About Us | Hardware | Software | Networking | Web Development | Support | Contact Us
 Networking - VPN
 
 
 
 

A VPN uses a public transport--the Internet--for private communications. It applies encryption to preserve privacy. Traditionally, companies have used private transport to do that--dedicated phone lines. The two ways of keeping an electronic conversation private are to make the line private and the data private. Dedicated lines are private because the line is private, i.e., inaccessible to others. VPNs are private because the data is private, i.e., rendered unintelligible by encryption--different means, same result.

VPNs are most commonly used to connect two networks at different sites of the same company. The technique in effect plugs the remote computers into the local network, consolidating the two physical nets into a single logical one. Remote computers have access to the same local resources as local ones. At the same time, remote machines enjoy the same degree of privacy as local ones. All this is location-transparent in terms of operation (though not performance) as if they were attached to the local network. This combination of full participation plus full privacy between networks, while using a link that isn't private, is the hallmark of a VPN. The compelling appeal of the VPN is that it's cheap. Dedicated lines are expensive, so displacing them with a free transport is economic.

The VPN in the HOWTO is fashioned from two main ingredients: the secure shell ( ssh / sshd ) and the point-to-point protocol ( pppd ). One machine (the ``local'' one in my terminology, ``master'' in Mr. Magosanyi's) runs the HOWTO's script to call another (my ``remote'', his ``slave''). I'll call these VPN servers. The idea is that they belong to the two networks to be joined and serve as the contact points or data conduits between them, on behalf of any remotely situated pair of workstations that want to converse.

The pppd commands establish a working connection. It's strictly a bilateral umbilical cord between the VPN servers that extends no mutual connectivity to workstations on the networks. That is done by the route commands. Once these commands have been executed, the two networks have been transparently pooled into a single group of machines, all mutually visible via Internet addresses.

It's virtual. It's private. It's a network.

 
 All rights reserved © Continental Establishment, 1995 - 2004