Katana VentraIP

Virtual private network

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.[1]

"VPN" redirects here. For other uses, see VPN (disambiguation). For commercial services, see VPN service.

A VPN can extend access to a private network (one that disallows or restricts public access) to users who do not have direct access to it, such as an office network allowing secure access from off-site over the Internet.[2]


The benefits of a VPN include security, reduced costs for dedicated communication lines, and greater flexibility for remote workers.[3]


A VPN is created by establishing a virtual point-to-point connection through the use of tunneling protocols over existing networks. A VPN available from the public Internet can provide some of the benefits of a private wide area network (WAN).[4]

the tunneling protocol used to the traffic

tunnel

the tunnel's termination point location, e.g., on the customer or network-provider edge

edge

the type of topology of connections, such as site-to-site or network-to-network

the levels of security provided

the they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity

OSI layer

the number of simultaneous connections

Virtual private networks may be classified into several categories:


Typically, individuals interact with remote access VPNs, whereas businesses tend to make use of site-to-site connections for business-to-business, cloud computing, and branch office scenarios. However, these technologies are not mutually exclusive and, in a significantly complex business network, may be combined to enable remote access to resources located at any given site, such as an ordering system that resides in a data center.


VPN systems also may be classified by:

such that even if the network traffic is sniffed at the packet level (see network sniffer or deep packet inspection), an attacker would see only encrypted data, not the raw data

confidentiality

sender to prevent unauthorized users from accessing the VPN

authentication

message to detect and reject any instances of tampering with transmitted messages

integrity

(MPLS) often overlays VPNs, often with quality-of-service control over a trusted delivery network.

Multiprotocol Label Switching

L2TP which is a standards-based replacement, and a compromise taking the good features from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F)[35] (obsolete as of 2009) and Microsoft's Point-to-Point Tunneling Protocol (PPTP).[36]

[34]

Trusted VPNs do not use cryptographic tunneling; instead, they rely on the security of a single provider's network to protect the traffic.[33]


From a security standpoint, a VPN must either trust the underlying delivery network or enforce security with a mechanism in the VPN itself. Unless the trusted delivery network runs among physically secure sites only, both trusted and secure models need an authentication mechanism for users to gain access to the VPN.

VPNs in mobile environments[edit]

Mobile virtual private networks are used in settings where an endpoint of the VPN is not fixed to a single IP address, but instead roams across various networks such as data networks from cellular carriers or between multiple Wi-Fi access points without dropping the secure VPN session or losing application sessions.[37] Mobile VPNs are widely used in public safety where they give law-enforcement officers access to applications such as computer-assisted dispatch and criminal databases,[38] and in other organizations with similar requirements such as field service management and healthcare.[39]

Networking limitations[edit]

A limitation of traditional VPNs is that they are point-to-point connections and do not tend to support broadcast domains; therefore, communication, software, and networking, which are based on layer 2 and broadcast packets, such as NetBIOS used in Windows networking, may not be fully supported as on a local area network. Variants on VPN such as Virtual Private LAN Service (VPLS) and layer 2 tunneling protocols are designed to overcome this limitation.[40]

Kelly, Sean (August 2001). . Communication News: 26–28. ISSN 0010-3632. Archived from the original on 17 December 2001.

"Necessity is the mother of VPN invention"