VPN software, VPN hardware, and protocols
The Virtual Private Network – VPN – has attracted the attention of many organizations looking to both expand their networking capabilities and reduce their costs.
The VPN can be found in workplaces and homes, where they allow employees to safely log into company networks. Telecommuters and those who travel often find a VPN a more convenient way to stay connected to the corporate intranet. No matter your current involvement with VPNs, this is a good technology to know something about.
This VPN tutorial involves many interesting aspects of network protocol design, Internet security, network service outsourcing, and technology standards.
What Exactly Is A VPN?
A VPN supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN).
The key feature of a VPN, however, is its ability to use public networks like the Internet rather than rely on private leased lines. VPN technologies implement restricted-access networks that utilize the same cabling and routers as a public network, and they do so without sacrificing features or basic security.
A VPN supports at least three different modes of use:
- Remote access client connections
- LAN-to-LAN internetworking
- Controlled access within an intranet
Read more – About VPN Applications
VPN Pros and Cons
Like many commercialized network technologies, a significant amount of sales and marketing hype surrounds VPN.
In reality, VPNs provide just a few specific potential advantages over more traditional forms of wide-area networking. These advantages can be significant, but they do not come for free.
The potential problems with the VPN outnumber the advantages and are generally more difficult to understand. The disadvantages do not necessarily outweigh the advantages, however.
From security and performance concerns to coping with a wide range of sometimes incompatible vendor products, the decision of whether or not to use a VPN cannot be made without significant planning and preparation.
Read more – Advantages and Disadvantages of VPNs
Technology Behind VPNs
Several network protocols have become popular as a result of VPN developments:
These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public.
Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other.
Read more – VPN Technologies
The Future of VPN
Virtual private networks have grown in popularity as businesses to save money on remote network access for employees. Many corporations have also adopted VPNs as a security solution for private Wi-Fi wireless networks. Expect a continued gradual expansion in use of VPN technology to continue in the coming years.
Virtual private network technology is based on the idea of tunneling. VPN tunnelinginvolves establishing and maintaining a logical network connection (that may contain intermediate hops). On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side.
For Internet-based VPNs, packets in one of several VPN protocols are encapsulated within Internet Protocol (IP) packets. VPN protocols also support authentication and encryption to keep the tunnels secure.
Types of VPN Tunneling
VPN supports two types of tunneling – voluntary and compulsory. Both types of tunneling are commonly used.
In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection.
In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels.
Compulsory VPN tunneling authenticates clients and associates them with specific VPN servers using logic built into the broker device. This network device is sometimes called the VPN Front End Processor (FEP), Network Access Server (NAS) or Point of Presence Server (POS). Compulsory tunneling hides the details of VPN server connectivity from the VPN clients and effectively transfers management control over the tunnels from clients to the ISP.
In return, service providers must take on the additional burden of installing and maintaining FEP devices.
VPN Tunneling Protocols
Several computer network protocols have been implemented specifically for use with VPN tunnels. The three most popular VPN tunneling protocols listed below continue to compete with each other for acceptance in the industry. These protocols are generally incompatible with each other.
Point-to-Point Tunneling Protocol (PPTP)
Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.
More – About PPTP
Layer Two Tunneling Protocol (L2TP)
The original competitor to PPTP for VPN tunneling was L2F, a protocol implemented primarily in Cisco products. In an attempt to improve on L2F, the best features of it and PPTP were combined to create a new standard called L2TP. Like PPTP, L2TP exists at the data link layer (Layer Two) in the OSI model — thus the origin of its name.
Internet Protocol Security (IPsec)
IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution or simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) of the OSI model.