VPN, or Virtual Private Network – is a cryptosystem that helps protect data when transmitted over an insecure network, such as the Internet.
Despite the fact that this description is suitable for cryptographic SSH, VPN has a different focus. SSH was designed as a means for the user to safely enter and remotely control another computer.
The purpose of VPN – transparent access to network resources, where the user can do what he usually does, regardless of how it is removed. For this reason, VPN has gained popularity among remote employees and offices that need to share resources geographically dispersed networks.
VPN connection is always made from the channel point-to-point, also known as the tunnel. The tunnel is created in an insecure network, as which are performed on the Internet. Point-to-point means that it is always between two computers, called nodes or peers. Each peer is responsible for encrypting data before it enters the tunnel and interpretation of the data after they leave the tunnel.
Although the VPN tunnel is always between two points, each peer may establish additional tunnels with other nodes. For example, when three remote stations should contact the same office, will create three separate VPN tunnel to this office. For all tunnels peer side office may be one and the same. This is possible thanks to the fact that a node can encrypt and decrypt data on behalf of the entire network.
In this case, the node is called VPN VPN gateway and the network behind it – domain encryption (encryption domain). Using a convenient gateway for several reasons. First, all users have to go through the one device that simplifies the task of managing security policies and monitor incoming and outgoing network traffic. Second, personal tunnels to each workstation to which the user should have access, very quickly become unmanageable (as a tunnel – is the channel point-to-point). In the presence of the gateway, the user establishes a connection with him, after which the user allows access to the network (domain encryption).
It is interesting to note that within the domain of the encryption encryption occurs. The reason is that this part of the network is secure and under the direct control as opposed to the Internet. This is also true when connecting offices with VPN gateways. This ensures encryption of only the information that is transmitted over an unsecured channel between offices.
In order for this scheme to work, the user must have the software installed – VPN client, which will establish a VPN tunnel to the remote VPN gateway. According to the scenario mode is tunnel, as user wants to access to domain resources, and not the gateway. The only case where the mode of transport is included – is if one computer to access another directly.
There are many options for VPN gateways and VPN clients. This can be a hardware device or a software VPN VPN software, which is installed on the router or PC.
Irrespective of the software used, all the VPN working on the following principles:
– Each of the nodes identify each other before making the tunnel to ensure that encrypted data is sent to the corresponding node;
– Both sites require a pre-set policy that specifies which protocols can be used for encryption and data integrity;
– The nodes compare their policy to negotiate the algorithms used, and if it is not, then the tunnel is not established;
– As soon as agreement is reached on algorithms, the key is to be used in the symmetric algorithm to encrypt / decrypt data.
There are several standards regulating the above interaction. You must have heard of some of them: L2TP, PPTP, and IPSec.