BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: Unified threat management devices: Understanding UTM and its vendors
Definition

VPN (virtual private network)

Contributor(s): John Burke

A virtual private network (VPN) is programming that creates a safe and encrypted connection over a less secure network, such as the public internet. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols. In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

In the early days of the internet, VPNs were developed to provide branch office employees with an inexpensive, safe way to access corporate applications and data. Today, VPNs are often used by remote corporate employees, gig economy freelance workers and business travelers who require access to sites that are geographically restricted. The two most common types of VPNs are remote access VPNs and site-to-site VPNs.

Remote access VPN

Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection, although SSL VPNs are often focused on supplying secure access to a single application rather than to the entire internal network.

Some VPNs provide Layer 2  access to the target network; these require a tunneling protocol like the Point-to-Point Tunneling Protocol or the Layer 2 Tunneling Protocol running across the base IPsec connection. In addition to IPsec and SSL, other protocols used to secure VPN connectivity and encrypt data are Transport Layer Security (TLS) and OpenVPN.

Site-to-site VPN

In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection.

Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. Here, too, it is possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (virtual private LAN service) running across the base transport.

Mobile VPN

In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam. An effective mobile VPN provides continuous service to users and can seamlessly switch across access technologies and multiple public and private networks.

Hardware VPN

Hardware VPNs offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. Several vendors, including Irish vendor InvizBox, offer devices that can function as hardware VPNs.

VPN appliance

A VPN appliance, also known as a VPN gateway appliance, is a network device equipped with enhanced security features. Also known as an SSL (Secure Sockets Layer) VPN appliance, it is in effect a router that provides firewallprotection, load balancing, authorization, authentication and encryption for VPNs.

Dynamic multipoint virtual private network (DMVPN)

A dynamic multipoint virtual private network (DMVPN) is a secure network that exchanges data between sites without needing to pass traffic through an organization's headquarter virtual private network (VPN) server or router. A DMVPN essentially creates a mesh VPN service that runs on VPN routers and firewall concentrators.  Each remote site has a router configured to connect to the company’s headquarters VPN device (hub), providing access to the resources available. When two spokes are required to exchange data between each other -- for a VoIP telephone call, for example -- the spoke will contact the hub, obtain the necessary information about the other end, and create a dynamic IPsec VPN tunnel directly between them.

VPN design, What is VPN

VPN Reconnect

VPN Reconnect is a feature of Windows 7 and Windows Server 2008 R2 that allows a virtual private network  connection to remain open during a brief interruption of Internet service. Usually, when a computing device using a VPN connection drops its Internet connection, the end user has to manually reconnect to the VPN. VPN Reconnect keeps the VPN tunnel open for a configurable amount of time so when Internet service is restored, the VPN connection is automatically restored as well. The feature was designed to improve usability for mobile employees.

This was last updated in February 2019

Continue Reading About VPN (virtual private network)

Join the conversation

10 comments

Send me notifications when other members comment.

Please create a username to comment.

SSL is the best, it is beast.
Cancel
No, we are not using any VPN services.
Cancel
Does your organization use SSL VPN or IPsec VPN?
Cancel
Yes, we're using SSL to secure websites.
Cancel
Both are good.
Cancel
If I'm using a L2TP for my VPN and it doesn't allow me to remotely access some of my Server service for instance call server. What could be the problem?
Cancel
Yes, we're using VPN. Our small business is using Astrill since the app is user-friendly. It also has a lot of options which allows us to tweak different settings, too. I would recommend it to users and businesses, whether they know much about PCs or not, as the app is very flexible. We didn't have any problems with it so far.
Cancel
If I'm using a L2TP for my VPN and it doesn't allow me to remotely access some of my Server service for instance call server. What could be the problem?
Cancel
Why are SSTP/SSL and IPSec still the standard? Isn't OpenVPN way more safe. I read somewhere that both SSTP and IPSec are questionable in terms of security. I think I read somewhere that Edward Snowden said that IPSec was compromised by the NSA/the government.
Cancel
I'm using SaturnVPN. They will accept bitcoin which is great for staying anonymous. They provide many servers from different locations.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close