IN THIS CHAPTER
If you have reached this stage in this book and have paid careful attention to the preceding chapters on security and server management, it's clear you have an active interest in being a security-conscious network citizen. Even if you're not a network administrator, you have learned the importance of keeping the transactions associated with your everyday computing as secure as possible. You use SSH for your remote terminal operations, you encrypt your POP3 and IMAP email traffic, and you implement a secure password policy. Your online life is about as secure as it can be. However, that all changes as soon as you start talking about networking protocols beyond basic email and terminal traffic. Network security can become particularly complex when it incorporates aspects such as Network Address Translation (NAT), firewalls, and corporate LANs that are not accessible from anywhere on the public Internet. How are you supposed to do Windows file sharing with your company's corporate LAN servers if you're at home or on the road? How can you be sure your communications with the office are encrypted no matter what protocol you're using? This is the role of the Virtual Private Network (VPN) model. This chapter introduces the underlying concepts of VPNs, describes some of the various types of VPN implementations and topologies, and guides you through configuring your FreeBSD machine to support a VPN, whether as a client (dialing in to a remote private network) or as a server (allowing other clients to access the network your FreeBSD machine is protecting). |