VPN Configurations

From this point on, I'm going to talk only about IPSec-based VPN systems because I believe them to be the best VPN solution and because IPSec is now considered the de facto standard in the industry. A great deal of time could be spent discussing different VPN configurations and how things actually work. I describe the most common configurations here.

Roaming User

Let's first look at a typical VPN setup, in which there is a roaming "client" machine and a VPN gateway server located on the home network.

Let's say that you are at a conference and you occasionally want to get your email and transfer files from your home network. Typically, you would bring a laptop with you to the conference. It could be a Win32-, Mac OSX-, or Linux-based laptop. You connect to the Internet through some local means. You then start the IPSec software on the laptop and direct it to your VPN gateway at home. The client and the VPN gateway negotiate and exchange authentication keys, and you then have access to your network as though you were sitting right next to your server. A roaming user like this is often referred to as a "road warrior," a user who does not have a fixed IP address.

In this configuration, your VPN gateway must have IP forwarding enabled in /proc/sys/net/ipv4/ip_forward to permit routing to your LAN. All computers on your internal network must use the IPSec gateway as their default gateway because the packets need to come from your LAN to your laptop, as well as go to your LAN from your laptop.

For an added twist, you may have your VPN server set up to accept dial-in connections so that you do not have to go through the Internet at all.

The point to make with this example is that you, the user, must do something such as start a program on the laptop to initiate a VPN connection. If it's a Linux-based laptop, you may need to start IPSec services using a script after you are connected to the Internet.