Chapter 47: Using Virtual Private Networks

Overview

Avirtual private network (VPN) is an private extension of a LAN or a link between two networks through a second network or through the Internet. The second network is usually a public network with limited security.

The VPN connects two points on a network through an encrypted channel (sometimes called a data tunnel). A VPN can connect a single computer to a network, two computers to one another, or provide a gateway between two networks. Therefore, you can use a VPN to create a secure connection from your home computer to your company's network, securely connect your laptop from a public Wi-Fi access point to your home or office computer, or establish a link between the in-house LANs in two branch offices of a business.

VPNs use these methods to protect the data carried on them:

They require a password and login account to limit access to legitimate users.
They use encryption to make the data impossible for intruders to understand.
They include error checking with each data packet to confirm that the data is not damaged during transmission and to prevent unauthorized access to the VPN.

A VPN operates on top of the existing network connections, so it's not limited to a single network link, or even a single type of connection. If you connect your laptop computer to a LAN through a Wi-Fi link, and connect the Wi-Fi access point to a gateway router through a cable and then to another computer in the next city or halfway around the world through the Internet, you can still create a VPN that connects the two computers together.

The following are the most common uses of VPNs:

To connect a user in an isolated location (such as a home office or an Internet café) to a distant LAN with the same kind of access as a local user, as shown in Figure 47.1.

Figure 47.1: A virtual private network can connect a remote computer to a distant LAN.
To connect the LAN at a branch office to a company's central network resources through a secure link, as shown in Figure 47.2.

Figure 47.2: A VPN can also connect a branch office LAN to a corporate network.
To add an extra layer of security to a wireless network connection, as shown in Figure 47.3.

Figure 47.3: VPNs can add security to a wireless link.
To restrict access to sensitive or confidential information by isolating the computer or server that contains that information in a "hidden network," as shown in Figure 47.4.

Figure 47.4: A hidden VPN can isolate a computer from the rest of a network.

Tip

For more in-depth information on VPNs, check out Virtual Private Networking: A Construction, Operation and Utilization Guide by Gilbert Held (Wiley, 2004) or Virtual Private Networks For Dummies by Mark S. Merkow (Wiley, 1999).

VPNs are used primarily in corporate networks, but it's also possible to add a VPN host to a home network. This could allow you to monitor the video cameras and appliance sensors, and operate home automation controls without exposing your home to unwanted attention from outsiders through the Internet.

This chapter explains how a virtual private network operates, and it offers instructions for creating and connecting your computer to a VPN. If you're responsible for creating VPN hosts and maintaining VPN services for a business or other organization, you need more detailed information than this chapter supplies, but it should be adequate when you're trying to connect through a VPN to an existing server.