Problem solve Get help with specific problems with your technologies, process and projects.

Can one use VPN over a peer-to-peer network within a home?

One of my customers wants to know if she can use VPN over a peer-to-peer network within her home? Why would she...

even want to do this?

There's no reason why a VPN tunnel cannot be run over a peer-to-peer network connection between two. Most VPNs simply require IP-level connectivity between the two systems involved -- that can be two systems on the same Ethernet LAN, two systems connected by peer-to-peer (ad hoc mode) wireless, or two systems connected via the Internet.

Typically, one end of the tunnel is a VPN client, and the other end is a VPN gateway (server). So you must determine how to configure the type of VPN that your customer wants to use. For example, to use a PPTP or L2TP VPN between two hosts, configure one host as the PPTP or L2TP server -- for example, a Windows 2000 or XP Pro system can be configured to accept incoming VPN connections. The other host must be configured with an outbound VPN connection to the server. Some VPN protocols also support host-to-host tunneling -- notably, IPsec transport mode (also included in Windows 2000 and XP). What's the difference between client-server and host-host VPN tunneling? In a client-server VPN, only the client can initiate the tunnel; in a host-host VPN, either host can initiate the tunnel.

Finally, you ask why anyone would want to use a VPN for peer-to-peer traffic. Depending upon the type of VPN used, a tunnel can provide user authentication, data encryption, and (sometimes) data integrity. For example, requiring VPN authentication for inbound connections will stop any other host from successfully connecting to your (server) system. Requiring VPN encryption over a wireless ad hoc connection prevents those nearby from eavesdropping on your peer-to-peer traffic or injecting forged packets. Note that Wi-Fi Protected Access, the 802.11 encryption option that replaced WEP, is not available for ad hoc mode connections, so VPN tunneling can help fill that gap until 802.11i (WPA2) support is widely available.

Next Steps

Learn how novel P2P server infrastructure may turn out to be a game-changer


This was last published in February 2005

Dig Deeper on Network virtualization technology