Section 11.11. Virtual Private Networks

11.11. Virtual Private Networks

In a nutshell, a VPN is an encrypted logical network connection, also known as a tunnel, which runs over a physical connection such as the open Internet. When you establish a VPN connection with a server, all the network packets between your computer and the server are encrypted and remain safe from prying eyes. This means you can access resources on another network, such as your corporate network, from anywhere in the world without compromising your corporate network's security.

Mac OS X supports two types of VPNs:

Point-to-Point Tunneling Protocol (PPTP)

A VPN standard developed by Microsoft and supported by many manufacturers of networking equipment. All you need to connect via PPTP is the address of the server, an account name, and a password or an RSA Secure ID card (a gizmo that displays a random number and is synchronized with a similar gizmo on the server side).

Level 2 Tunneling Protocol (L2TP)

L2TP is a newer VPN standard that uses IPSec, a standard for encrypting data over an IP connection. To make an L2TP connection, you'll need the address of the server, an account name, a password or an RSA SecurID card, and a shared secret . The shared secret is a key that the administrator of the L2TP server gives you along with the account name and password. It is used in the initial setup of the tunnel.

To make a VPN connection, open Internet Connect and then click the VPN button. When you first attempt to configure a VPN, you'll have to make a choice as to whether you want to configure your computer to use L2TP or PPTP for the connection, as shown in Figure 11-14. Once you've selected the type of connection, you'll see the Internet Connect VPN window, shown in Figure 11-15. This window works the same way the dial-up window does, in that you can configure Internet Connect so you can select from one of many different VPN configurations.

To enter the shared secret of an L2TP connection, you'll need to edit its configuration, as shown in Figure 11-16. Here you will also find many other options to configure, including the types of authentication and encryption used for the connection. In Tiger, a new option for VPN access has been added. Using VPN on demand, you can specify domains and hosts that are present on the remote network. When Tiger encounters a request bound for one of the specified addresses, it establishes a connection to the VPN automatically. For example, if you need to connect to a corporate VPN to check email, anytime you launch Mail.app, the VPN connection is automatically made for you.

Figure 11-14. Selecting the type of VPN to use

Figure 11-15. Managing VPN connections with Internet Connect

Figure 11-16. Managing VPN configurations with Internet Connect