A virtual private network (VPN) is a computer network A computer network, often simply referred to as a network, is a collection of computers and devices connected by communications channels that facilitates communications among users and allows users to share resources with other users. Networks may be classified according to a wide variety of characteristics. This article provides a general that is layered on top of an underlying computer network. The private nature of a VPN means that the data travelling over the VPN is not generally visible to, or is encapsulated In computer networking, encapsulation is a method of designing modular communication protocols in which logically separate functions in the network are abstracted from their underlying structures by inclusion or information hiding within higher level objects from, the underlying network traffic. Similarly, the traffic within the VPN appears to the underlying network as just another traffic stream to be passed. A VPN connection can be envisioned as a "pipe within a pipe", with the outer pipe being the underlying network connection.

The term VPN can be used to describe many different network configurations and protocols. As such, it can become complex when trying to generalise about the characteristics of a VPN. Some of the more common uses of VPNs are described below, along with more detail about the various classification schemes and VPN models.

Contents

VPN classifications

VPN technologies are not easily compared, due to myriad protocols, terminologies and marketing influences that have defined them. For example, VPN technologies can differ:

Some classification schemes are discussed in the following sections.

Secure VPN vs Trusted VPN

The industry group 'Virtual Private Networking Consortium' have defined two types of VPN classifications, Secure VPNs and Trusted VPNs[1]. The consortium includes members such as Cisco Cisco Systems, Inc. is an American multinational corporation that designs and sells consumer electronics, networking and communications technology and services. Headquartered in California, Cisco has more than 65,000 employees and annual revenue of US$36.11 billion as of 2009. The stock was added to the Dow Jones Industrial Average on June 8, 2009,, D-Link D-Link Corporation was founded in 1986 in Taipei as Datex Systems Inc. It began as a network adapter vendor and has gone on to become a designer, developer, and manufacturer of networking solutions for both the consumer and business markets, Juniper Juniper Networks, Inc. is an information technology and computer networking products multinational company, founded in 1996. It is headquartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services. Juniper's main products include T-series, M-series, E-series, MX-series, and and many others[2].

Secure VPNs explicitly provide mechanisms for authentication Authentication is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true ("authentification" is a French language variant of this word). This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what of the tunnel endpoints during tunnel setup, and encryption In cryptography, encryption is the process of transforming information using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption of the traffic in transit. Often secure VPNs are used to protect traffic when using the Internet as the underlying backbone, but equally they may be used in any environment when the security level of the underlying network differs from the traffic within the VPN..

Secure VPNs may be implemented by organizations wishing to provide remote access facilities to their employees or by organizations wishing to connect multiple networks together securely using the Internet to carry the traffic. A common use for secure VPNs is in remote access scenarios, where VPN client software on an end user system is used to connect to a remote office network securely. Secure VPN protocols include IPSec Internet Protocol Security is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session, L2TP In computer networking, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy (with IPsec Internet Protocol Security is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session for traffic encryption), SSL/TLS VPN (with SSL/TLS Transport Layer Security and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end) or PPTP The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks. PPTP does not provide confidentiality or encryption; It relies on the protocol being tunneled to provide privacy. PPTP has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and IPSec (with MPPE).

Trusted VPNs are commonly created by carriers and large organizations and are used for traffic segmentation on large core networks. They often provide quality of service In the field of computer networking and other packet-switched telecommunication networks, the traffic engineering term quality of service refers to resource reservation control mechanisms rather than the achieved service quality. Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantees and other carrier-grade features. Trusted VPNs may be implemented by network carriers wishing to multiplex multiple customer connections transparently over an existing core network or by large organizations wishing to segregate traffic flows from each other in the network. Trusted VPN protocols include MPLS Multiprotocol Label Switching is a mechanism in high-performance telecommunications networks which directs and carries data from one network node to the next. MPLS makes it easy to create "virtual links" between distant nodes. It can encapsulate packets of various network protocols, ATM Asynchronous Transfer Mode is a standardized digital data transmission technology. ATM is implemented as a network protocol and was first developed in the mid 1980s. The goal was to design a single networking strategy that could transport real-time video conference and audio as well as image files, text and email. The International or Frame Relay Frame Relay is a standardized wide area networking technology that specifies the physical and logical link layers of digital telecommunications channels using a packet switching methodology. Originally designed for transport across Integrated Services Digital Network infrastructure, it may be used today in the context of many other network.

Trusted VPNs differ from secure VPNs in that they do not provide security features such as data confidentiality through encryption. Secure VPNs however do not offer the level of control of the data flows that a trusted VPN can provide such as bandwidth guarantees or routing.

From a customer perspective, a trusted VPN may act as a logical wire connecting two networks. The underlying carrier network is not visible to the customer, nor is the customer aware of the presence of other customers traversing the same backbone. Interference between customers, or interference with the backbone itself, is not possible from within a trusted VPN.

Some Internet service providers An Internet service provider , also sometimes referred to as an Internet access provider (IAP), is a company that offers its customers access to the Internet[citation needed]. The ISP connects to its customers using a data transmission technology appropriate for delivering Internet Protocol Paradigm, such as dial-up, DSL, cable modem, wireless or offer managed VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. Managed secure VPNs are again a hybrid of the two major VPN models, and are a contracted security solution that can reach into hosts. In addition to providing remote workers with secure access to their employer's internal network, other security and management services are sometimes included as part of the package. Examples include keeping anti-virus and anti-spyware programs updated on each connecting computer or ensuring particular software patches are installed before connection is permitted.

Categorization by user administrative relationships

The Internet Engineering Task Force The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite. It is an open standards organization, with no formal membership or membership requirements. All participants and managers are (IETF) has categorized a variety of VPNs, some of which, such as Virtual LANs (VLAN) A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same are the standardization responsibility of other organizations, such as the Institute of Electrical and Electronics Engineers The Institute of Electrical and Electronics Engineers or IEEE is an international non-profit, professional organization for the advancement of technology related to electricity. It has the most members of any technical professional organization in the world, with more than 395,000 members in around 150 countries (IEEE) Project 802, Workgroup 802.1 (architecture). Originally, wide area network A wide area network is a computer network that covers a broad area (i.e., any network whose communications links cross metropolitan, regional, or national boundaries ). This is in contrast with personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs) which are usually limited to a (WAN) links from a telecommunications service provider interconnected network nodes within a single enterprise. With the advent of LANs, enterprises could interconnect their nodes with links that they owned. While the original WANs used dedicated lines and layer 2 multiplexed services such as Frame Relay Frame Relay is a standardized wide area networking technology that specifies the physical and logical link layers of digital telecommunications channels using a packet switching methodology. Originally designed for transport across Integrated Services Digital Network infrastructure, it may be used today in the context of many other network, IP-based layer 3 networks, such as the ARPANET ARPANET , created by a small research team at the head of the Massachusetts Institute of Technology and the Defense Advanced Research Projects Agency (DARPA) of the United States Department of Defense, was the world's first operational packet switching network, and the predecessor of the contemporary global Internet. The packet switching of the, Internet The Internet is a global system of interconnected computer networks that use the standard Internet Protocol Suite to serve billions of users worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks of local to global scope that are linked by a broad array of electronic and, military IP networks (NIPRNet NIPRNet is used to exchange sensitive but unclassified information between "internal" users as well as providing users access to the Internet. NIPRNet is composed of Internet Protocol routers owned by the United States Department of Defense (DOD). It was created by the Defense Information Systems Agency (DISA) to supersede the earlier, SIPRNet The Secret Internet Protocol Router Network is a system of interconnected computer networks used by the United States Department of Defense and the U.S. Department of State to transmit classified information (up to and including information classified SECRET) via the TCP/IP protocol suite in a secured environment. It also provides services such as, JWICS, etc.), became common interconnection media. VPNs began to be defined over IP networks.[3] The military networks may themselves be implemented as VPNs on common transmission equipment, but with separate encryption and perhaps routers.

It became useful first to distinguish among different kinds of IP VPN based on the administrative relationships (rather than the technology) interconnecting the nodes. Once the relationships were defined, different technologies could be used, depending on requirements such as security and quality of service.

When an enterprise interconnects a set of nodes, all under its administrative control, through a LAN, that is termed an intranet An intranet is a private computer network that uses Internet Protocol technologies to securely share any part of an organization's information or network operating system within that organization. The term is used in contrast to internet, a network between organizations, and instead refers to a network within an organization. Sometimes the term.[4] When the interconnected nodes are under multiple administrative authorities but are hidden from the public Internet, the resulting set of nodes is called an extranet An extranet is a private network that uses Internet protocols, network connectivity. An extranet can be viewed as part of a company's intranet that is extended to users outside the company, usually via the Internet. It has also been described as a "state of mind" in which the Internet is perceived as a way to do business with a selected. A user organization can manage both intranets and extranets itself, or negotiate a service as a contracted (and usually customized) offering from an IP service provider. In the latter case, the user organization contracts for layer 3 services – much as it may contract for layer 1 services such as dedicated lines, or multiplexed layer 2 services such as frame relay.

IETF documents distinguish between provider-provisioned and customer-provisioned VPNs.[5] Just as an interconnected and set of providers can supply conventional WAN services, so a single service provider can supply provider-provisioned VPNs (PPVPNs), presenting a common point-of-contact to the user organization.

Internet Protocol tunnels

Main article: Tunneling protocol Computer networks use a tunneling protocol when one network protocol encapsulates a different payload protocol. By using tunneling one can (for example) carry a payload over an incompatible delivery-network, or provide a secure path through an untrusted network

Some customer-managed virtual networks may not use encryption to protect the data contents. These types of overlay networks do not neatly fit within the secure or trusted categorization. An example of such an overlay network could be a GRE tunnel, set up between two hosts. This tunneling would still be a form of virtual private network yet is neither a secure nor a trusted VPN.

Examples of native plaintext In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is, sometimes confusingly, often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties. Plaintext has reference to the operation of cryptographic algorithms, usually encryption tunneling protocols include GRE, L2TP In computer networking, Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy (without IPsec Internet Protocol Security is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session) and PPTP The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks. PPTP does not provide confidentiality or encryption; It relies on the protocol being tunneled to provide privacy. PPTP has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and IPSec (without MPPE).

Security mechanisms

Secure VPNs use cryptographic Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines of mathematics, computer science, and engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce tunneling protocols Computer networks use a tunneling protocol when one network protocol encapsulates a different payload protocol. By using tunneling one can (for example) carry a payload over an incompatible delivery-network, or provide a secure path through an untrusted network to provide the intended confidentiality Confidentiality is an ethical principle associated with several professions . In ethics, and (in some places) in law and alternative forms of legal dispute resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to third parties. In (blocking intercept and thus packet sniffing The packet analyzer is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications), sender authentication Authentication is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true ("authentification" is a French language variant of this word). This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what (blocking identity Digital identity refers to the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things. Digital identity also has another common usage as the digital representation of a set of claims made by one digital subject about itself or another digital spoofing In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage), and message A message in its most general meaning is an object of communication. It is a vessel which provides information. Yet, it can also be this information. Therefore, its meaning is dependent upon the context in which it is used; the term may apply to both the information and its form. A communiqué is a brief report or statement released by a public integrity Integrity is a concept of consistency of actions, values, methods, measures, principles, expectations and outcomes. In western ethics, integrity is regarded as the quality of having an intuitive sense of honesty and truthfulness in regard to the motivations for one's actions.[citation needed] Integrity can be regarded as the opposite of hypocrisy, (blocking message alteration) to achieve privacy Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or.

Secure VPN protocols include the following:

Authentication

Tunnel endpoints are required to authenticate themselves before secure VPN tunnels can be established. End user created tunnels, such as remote access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods. For network-to-network tunnels, passwords or digital certificates are often used, as the key must be permanently stored and not require manual intervention for the tunnel to be established automatically.

Routing

Tunneling protocols can be used in a point-to-point topology that would generally not be considered a VPN, because a VPN is expected to support arbitrary and changing sets of network nodes. Since most router implementations support software-defined tunnel interface, customer-provisioned VPNs often comprise simply a set of tunnels over which conventional routing protocols run. PPVPNs, however, need to support the coexistence of multiple VPNs, hidden from one another, but operated by the same service provider.

Building blocks

Depending on whether the PPVPN runs in layer 2 or layer 3, the building blocks described below may be L2 only, L3 only, or combinations of the two. Multiprotocol Label Switching (MPLS) functionality blurs the L2-L3 identity.

While RFC 4026 generalized these terms to cover L2 and L3 VPNs, they were introduced in RFC 2547.[10]

Customer edge device. (CE)

In general, a CE is a device, physically at the customer premises, that provides access to the PPVPN service. Some implementations treat it purely as a demarcation point between provider and customer responsibility, while others allow customers to configure it.

Provider edge device (PE)

A PE is a device or set of devices, at the edge of the provider network, which provides the provider's view of the customer site. PEs are aware of the VPNs that connect through them, and which maintain VPN state.

Provider device (P)

A P device operates inside the provider's core network, and does not directly interface to any customer endpoint. It might, for example, provide routing for many provider-operated tunnels that belong to different customers' PPVPNs. While the P device is a key part of implementing PPVPNs, it is not itself VPN-aware and does not maintain VPN state. Its principal role is allowing the service provider to scale its PPVPN offerings, as, for example, by acting as an aggregation point for multiple PEs. P-to-P connections, in such a role, often are high-capacity optical links between major locations of provider.

User-visible PPVPN services

This section deals with the types of VPN considered in the IETF; some historical names were replaced by these terms.

OSI Layer 1 services

Virtual private wire and private line services (VPWS and VPLS)

In both of these services, the provider does not offer a full routed or bridged network, but components from which the customer can build customer-administered networks. VPWS are point-to-point while VPLS can be point-to-multipoint. They can be Layer 1 emulated circuits with no data link structure.

The customer determines the overall customer VPN service, which also can involve routing, bridging, or host network elements.

An unfortunate acronym confusion can occur between Virtual Private Line Service and Virtual Private LAN Service; the context should make it clear whether "VPLS" means the layer 1 virtual private line or the layer 2 virtual private LAN.

OSI Layer 2 services

Virtual LAN

A Layer 2 technique that allows for the coexistence of multiple LAN broadcast domains, interconnected via trunks using the IEEE 802.1Q trunking protocol. Other trunking protocols have been used but have become obsolete, including Inter-Switch Link (ISL), IEEE 802.10 (originally a security protocol but a subset was introduced for trunking), and ATM LAN Emulation (LANE).

Virtual private LAN service (VPLS)

Developed by IEEE, VLANs allow multiple tagged LANs to share common trunking. VLANs frequently comprise only customer-owned facilities. The former[clarification needed] is a layer 1 technology that supports emulation of both point-to-point and point-to-multipoint topologies. The method discussed here extends Layer 2 technologies such as 802.1d and 802.1q LAN trunking to run over transports such as Metro Ethernet.

As used in this context, a VPLS is a Layer 2 PPVPN, rather than a private line, emulating the full functionality of a traditional local area network (LAN). From a user standpoint, a VPLS makes it possible to interconnect several LAN segments over a packet-switched, or optical, provider core; a core transparent to the user, making the remote LAN segments behave as one single LAN.

In a VPLS, the provider network emulates a learning bridge, which optionally may include VLAN service.

Pseudo wire (PW)

PW is similar to VPWS, but it can provide different L2 protocols at both ends. Typically, its interface is a WAN protocol such as Asynchronous Transfer Mode or Frame Relay. In contrast, when aiming to provide the appearance of a LAN contiguous between two or more locations, the Virtual Private LAN service or IPLS would be appropriate.

IP-only LAN-like service (IPLS)

A subset of VPLS, the CE devices must have L3 capabilities; the IPLS presents packets rather than frames. It may support IPv4 or IPv6.

OSI Layer 3 PPVPN architectures

This section discusses the main architectures for PPVPNs, one where the PE disambiguates duplicate addresses in a single routing instance, and the other, virtual router, in which the PE contains a virtual router instance per VPN. The former approach, and its variants, have gained the most attention.

One of the challenges of PPVPNs involves different customers using the same address space, especially the IPv4 private address space[11]. The provider must be able to disambiguate overlapping addresses in the multiple customers' PPVPNs.

BGP/MPLS PPVPN

In the method defined by RFC 2547, BGP extensions advertise routes in the IPv4 VPN address family, which are of the form of 12-byte strings, beginning with an 8-byte Route Distinguisher (RD) and ending with a 4-byte IPv4 address. RDs disambiguate otherwise duplicate addresses in the same PE.

PEs understand the topology of each VPN, which are interconnected with MPLS tunnels, either directly or via P routers. In MPLS terminology, the P routers are Label Switch Routers without awareness of VPNs.

Virtual router PPVPN

The Virtual Router architecture,[12][13] as opposed to BGP/MPLS techniques, requires no modification to existing routing protocols such as BGP. By the provisioning of logically independent routing domains, the customer operating a VPN is completely responsible for the address space. In the various MPLS tunnels, the different PPVPNs are disambiguated by their label, but do not need routing distinguishers.

Virtual router architectures do not need to disambiguate addresses, because rather than a PE router having awareness of all the PPVPNs, the PE contains multiple virtual router instances, which belong to one and only one VPN.

Trusted delivery networks

Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic.

From the security standpoint, VPNs either trust the underlying delivery network, or must enforce security with mechanisms in the VPN itself. Unless the trusted delivery network runs only among physically secure sites, both trusted and secure models need an authentication mechanism for users to gain access to the VPN.

VPNs in mobile environments

Main article: Mobile virtual private network

Mobile VPNs handle the special circumstances when an endpoint of the VPN is not fixed to a single IP address, but instead roams across various networks such as data networks from cellular carriers or between multiple Wi-Fi access points.[17] Mobile VPNs have been widely used in public safety, where they give law enforcement officers access to mission-critical applications, such as computer-assisted dispatch and criminal databases, as they travel between different subnets of a mobile network.[18] They are also used in field service management and by healthcare organizations,[19] among other industries.

Increasingly, mobile VPNs are being adopted by mobile professionals and white-collar workers who need reliable connections.[19] They allow users to roam seamlessly across networks and in and out of wireless-coverage areas without losing application sessions or dropping the secure VPN session. A conventional VPN cannot survive such events because the network tunnel is disrupted, causing applications to disconnect, time out[17], or fail, or even cause the computing device itself to crash.[19]

Instead of logically tying the endpoint of the network tunnel to the physical IP address, each tunnel is bound to a permanently associated IP address at the device. The mobile VPN software handles the necessary network authentication and maintains the network sessions in a manner transparent to the application and the user.[17] The Host Identity Protocol (HIP), under study by the Internet Engineering Task Force, is designed to support mobility of hosts by separating the role of IP addresses for host identification from their locator functionality in an IP network. With HIP a mobile host maintains its logical connections established via the host identity identifier while associating with different IP addresses when roaming between access networks.

See also

References

  1. ^ [http://www.vpnc.org/vpn-technologies.html VPN Technologies: Definitions and Requirements, VPNC Consortium, July 2008
  2. ^ http://www.vpnc.org/member-list.html VPNC Member List
  3. ^ IP Based Virtual Private Networks, RFC 2764, B. Gleeson et al.,February2000
  4. ^ Generic Requirements for Provider Provisioned Virtual Private Networks (PPVPN), RFC3809, A. Nagarajan,June 2004
  5. ^ Provider Provisioned Virtual Private Network (VPN) Terminology, RFC4026, L. Andersson and T. Madsen,March 2005
  6. ^ Trademark Applications and Registrations Retrieval (TARR)
  7. ^ OpenBSD ssh manual page, VPN section
  8. ^ Unix Toolbox section on SSH VPN
  9. ^ Ubuntu SSH VPN how-to
  10. ^ E. Rosen & Y. Rekhter (March 1999). "RFC 2547 BGP/MPLS VPNs". Internet Engineering Task Forc (IETF). http://www.ietf.org/rfc/rfc2547.txt.
  11. ^ Address Allocation for Private Internets, RFC 1918, Y. Rekhter et al.,February 1996
  12. ^ RFC 2917, A Core MPLS IP VPN Architecture
  13. ^ RFC 2918, K. Muthukrishnan & A. Malis (September 2000)
  14. ^ Layer Two Tunneling Protocol "L2TP", RFC 2661, W. Townsley et al.,August 1999
  15. ^ IP Based Virtual Private Networks, RFC 2341, A. Valencia et al., May 1998
  16. ^ Point-to-Point Tunneling Protocol (PPTP), RFC 2637, K. Hamzeh et al.,July 1999
  17. ^ a b c Phifer, Lisa. "Mobile VPN: Closing the Gap", SearchMobileComputing.com, July 16, 2006.
  18. ^ Willett, Andy. "Solving the Computing Challenges of Mobile Officers", www.officer.com, May, 2006.
  19. ^ a b c Cheng, Roger. "Lost Connections", The Wall Street Journal, December 11, 2007.
Virtual Private Networking
Software Cisco VPN Client · cloudvpn · Gbridge · Hamachi · Microsoft Intelligent Application Gateway · n2n · Openswan · OpenVPN · strongSwan · Vyatta · Socialvpn · tinc (protocol) · Wippien
Mechanisms SSTP · IPsec · Layer 2 Tunneling Protocol · L2TPv3 · Point-to-point tunneling protocol · Split tunneling
Vendor-driven Layer 2 Forwarding Protocol · DirectAccess

Categories: Network architecture | Computer network security | Internet privacy | Crypto-anarchism

 

The above information uses material from Wikipedia and is licensed under the GNU Free Documentation License.
Some facts may not have been fully verified for accuracy. [Disclaimers]
This page was last archived by our server on Tue Jul 27 06:51:03 2010. [ refresh local cache ]
Displaying this page or its contents does not use any Wikimedia Foundation's resources.
The owners of this site proudly support the Wikimedia Foundation.

[Hide]▼
'Virtual Private Network' News
Private P2P Networks Add Trust to File Sharing - Computerworld
news.google.com
Private P2P Networks Add Trust to File Sharing

Computerworld

Hamachi is a general-purpose VPN that supports all sorts of private , secure connectivity, including (but not limited to) file sharing; it is suited to more ...



and more »
Google News Search: Virtual private network,
Tue Jul 27 06:51:05 2010
'Virtual Private Network' Images
012409 1122 networkacce5 jpg
ozgurkolukisa.com
012409 1122 networkacce5 jpg
524px x 634px | 84.50kB

[source page]

Sonraki ad mda VPN i seciyoruz ekil 5 ekil 5

Yahoo Images Search: Virtual private network,
Tue Jul 27 06:51:05 2010
'Virtual Private Network' Blogs
F5 Friday: Beyond the VPN to VAN
devcentral.f5.com
F5 Friday: Beyond the VPN to VAN

Lori MacVittie

Fri, 23 Jul 2010 02:23:16 GM

When SSL VPNs were first introduced they were a welcome alternative to the traditional IPSEC . VPN. because they reduced the complexity involved with providing robust, secure remote access to corporate resources for externally located ...

Google Blogs Search: Virtual private network,
Thu Jul 29 03:57:43 2010
'Virtual Private Network' Answers
Hello, my question regards a program called Hamachi and which is used to create a virtual private network?
Q. So my friend and I whant to play agame using Hamachi but we can`t get it to work properly.If the program is worcking fine it should show it by 2 green points instead we are marcked by a blue arow and we don`t know what to do. Please help. Thanks.
Asked by bucica_macelaru - Sun Jul 1 12:48:07 2007 - - 1 Answers - 0 Comments

A. A blue (or cyan) colored arrow generally means that there is a firewall conflict between you and the person that you are trying to connect to. The easiest way to fix this problem would be to force Hamachi to use a UDP port for both parties (e.g. 15567). To do this, open Hamachi Preferences, go to Detailed Configuration, and set the UDP port to 15567 or whichever port that you two chose. Both parties should then forward the above UDP port from their network routers. If you are not well informed on the process of port forwarding, then contains all the information that you would ever need.
Answered by Heiken - Sun Jul 1 12:56:20 2007

Yahoo Answers Search: Virtual private network,
Tue Jul 27 06:51:06 2010
[Hide]▲