Virtual Private Networks

Built in to all of the major operating systems distributed or downloadable today is the support for virtual private networking (VPN) - a VPN client for all, and a VPN server for most (with the availability of free servers for each OS, should you need it). With the need for increased security for any type of networking between two machines, establishing a VPN connection between them is not only a sound idea, but an easy one. In this quick review of the process for Windows XP and MacOS X, we will show you how to set those up...and also talk a little about the geek words connected to the process in order for you to understand what it is, and why it's important.

In the original days of networking, you placed a serial or parallel cable betwen them and used basic data moving appllications to transfer materials. Point-to-Point Protocol (PPP) was born, and was soon graduated to a dial-up line over standard telephone networks between two modems. In both of these cases, no other computers could interrupt or confiscate the data transmission, since the connection was established before the actual communication was initiated. When you began to get more than one machine in a local network, this was no longer the case...all of the network transmissions were "tokenized" and passed from one machine to another between the start and destination, meaning any piece of data was seen by all. The birth of Token Ring Networks and the basics of TCP/IP were created. Once the Internet achieved adolescence, these small 'ring' networks began to talk to each other...so all of your New York traffic would have been seen by the rest of the world were it not for routers, switches, and gateways to prohibit it. Local Area Networks and Wide Area Networks began to grown, and so pairing machines for direct transference of information without intervention or monitoring became critical.

One way to establish a methodology to do this was the concept of "tunneling". If we take all of the packets of information sent from one point to another and "encapsulate" it within a normal-looking transmission, the data is "tunneling" through the established open flow of networking and can therefore be somewhat secure. The first Point-to-Point Tunneling Protocols (PPTP) were established by Microsoft for client machines to remotely access a NT Server securely. Basic user authentication was handled by the server, and some encryption was added as an option. the tunneling done in this phase was the conversion of the Windows-specific WINS networking protocol within the open TCP/IP Internet protocol, so that the communications between sites could be done over normal Internet Service Providers. After a few years of this going on, and the basics of the concept down pat, Level 2 Tunneling Protocol (L2TP) was created to "fix" and extend all of the issues in PPTP. These two are the standards of establishing a "tunneled" secure connection over the Internet between two machines - a virtual private network.

Before we cover the steps to set this up, you will need to know three things:

  1. Does your source and destination machine support these protocols?
  2. Does your source and/or destination machine have a firewall that may block this kind of traffic?
  3. Does your source and destination machine have a fixed address, or means to map a fixed address to it?

Just about everyone has a firewall...software or hardware...that prohibits intruders from seeing the inside working of your machine or machines at a location. Both types of VPN communications use specific TCP "ports" or listening channels that are probably not open to the public by default, so the firewalls will need to be configured to open them.

While VPN clients are built-in to all operating systems, VPN servers are not. Servers allow for more than one client to connect at the same time. If you don't need this type of communication, then you can stick with the client to client approach. If you are trying to set up an existing machine (that is not a server) to be a VPN host for multiple connections, you may need to download and install a VPN server.

Since we are using the Internet for the "tunnel" of our private communications, it is essential that source and destination have a fixed IP address to respond to. You may need to configure the device to "map" all incoming VPN traffic to a specific internal address.

The set-up and configuration of these three issues are beyond the scope of this overview. If you're having problems with that part of the preliminaries, KAUi can help get the information and set-up required -- but since just about every router/gateway/firewall is different, we cannot go into those details here.

 


678-454-7344
kaui@kaui.com
Unless otherwise specified, all material on this web site is copyright © 1994 - 2016
by KAUi Software, Inc. Last modified 08/15/16