Virtual Private Network

Virtual private network

VPN allowusers working at home or on the road to connect securely to a remote corporate server by using the routing infrastructure provided by a public internetwork such as the Internet.

Computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization

A VPN technology also allows a corporate to connect with its branch offices or with other companies over a public internetwork. While maintaining secure connections. A VPN connection across the internet logically operate as a dedicated WAN link.

Connecting Networks over the Internet

When connecting to a networks over the internet, branch offices can use either DEDICATED and DIAL-UP LINES

DEDICATED LINES; Dedicated line is a telecommunications path between two points that is available 24 hours a day for use by a designated user (individual or company). It is not shared in common among multiple users as dial-up lines are. A dedicated line can be a physical path owned by the user or rented from a telephone company, in which case it is called a leased line. A synonym is nonswitched line (as opposed to a switched or dial-up line).

Dial-Up Lines; Dial-up pertains to a telephone connection in a system of many lines shared by many users. A dial-up connection is established and maintained for limited time duration. The alternative is a dedicated connection, which is continuously in place. Dial-up lines are sometimes called switched lines and dedicated lines are called nonswitched lines. A dedicated line is often a leased line that is rented from a telephone company.

Connecting Computers over an Intranet

VPN allow the department’sLAn to be physically connected to the corporate internetwork but separated by a VPN server. Note that the VPN server is not acting as a router between the corporate internetwork and the department LAN. Users on the corporate internetwork who have the appropriate credentials(based on anedd-to-know policy within the company) can establish a VPN with the VPN server and gain access to the protetected resources of the department.

Additionaly, all communication across the VPN can be encrypyyted for confidentiality.

TUNNELING BASICS

A method for transporting packets of one network protocol over a different network protocol .

Tunneling is a way of using one network infrastructure (called the transit network) for carrying traffic for a differentnetwork. This is done by encapsulating the packets of the sending node in frames of the transit network and adding a suitable header to route the frame across the transit network to the receiving node. When the encapsulated frame arrives at the receiving node, it is de-encapsulated so the node can read it. The two nodes (sending and receiving) are called the tunnel endpoints, and the path over which encapsulated frames are routedacross the transit network is called the tunnel.

TUNNEL MAINTENANCE AND DATA TRANSFER

1. TUNNEL MAINTENANCE PROTOCOL

Is used as mechanism to manage the tunnel.for some tunneling technology ,such as PPTP and L2TP, a tunnel is similar to a session: both endpoint of the tunnel must agree to the tunnel and be aware of its presence . However, unlike a session, a tunnel does not guarantee reliable delivery of data.

1. Creating a Tunnel

A tunnel must be created before data transfer occur.The tunnel creation is initiated by one end of the tunnel, mostly tunnel client. At the other end of the tunnel the tunnel server receives the connection request.

To create a tunnel

1. a connection similar to a PPP connection is performed.
2. The tunnel server requests that client authenticate itself
3. Once validated by the server, the tunnel connection is granted and data transfer across the tunnel can begin.
4. Tunnel creation messages are sent by the tunnel client to the internetwork address of the tunnel server.

1. Maintaining the Tunnel

Depending on the protocol used ex:PPTP and L2TP , once the tunnel has been created, it must be maintained. Both end of the tunnel must be aware of the state of the other end of the tunnel in case of connection fault. Tunnel maintenance is typically performed through a keep live process that periodically polls the other end of the tunnel when no data is being transferred.

1. Terminating the tunnel

Certain tunneling technologies allow either end of the tunnel to gracefully terminate the tunnel through an exchange of tunnel termination messages.

1. Tunnel Data Transfer protocol

One the tunnel is established, tunneled data can be sent. A tunnel data transfer protocol encapsulates the data to be transferred across the tunnel.

When the tunnel client sends a tunneled payload to the tunnel server, the tunnel client appends a tunnel data transfer protocol header onto the payload. The resulting encapsulated payload is sent across the transit internetwork and routed to the tunnel server. The tunnel server accept the packet , remove the tunnel data transfer protocol header, amdforwads the payload appropriately.Information sent between the tunnel server and the tunnel client behaves similarly.

TUNNEL TYPES

2 basic types of tunnels exist.

VOLUNTARY TUNNELS:

Voluntary tunneling occurs when the client workstation volunteers to create the tunnel to the target

COMPULSORY TUNNELS