Virtual Private Network

Virtual Private Network ( German " virtual private network ", in short "VPN" ) is an interface on a network and has two different meanings.

The conventional VPN serves to bind participants in a private ( self-contained ) network to another private network. Thus, once a computer establishes a VPN connection, the process is similar to the repositioning of its network cable from its original network to another ( via VPN mapped ) network.

For example, employee home access to the corporate network gain, just as if he were sitting right in the middle. The original network is the view of the VPN connection it reduced to the function of an extension cable that connects the VPN participants exclusively with the associated network. Is there more on the way between liegene networks, then these are also figuratively become part of the extension cable. Technically, the link goes to a VPN gateway, the connection point of the associated network, so the VPN subscriber ( VPN partner ) now becomes a participant of the associated network - with direct access, as if his network connection directly on the mapped network connected. This works regardless of the physical topology and the network protocols used even if the mapped network from a completely different kind.

The resulting benefits of VPNs can be supplemented by an encryption depending on the VPN protocol used, which allows for tap-and tamper-proof communication between the VPN partners.

SSL VPN ( also web-based VPN) supports a VPN mode in the sense of conventional VPNs ( Fat Client SSL VPN). In addition to since 2002, the term SSL VPN solutions also understood that act as a remote access to corporate applications and shared resources, without the SSL VPN partner for binding to the corporate network. Here, then, is no longer the network cable is connected to another network symbolically; it will only allow secure access to certain services of the other network.

Technically, these solutions are based on a proxy mechanism (Thin Client SSL VPN) or that the coveted enterprise application is a Web application itself ( clientless SSL VPN ) to which an SSL VPN partner can access over a secure connection, but without to get a direct access to the corporate network.

Conventional VPNs

Basics

The network to which the VPN binds its participants is partially also called a mapped network. The mapped network can lead to a physical network are added to the external devices using VPN over a dedicated ( VPN ) gateway ( "End -to-site " VPN). You, the VPN partner, be a part of the associated network and from there are now directly addressable - almost as if they were in the middle. Because of this illusion is called for a VPN partner of a virtual network.

The gateway can also point to a purely virtual network which consists solely of another VPN partners ( end - to-end VPN).

There is also the possibility of two mutually incompatible networks that are adjacent to one and the same neighboring network to connect with each other ( site-to -site VPN ), the intermediate neighboring network can be of a completely different kind here.

Mutually Networks reachable

As soon as at least two separate networks are connected via a device that is mutually reachable networks. The connecting device allows a communication between the networks and could for example be a (NAT ) router, or a gateway to be; in purely virtual networks ( which are embedded in another network ) can also be one of the participants take over this function.

A common connection device is the DSL router, which connects, for example, a corporate network to the Internet. Thanks to this device, a workstation computer connect to websites. The mutual accessibility remains limited; in contrast to a subscriber directly connected to the corporate network, a connected to the Internet can not easily access all network resources of the company ( such as file and printer sharing ). For this, the device connected to the Internet participants should be connected to the corporate network. That's what can be achieved through a VPN.

In classical VPN configuration, the connection device plays a central role; on him a VPN software is installed. The connecting device is characterized - in addition to his position - to a VPN gateway ( also VPN dial-in nodes).

┌ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┐ A network │ ├ ─ ┤ ├ ─ ┤ network connection device B ├ ─ ┤ ├ ─ ┤ network connection device C │ └ ─ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ┘ ├ -------- ↕ ------- ┤ └ ─ ─ ─ ─ ─ ─ ─ ─ ┘                                             │ │ VPN software                                             └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ In the example of Figure A network could be a home network, the Internet, and Network B Network C a company network. Assuming that communication with the respective adjacent networks to the VPN dial-in node is possible, VPN also works across multiple networks. So can dial in via VPN in network C is not only participants from network B, but also participants from network A.

VPN is a pure software product

The mutually reachable networks together form the hardware (the device itself, plus cables, etc. ) and software, which in turn is required for devices to help them " to say," what to do at all.

To get out of its original power out to bind a subscriber to an from there accessible network, a VPN software is needed. In the classical configuration, it is installed on the one hand on the device, which connects the networks to each other and placed on the einzubindendenen subscriber to another. VPN works without the need for an additional cable laid or anything else added to the hardware needs to be. It is therefore a pure software product.

However, there are hardware ( VPN appliances ) that has been optimized for the use of the VPN software, for example by a corresponding hardware design helps to speed up parts of the ( optional ) encryption.

Properties of VPNs

VPN is a separate logical network, which embeds itself in a physical network and uses the usual there addressing mechanisms for data purposes but transported own network packets and so detached from the rest of the network operates. It enables communication of therein VPN partner with the associated network, based on a tunneling technique that can be individually configured, customized and complete in itself (hence "private" ).

Operation

┌───────────────────────────────────────────┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ │ │ Network A Network B │ │ (the original network of the VPN partner) │ │ ( the mapped network ) │ └─────────────────────────┬─────────────────┘ └ ─ ─ ─ ─ ─ ─ ┬ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘                   ┌ ─ ─ ─ ─ ─ ─ ─ ┐ ▼ Picture: A VPN partner ▼ ┌ ─ ─ ─ ─ ─ ─ ─ ┐                   A1 PC │ ├ ─ ┐ from network A has in the ┌ ─ ┤ │ B1 PC ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ logged on network B and com- │ ┌ ─ ─ ─ ─ ─ ─ ─ ┐ │ VPN partner: "PC B6" │ │ communicates with PC B2. ├ ─ ┤ │ B2 PC ---------- ----------- ↕ ├ ┤ │ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ ┌ ─ ─ ─ ─ ─ ─ ─ ┐ │ virtual VPN adapter │ │ │ │ ├ ─ ┤ point X PC B3 │ ---------- ----------- ↕ ├ ┤ │ └ ┬ ─ ─ ─ ─ ─ ─ ─ ─ ┘ │ ┌ ─ ─ ─ ─ ─ ─ ─ ┐ │ network port A2 ├ ─ ┤ ▼ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ├ ─ ┤ │ PC B4 └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┌ ─ ─ ─ ─ ─ ─ ─ ┐ ├ ─ ☼ ─ ┤ network port A3 │ │ ┌ ─ ─ ─ ─ ─ ─ ─ ┐                   │ ├ ─ ┤ ├ PC A4 ---------- ---------- ↕ ┤ ├ ─ ┤ │ PC B5                   ┌ ─ ─ ─ ─ ─ ─ ─ ┐ │ │ VPN gateway │ │ └ ─ ─ ─ ─ ─ ─ ─ ┘                   │ PC A5 ├ ─ ┤ ├ ┤ │ ---------- ---------- ↕                   ┌ ─ ─ ─ ─ ─ ─ ─ ┐ │ │ network connection B7 ├ ─ ─ ─ ┘                   PC A6 │ ├ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘                   └ ─ ─ ─ ─ ─ ─ ─ ┘ Based on the example image running on the device with a network port A2 is a VPN client software associated with the device the net B. Is formerly from PC A2 by the "Network B" subscriber PC B6, our VPN partner.

This VPN partner now sends a message to for example PC B2. The message is passed to the routing adapter to the VPN, which is part of the VPN client software. He puts the message figuratively in an envelope ( address = "PC B2 ", sender = "PC B6" ), and then passes the letter to the network port A2. In this case, the letter is placed in another envelope ( address = "Network connection A3 " (VPN gateway), sender = "Network connection A2" ), and so passed to the network A.

The trick, then, is that the VPN packets can be independent of their content and the original address (inner envelope ) addressed separately (outer envelope ) to bring the letter in a form on the way that is compatible with Network A. The original network packets are Technically defined (internal letter ) for transport to a VPN protocol. Therefore, the expression in the VPN tunnel.

The network terminal A3 receives the letter, and passes it to the software " VPN Gateway", which runs on the device. This software removes the outer envelope and forwards the inner letter further in the power of network connection to PCs B7 B2 ( the addressee of the inner envelope ).

His reply sends back to PC PC B2 B6. The network connection B7 intercepts the letter because the VPN gateway recognizes that the "PC B6" address belongs to one of its VPN partner. This letter also is seen by the VPN gateway figuratively in a second envelope inserted ( address = "Network connection A2", sender = "Network connection A3 " ) and directed into the net A. The network connection A2 receives the letter and passes it to the VPN adapter. This removes the outer envelope and passes the inner letter to PC B6.

Net A from the VPN partner's point of view was expressed Simplistically reduced to the function of an extension cord, the PC B6 connects directly to the network B. For both communication partners PC PC B6 and B2, it is like follows, when PC B6 befände the middle of the network B and not in A. You get power from the mechanisms intervening with nothing.

The resulting benefits of VPNs can be supplemented by an encryption, which ensures that the communication between PC B6 and the VPN gateway of anyone from Network A can be viewed or even manipulated depending on the VPN protocol used. This optional VPN encryption is part of the outer envelope. So you do not have enough in the network B in, but ends or begins (return ) to the VPN gateway.

In a real environment network B could be for example a corporate network and the Internet network A ( here in a highly simplified illustration ), about a directly connected device to the Internet via VPN dialing into the company. Alternatively, network A could also be the private home network of the employee, the Internet would then between network A and network B are ( in the example figure referred to as " point X"). Also several intervening networks may well be at this point that will happen thanks to the letter of the outer envelope before he gets to the VPN gateway.

VPN works largely independent of the physical topology and the network protocols used even if the mapped network B of a completely different nature. For since the actual network packets are packed in the VPN log, it must ( the inner letters, ie "Network B" network protocols ) can be understood only by the VPN partners, but not ones of the intermediate network components from network A. only need to understand the transport data of the outer envelope, so know the network protocol used for transport.

Connect networks

┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ │ │ Network A Network A │ │ ( Branch 1 ) │ │ ( Branch 2 ) │ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┬ ─ ┘ └ ─ ┬ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘     ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ▼ ▼ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐     │ PC A1-1 ├ ─ ┐ Figure: Two branches are on one or more ┌ ─ ┤ │ PC A2-1     ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ neighboring networks via VPN connected. │ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐     │ PC A1-2 ├ ─ ┤ ├ ─ ┤ │ PC A2-2     ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐     │ PC A1-3 ├ ─ ┤ │ │ ├ ─ ┤ point X PC A2-3 │     ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ └ ─ ─ ─ ─ ┬ ─ ─ ─ ─ ┘ │ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐     │ PC A1-4 ├ ─ ┤ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ▼ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ├ ─ ┤ │ PC A2 -4     ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ │ Network Connection X1 ├ ─ ☼ ─ ┤ network connection X2 │ │ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐     │ PC A1 -5 ├ ─ ┤ ├ ┤ ├ ---------- ---------- ---------- ↕ ↕ ------- --- ┤ ├ ─ ┤ │ PC A2 -5     ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ │ │ │ 1 VPN gateway VPN gateway 2 │ │ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘     │ PC A1 -6 ├ ─ ┤ ├ ┤ ├ ---------- ---------- ---------- ↕ ↕ ------- --- ┤ │     ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ├ ─ ─ ┤ │ │ A8 network port network port B6 ├ ─ ─ ┘     │ PC A1 -7 ├ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘     └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ Compared to other types of tunnel a TCP / IP network, the VPN tunnel is characterized in that it passes independent of higher-level protocols (HTTP, FTP, etc.) all network packets. In this way it is possible, the data traffic between two network components to transport virtually unrestricted by another network, so why even entire networks on one or more adjacent nets of time ( in the figure referred to as point X ) can be interconnected.

Once the VPN gateway 1 acknowledges that a message is addressed to a subscriber from Branch 2 (PC - A2 ... ), it is inserted in accordance with the above-described operation symbolically in the second envelope and sent to VPN Gateway 2. Detects contrast VPN gateway 2 that a message is addressed to one -end side of Branch 1 (PC - A1 ... ), he sends them using the same principle to the VPN gateway 1

Encapsulated network

┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┐                                                                        │ ├ ─ ─ ┤ connector C01 power C │                                  ┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ├ ┤ ---------- ----------- ↕ └ ─ ─ ─ ─ ─ ─ ─ ─ ┘       ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │ VPN gateway for network B │ │ VPN gateway for network C │       │ │ ├ Network A ---------- ----------- ↕ ↕ ┤ ├ ---------- ---------- - ┤       └ ─ ─ ─ ┬ ─ ─ ─ ─ ┘ │ │ │ connection terminal A05 A08 │           ▼ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┬ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┬ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘     ┌───────┬─────────────┬─────────────┬────┴────────┬───────────────────┬────────┴──────────┬─────────────┐ ┌ ─ ─ ┴ ─ ─ ┐ ┌ ─ ─ ┴ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┴ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ┴ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┴ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┴ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ─ ─ ─ ─ ─ ─ ┴ ─ ─ ─ ─ ─ ─ ─ ─ ┐ ┌ ─ ─ ┴ ─ ─ ┐ A01 │ │ │ │ │ connection A02 A03 A04 │ │ │ │ │ │ connection terminal A06 A07 A09 connection │ │ │ │ │ A10 └ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ┘ ├ ------- ------- ↕ ┤ └ ─ ─ ─ ─ ─ ┘ ├ ------- ↕ --- ---- ┤ ├ ┤ ├ ------- ------- ------- ↕ ↕ ------- ┤ └ ─ ─ ─ ─ ─ ┘                  │ VPN partner B01 │ │ │ │ VPN partner B02 VPN partner C02 │ │ │ VPN partner C03                  └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ └ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘ In the example figure are in network A in addition to his usual participants (eg A01 ) and two virtual networks ( here network B and network C). Each of them is a private ( self-contained ) network, which follows its own rules, ranging from the type of addressing and distribution up to the used communication protocol. Nevertheless, they share ( at least partially ) the same physical line and infrastructure, which is made possible according to the above-described operation symbolically by the second envelope.

Based on the VPN partners, including the VPN gateway, it can be said VPN is an independent network is encapsulated in another network.

This may refer to the entire network if it consists exclusively of VPN partners, as is the case in network B. It can also refer to only part of the communication path. Net C flows into a separate physical network; when communicating one directly connected to the network operator C starts and ends (return ) the encapsulation here on the VPN gateway with a " C network " VPN partner.

Its origin form VPNs within a public switched network such self-contained virtual networks. These are inter alia the voice communication networks, X.25, Frame Relay and ISDN, which can be operated due to this concept over one and the same physical infrastructure, the public switched network, in parallel. Although they are physically ( at least partially ) embedded in the overlying switched network, but for the participants, it looks as if have its own line of each network.

Today VPN is used in everyday language to describe a (usually encrypted ) virtual IP network that is not in a switched network, but within a different IP network is (usually the public Internet ) embedded.

Encoding

Depending on the VPN protocol used allows the network packets encrypt most. Since the connection is thereby eavesdropping and tamper-proof to connect to the VPN partner can be established through an insecure network, without incurring an increased safety risk. Alternatively, can be via VPN and unsecured plaintext connections build.

However, it can also call the encrypted packets still identify which VPN remote sites are involved in the communication; the number and size of data packets can u.U. To draw conclusions about the nature of the data. Therefore, a parable sometimes used with a non-accessible tunnel is misleading in this respect; a comparison with a milk glass tube is more appropriate.

Practical use of a VPN

Once a computer establishes a VPN connection, the process is similar to the repositioning of its network cable from its original network to the new network associated with all effects such as modified IP addresses and differences in the routing.

Gets the computer as a web page, the request is then passed from the newly mapped network out to the Internet. The request is subject to the restrictions of the associated network and no longer those of the original network. The use, for example, journalists in countries where the free access to the Internet is not possible to bypass the access restriction. The only requirement is that the computer can connect to the VPN gateway from its original network out. The VPN gateway is located for this purpose usually in another country or a network with internet access. It is said that the Internet requests (as well as all other network requests ) over VPN tunneled.

Another reason to tunnel Internet access, is the protection of privacy. Applies equally to the mobile phone, the notebook, tablets and other devices that the traffic a third party can easily be read once for Internet access, public access will be used. Not everyone has access can be set up encrypted via the direct path, and even if the user for certain operations using an encrypted connection, information on where he has just remains connected cost. A VPN tunnel solves both problems, since ( depending on the VPN protocol) encryption of all network packets is possible here. In addition, one who may mitliest traffic of public access, recognize only one connection to the VPN gateway. The actual target is hidden because he can not see where is forwarded from there to connect him.

These are just two examples chosen, on the one hand to demonstrate the benefits with respect to the network change and respond to the benefits of a possible encryption to another. The resulting application possibilities are endless.

Applications

• About VPN allows local networks of multiple offices are connected via the Internet in a secure way (called a site-to- site connection ).
• The computer of an employee can obtain via VPN from home secure access to the corporate network. To this end, he sets up a connection to the Internet. Then he starts a VPN software ( VPN client, which virtually simulates the texture of the corporate network on the local computer ). This builds on the Internet to connect to the VPN gateway of the company. Once authenticated, the employee has access to the corporate network - just as if he were sitting right in the middle. This type of connection is called End -to-site. The method is also used to secure WLAN and other radio links.
• In contrast to end-to -site VPN is used ( for example in MSDN, with VoIP -Info.de on tomsnetworking.de ) " Mobile VPN " to refer to a VPN of some manufacturers that seamless roaming between, for example, GPRS, UMTS and WLAN support. This is a permanent network connection without constant Neueinwählen be enabled.
• It is also possible that the computer is not dependent of the employee via VPN to a remote physical corporate network, but binds directly to a server. VPN is used here to secure access to the server. This connection is called the end -to-end (English " end-to -end" ). In this way it is also possible to logically (but not physically ) to build abgekapseltes virtual network, which consists only of other VPN partners who have also connected to the server. The VPN partner can now securely communicate with each other.
• There is also the possibility that two servers via VPN can chat with each other without communication can be viewed by third parties ( which corresponds to an end-to -end connection, which called for such a case, sometimes also called host -to-host is ). FreeS / WAN and its successor Openswan and strongSwan offer the possibility of so-called " opportunistic encryption": There is for every computer to which the computer is exchanging own data, a tunnel built if this provides a key via DNS.
• Similar to the dial-up from home in a corporate network also any clients from the corporate network can dial in a separate, specially secured network within the company via VPN: a private ( for data purposes abgekapseltes ) network within the private network, then, in which the clients to use the VPN gateway the same physical line as all the other clients of the network too - with the difference that all VPN network packets can be transmitted in encrypted form to the gateway.

Security

By the use of passwords, public keys, or by a digital certificate to authenticate the VPN endpoints can not be guaranteed. In addition, hardware - based systems like SecurID offered.

Implementations

VPNs are based on the following underlying protocols:

• IPsec is suitable for both site-to- site VPNs and end-to - site VPNs.
• TLS / SSL are mainly used for end-to- site VPNs.
• ViPNet is particularly suitable for end - to-end VPNs, but also allows end-to -site and site-to- site VPNs.
• GetVPN developed by company Cisco method almost automatically set up the IPSec tunnel with the help of a central key server at all to the interconnected routers belonging
• PPTP ( broken) and L2TP (Layer 2 VPN protocols )
• PPPD ( PPP Daemon) and SSH in combination can lead to all IP traffic through a tunnel. The solution is similar to the PPTP without its security problems.
• Microsoft SSTP in Windows Server 2008 and Windows Vista Service Pack 1 introduced Secure Socket Tunneling Protocol. SSTP tunnels the PPP or L2TP traffic through an SSL 3.0 channel.
• Fastd written by Matthias Schiffer that operates at Layer 2 or Layer 3 VPN with small resource requirements and therefore good suitability for embedded systems, especially in mesh networks, such as Freifunk

Many modern operating systems contain components that enable a VPN can be established. Since kernel 2.6 Linux includes an IPSec implementation, older kernels require the KLIPS IPsec kernel module, which is provided by Openswan and strongSwan available. Also, BSD, Cisco IOS, Mac OS X and Windows are IPSec -capable.

See also: SSL VPN, OpenVPN, CIPE

The virtual network card a VPN session

The software installed on the PC VPN client software usually provides that the PC reaches only the communication partner of the VPN network. In this mode, the participants in the original network can not establish a connection to a (potential) network service of the PC, as long as the VPN connection is established. For this, the PC can now provide network services for the associated ( VPN ) network.

To achieve this, is applied from the VPN client software for the creation of a VPN session, a virtual network interface card. It is hereinafter referred to as VPN adapter.

To understand the operation of the virtual VPN adapter, it is helpful to first consider the physical network connection: A PC will usually have (at least) a real existing network connection. This network connection has been assigned an address on its network. You can put it by "ping