Virtual Private Networks (VPNs)
A virtual private network, or VPN, creates a way for networks that are
otherwise isolated or inaccessible to communicate with one another.
Businesses at an enterprise level often use VPNs to keep internal business
networks secure while allowing workers to access the internal network from
remote locations, such as when an executive is traveling and needs to use a
laptop to download and reply to email using an internal business server. The
VPN keeps out all traffic except traffic that originates within the network
itself or traffic that attempts to connect from the outside using a VPN
connection with proper access credentials. This sounds similar to remote
access standards already in place in UNIX, Linux, and Ubuntu, but using a
VPN takes security to a new level.
There are other types of VPNs in use as well. Not only can VPNs be used to
allow remote access to secure internal networks, but they can also be used to
allow two networks to connect to one another using a different network in the
middle (for example, two networks that each use IPv6 connecting to one
another over an IPv4 network using a VPN connection). This is much less
common, so we concentrate on the first scenario of a remote user connecting
to a secure, internal network. You might be asking how this is different from
using a proxy server, as it seems that the VPN is somehow working as an
intermediary or a bridge between the remote user and the secure system. It is
a little more complicated than that. When a proxy server is in use, it is another
layer between the two ends of a connection—an intermediary. When a VPN is
in use, it provides direct access between the two ends but via an encrypted
tunnel; this is analogous to running a cable directly from one end system to
the other, effectively making the remote computer an actual part of the system
to which it is connecting. From this moment, the remote system tunnels all of
its network traffic through the main system.
Whereas a proxy generally works via a web browser and secures all traffic
that passes through the browser, a VPN tunnels all traffic. When using a VPN,
the remote computer no longer perceives itself as connected first to the
Internet and then to the secure system; rather, it perceives itself as being
connected directly to the secure system, with the VPN as its router. The
difference is illustrated in Figure 36.2.
Some use an Internet router as a metaphor to help explain how a VPN works.
In this analogy, the remote computer connects directly to the VPN, which
uses the Internet to connect it to its ultimate host computer, the secure
network.