VPN – What is a VPN, and what are their difrences?
VPN (Virtual Private Network) is a technolegy used to make secure connections from different networks. Whether its site to site or point to site connections. This article will cover the basics every IT administrator should now about VPNs, when it comes to both usability and security.
Genneral information and different types of VPNs
There are several types of VPNs, but generally speaking there are two main types of VPN, Site to site and point to site.
A site to site VPN connections two sites with each other allowing for communication between sites. Whereas point to site also reffered to as dial up or remote acces VPNs connects a single user to a network.
The two most used VPN types are SSL and IPSec VPNs. The goal of a VPN is to create an encrypted connection between endpoints, ensureing data integrity. Other than encrypting the traffic VPN also provides technolegy that helps to ensure you are communication to the right servers and not a random hacker on the internet.
Dial up, or p2p VPNs can made both as a split tunnel and a full tunnel connection. A split tunnel conection will allow you to acces resources on the other side of the VPN, while allowing you to have local breakout to the internet. Full tunnel forwards all your traffic through the VPN allowing you to make it look like you are browsing the internet from another location than where you actually are.
Dial up VPN
With a Dial up VPN a user can connect to another network by using a VPN client. A dial up VPN is often either a Full or Split tunnel. A split tunnel allows a user to have local breakout to the internet, at the same time letting you acces local resources by their private ip addresses over the internet via the VPN. A full tunnel VPN will forward all traffic into the tunnel, meaing you will browse the internet from the VPN servers location.
Site to Site VPNs
Connecting to site together becommes fairly easy with the use of site to site VPNs. With site to site VPNs IPSec is often used, IPSec is a old piece of technolegy thats widely used today. Site 2 site VPNs allows local subnets to communicate with eachother over the internet by creating an encrypted tunnel where traffic is forwarded.
Site to site VPN’s more specificly IPSec is split into multiple phases, Phase1 and Phase2. Phase 1 is about shareing keys thats used to establish the secure tunnel, those keys need to be exchanged in way to ensure the other end is indeed who you think it are. therefore often certificates or shared private keys are used aswell as Diffle Hellman groups. Once the 2 ends have verified each other they will exchange keys used to create phase 2 the actual tunnel, this phase can also be refered to as the ESP. In the VPN configuration is defined what cryptopgryphy that should be used for the encryption. Its very important to choose a strong encryption method to ensure data is kept private over the internet.
For both Phase 1 and Phase 2 its essential that they are configured identical, otherwise the tunnel won’t bring it self up.
Site 2 site VPNs are often used to connect with infrastructure physicly located elsewhere. For example in a hybrid envirement where cloud services is used VPN can connect the onpremises network to the cloud network.