Typically, one end of the tunnel is a VPN client, and the other end is a VPN gateway (server). So you must determine how to configure the type of VPN that your customer wants to use. For example, to use a PPTP or L2TP VPN between two hosts, configure one host as the PPTP or L2TP server -- for example, a Windows 2000 or XP Pro system can be configured to accept incoming VPN connections. The other host must be configured with an outbound VPN connection to the server. Some VPN protocols also support host-to-host tunneling -- notably, IPsec transport mode (also included in Windows 2000 and XP). What's the difference between client-server and host-host VPN tunneling? In a client-server VPN, only the client can initiate the tunnel; in a host-host VPN, either host can initiate the tunnel.
Finally, you ask why anyone would want to use a VPN for peer-to-peer traffic. Depending upon the type of VPN used, a tunnel can provide user authentication, data encryption, and (sometimes) data integrity. For example, requiring VPN authentication for inbound connections will stop any other host from successfully connecting to your (server) system. Requiring VPN encryption over a wireless ad hoc connection prevents those nearby from eavesdropping on your peer-to-peer traffic or injecting forged packets. Note that Wi-Fi Protected Access, the 802.11 encryption option that replaced WEP, is not available for ad hoc mode connections, so VPN tunneling can help fill that gap until 802.11i (WPA2) support is widely available.
This was first published in February 2005