What is a Virtual Private Network (VPN)

What is a VPN?

A Virtual Private Network (VPN) is a network technology which extends private network (such as LAN) over a public network such as the Internet. A VPN allows a computer (or a network) to be connected securely as if they are physically wired together. Corporations use VPN to allow remote workers to connect securely to their private network. A VPN is also used to interconnect remote offices with a head office as if they are physically connected.


With proliferation of Internet, users are exposed to threats from invasion of privacy and eavesdropping on Internet activities. To protect user's identify and privacy, a personal VPN services are launched. A personal VPN service is identical to connecting to a corporate network, except users are connected to servers provided by the VPN providers and obtain a new IP address from country of user's choice.

Advantages

The primary reason for implementing VPN technology is to create a secure connection to the other endpoint. Creating a WAN connectivity is very costly, and may not be practical for individual users making client to server connection. The information exchanged between the two VPN endpoints is encrypted, and hence no eavesdropping can occur when information is transmitted over public network.
A VPN can also be used to hide your privacy by disguising true IP address of the user's computer. Online gamer's may use VPN to hide IP address of their computers, and business owners may use VPN to change IP address to protect their identity from their competitors.

Disadvantages

  • Since all virtual private network traffic is encrypted, there will be 10-15% increase in payload transmitted over VPN. This additional overhead causes
    1. computing devices to use more processing power to encrypt the data
    2. send more data over the network, and finally 
    3. takes longer to transmit data as there will be 10-15% additional data.
  • With advancement in computing and network technologies, the additional processing power required to encrypt/decrypt and additional data transmission have negligible impact on overall usage of the network.
  • Not all VPN appliances inter-operate well, so a VPN device from one vendor may not work well from a device from another vendor. A network engineer implementing the VPN technology must verify compatibility between the two endpoints. Similarly, a client to server connection may cause slowness (or degrade in QoS) if VPN is not properly setup.

VPN Protocols

A virtual private network is created by establishing a virtual tunnel between two endpoints via a virtual tunneling protocol or by data encryption. Some of the most popular VPN protocols include IPsec, SSL/TLS, PPTP and L2TP.
  • PPTP - Point-to-Point Tunneling Protocol is the oldest VPN protocol developed by a consortium found by Microsoft, which is supported by vast majority of operating systems. The encryption based on 128-bit key has been cracked, and it is no longer considered very secure.
  • L2TP/IPsec - Layer 2 Tunnel Protocol with IPsec encryption based VPN provides more secure service with more features than PPTP. L2TP uses UDP port 500, so advanced configuration may be required to open NAT firewall.
  • Open VPN - OpenVPN is the open source technology developed on OpenSSL, which provides very secure connection and strong encryption. It has become the default VPN connection type, and is widely supported by 3rd-party software including iOS and Android.

Authentication

A VPN connection whether it's a client to server or network to network, tunnel endpoints must be authenticated before establishing a secure connection. A user initiated VPN connection either use password or two-factor authentication whereas network-to-network tunnels often use digital certificates (private/public key combination).

Comments