depending on the hardware purchased -- it should be possible to support hundreds of users across the public network, with just the client software. This solution provides significant cost savings over traditional toll-free numbers. It also supports broadband, giving dramatic performance improvements over dial-up. Security is improved as well, since the connections go through encrypted tunnels.

An important concept to understand regarding VPNs is tunneling. Tunneling is the transmission of data intended for use only within a private network through a public network in such a way that the nodes in the public network (the Internet) are not even aware that the transmission is part of a private network. The way this is done is to encapsulate the private network data and protocol information within the public network transmission. This is done so that the private network protocol information appears to the public network as data. This allows one to use the public network to transmit data from a corporate private network.

There are many VPN protocols, such as Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP). IPsec (Internet Protocol Security), a framework for a set of security protocols at the packet processing layer is also used with VPNs. IPSec has two encryption modes: tunnel and transport. Tunnel is more secure because it encrypts the header and the payload of each and every packet, whereas transport will encrypt only the payload. IPSec provides very strong security features, such as complex encrypting algorithms and strong authentication. The only drawback here is that the hardware devices must support IPSec, and this is not a given.

Finally, before purchasing a VPN solution, look carefully at all the products on the market. Don't just jump at the first solution. Look at everything you want your VPN to do. If all you'll ever need it for is connectivity for your work-from-home users, you may not need all the features of an enterprise-wide type of hardware solution offered by one of the top vendors. Think carefully before you purchase a solution in which the VPN is also the router or the firewall. All-in-one solutions have a certain appeal, but think about what would happen if someone were to break into that device -- there is no other barrier between you and your private network. A separate router gives you another barrier. Similarly, many vendors offer hybrid firewall/VPN solutions. Don't forget that the firewall provides the barrier between your private network and the public network, which is the Internet. Any way you slice it, separating devices gives you another layer of protection.

About the author:
Ken Milberg is the founder of Unix-Linux Solutions. He is also a board member of Unigroup of NY, the oldest Unix users group in NYC. Ken regularly answers user questions on Unix and Linux interoperability issues as a site expert on SearchOpenSource.com.

This was first published in May 2006

Dig deeper on VPN design

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchNetworking

SearchUnifiedCommunications

SearchTelecom

SearchSDN

Close