If a firewall can be described as a system used to keep the bad guys out of your network, a Virtual Private Network can be described as a system used to let the good guys in.
A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization’s network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.
As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their own VPN to accommodate the needs of remote employees and distant offices.
Basically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses “virtual” connections routed through the Internet from the company’s private network to the remote site or employee.
A VPN supplies network connectivity over a possibly long physical distance. In the respect, a VPN is a form of Wide Area Network (WAN). VPN allows an organization to securely connect multiple offices, mobile workers and telecommuters over a public IP telecommunication infrastructure such as the Internet by using encryption technologies. A VPN can give a company the same capabilities as a system of privately owned or leased lines at a much lower cost.
A VPN typically uses the Internet and tunneling protocols to send encrypted data from one address through the “tunnel” to the receiving address.
What is tunneling?
Most VPNs rely on tunneling to create a private network that reaches across the Internet. Essentially, tunneling is the process of placing an entire packet within another packet and sending it over a network.
The protocol of the outer packet is understood by the network and both points, called tunnel interfaces, where the packets and exists the network. Tunneling requires three different protocols
- Carrier protocol – The protocol used by the network that the information is travelling over.
- Encapsulating protocol – The protocol (GRE, IPSec, PPTP, and L2TP) that is wrapped around the original data.
- Passenger protocol – The original data (IPX, IP) being carried.
Tunnelling has amazing implications for VPNs. For example, you can place a packet that has a protocol not supported on the Internet inside an IP packet and send it safely over the Internet. Or you could put a packet that uses a private (non-routable) IP address inside a packet that uses a globally unique IP address to extend a private network over the Internet.
Tunneling: Site to Site VPN
In a site-to-site, GRE (generic routing encapsulation) is normally the encapsulating protocol that provides the framework for how to package the passenger protocol for transport over the carrier protocol, which is typically IP-based. This process includes information on what type of packet you are encapsulating and information about the connection between the client and server.
Tunneling: Client to Site VPN
In a remote-access VPN, tunneling normally takes place using Point-to-Point Protocol (PPP). Part of the TCP/IP stack, PPP is the carrier for other IP protocols when communicating over the network between the host computer and a remote system. Remote-access VPN tunneling relies on PPP.
What Makes a VPN?
A well-designed VPN can greatly benefit a company. For example, it can:
- Extend geographic connectivity
- Improve security
- Reduce operational costs versus traditional WAN
- Reduce transit time and transportation costs for remote users
- Improve productivity
- Provide global networking opportunities
- Provide telecommuter support
What features are needed in a well-designed VPN? It should incorporate:
- Network management
- Policy management
Benefits of VPN
Virtual Private Network acts as a dedicated line for transferring data securely over the Internet. The use of VPN offers advantage such as:
Low Cost: Internet access is inexpensive compared to the cost of leasing dedicated circuits.
High Security: VPN technology encrypts the data, sends it through a virtual circuit that contains the secure and destination to only those within the established VPN.
No Location Restriction: VPN technology is accessible from any location where Internet is available.
VPN incorporates authentication and encryption techniques to create a chain of actions, each adding a level of security to the data transmission.
Limitations of a VPN
Despite their popularity, VPNs are not perfect and limitations exist as is true for any technology. Organizations should consider issues like the below when deploying and using virtual private networks in their operations:
1. VPNs require detailed understanding of network security issues and careful installation / configuration to ensure sufficient protection on a public network like the Internet.
2. The reliability and performance of an Internet-based VPN is not under an organization’s direct control. Instead, the solution relies on an ISP and their quality of service.
3. Historically, VPN products and solutions from different vendors have not always been compatible due to issues with VPN technology standards. Attempting to mix and match equipment may cause technical problems, and using equipment from one provider may not give as great a cost savings.
Written by Deepa Vishwakarma