Today I will be talking about VPNs which stand for Virtual Private Network. A VPN is a type of WAN technology that allows secure communication over an untrusted network such as the internet, allowing individuals or entire networks to communicate over a shared network safely as if they were on a private network. A public network is a network that is open to the public and accessible to anyone, while a private network is more restricted and accessible for selected individuals. <\/p>\n\n\n\n
For example, a web server hosting a public website can be accessed by anyone that knows the url, but a private database server hosted within a company can only be accessed by the employees. A VPN bridges the public and private, by securely extending private connectivity across public infrastructure. Which allows an employee from another location to access the database server from a location that is remote over the internet. <\/p>\n\n\n\n
There are multiple types of VPNs, and the two most popular types of VPNs are site-to-site and remote access VPN. <\/p>\n\n\n\n
Site-To-Site VPN- <\/strong>A site-to-site VPN is a type of VPN that securely connects two or more networks over the public internet by creating an encrypted tunnel between their VPN gateways. A VPN gateway is the device that is usually at the edge of the network responsible for the encryption and decryption of the packets. A VPN gateway is typically a router or a firewall. A site-to-site VPN is used for a large company that typically has a corporate headquarter and one or more branch sites. This allows devices at each location to communicate as if they were part of the same private network even though its traversing a shared network.<\/p>\n\n\n\n IPSec-<\/strong> The protocol to achieve encryption for a site-to-site VPN is IPSec. IPSec is used to provide data confidentiality, authentication, and integrity. IPSec is used to encapsulate the original IP packet with a new ESP (Encapsulation Security Payload) header when using tunnel mode, ESP trailer, and HMAC (Hash-based Message Authentication Code) for authentication and integrity. Once a packet is encrypted with IPSec, the VPN gateway encapsulates the encrypted data with a new outer IP header, which will be the new header used to provide source IP and destination IP for routing table lookups.<\/p>\n\n\n\n When it comes to encryption, IPSec has two methods of encryption which are tunnel mode or transport mode. In tunnel mode the original IP packet including the original IP header is encrypted and encapsulated inside a new IP packet, while in transport mode, only the payload of the original IP packet is encrypted while the original IP header can be seen over the public internet. <\/p>\n\n\n\n The step by step process of a site-to-site VPN: <\/strong><\/p>\n\n\n\n A site-to-site VPN is convenient because once the VPN gateways are set up, the users do not need to download any type of VPN client application on their devices unlike a remote access VPN. <\/p>\n\n\n\n Remote Access VPN- <\/strong>A remote access VPN is a type of VPN that allows individual users to securely connect to a private network such as a corporate network over the public internet from remote sites such as homes, hotels, or from the public Wi-Fi used at the library or Starbucks. Unlike a site-to-site VPN which securely connects entire networks, a remote access VPN is designed for individual devices such as laptops, smartphones, or tablets. <\/p>\n\n\n\n There are different types of remote access VPNs which are clientless vs client. Client remote access VPNs tend to use IPSec, while clientless uses TLS\/SSL.<\/p>\n\n\n\n Clientless VPN-<\/strong> A clientless remote access VPN uses a web browser and TLS\/SSL encryption to provide secure access to specific internal web applications without requiring a dedicated VPN client application to be installed on the user’s device. The remote client just needs to provide correct credentials, and they are able to access certain private resources securely without downloading any kind of application. <\/p>\n\n\n\n VPN Client-<\/strong> A remote access VPN that uses a VPN client on the other hand requires that the remote client download a VPN Client such as \u201cCisco AnyConnect.\u201d A VPN client runs on a user’s device and authenticates with the corporation’s VPN gateway, which is typically located at the network edge. Once the VPN client has authenticated with the VPN gateway, traffic between the user and the private network is completely encrypted. The VPN client downloaded on the user’s device is responsible for the encryption and decryption of transmitted data leaving and entering the device. A remote access VPN basically allows remote users to securely access internal resources such as file servers, databases, applications and other internal services as if they were physically connected to the corporate network. <\/p>\n\n\n\n GRE over IPSec-<\/strong> Although IPSec is great for creating VPN tunnel across an untrusted network, IPsec has a limitation in that it does not support multicast or broadcast traditionally. So routing protocols such as OSPF cannot send any kind of packets over the tunnel since it relies on multicast traffic for messages. In order to combat this limitation, GRE (Generic Routing Encapsulation) over IPSec is used. GRE is a tunneling protocol that has the ability to encapsulate a variety of layer 3 network protocols inside a virtual point to point link. This allows GRE to carry traffic such as broadcast, multicast, and routing protocol traffic over networks that usually do not support them. <\/p>\n\n\n\n GRE over IPSec combines the capabilities of GRE with the security of IPSec, so multicast and broadcast traffic can securely travel over untrusted networks. <\/p>\n\n\n\n GRE over IPSec Process: <\/strong><\/p>\n\n\n\n Today I will be talking about VPNs which stand for Virtual Private Network. A VPN is a type of WAN technology that allows secure communication over an untrusted network such as the internet, allowing individuals or entire networks to communicate over a shared network safely as if they were on a private network. A public…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1078","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=\/wp\/v2\/posts\/1078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1078"}],"version-history":[{"count":4,"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=\/wp\/v2\/posts\/1078\/revisions"}],"predecessor-version":[{"id":1085,"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=\/wp\/v2\/posts\/1078\/revisions\/1085"}],"wp:attachment":[{"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/networkingnotebook.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n