134
Networking: A Beginner's Guide
Both sides must establish a tunnel through their existing PPP connections,
through which their data packets will pass. The tunnel is formed using a
tunneling protocol.
Both sides must agree on an encryption technique to use with the data
traversing the tunnel. A variety of different encryption techniques are available.
So, both sides of a VPN connection must be running compatible VPN software
using compatible protocols. For a remote access VPN solution, the software you install
depends on the VPN itself. Dedicated VPN solutions also sell client software that you can
distribute to your users. Usually, this software carries a per-copy charge, typically around
$25 to 50 per remote computer supported. (Some VPNs include unlimited client licenses,
but the VPN is licensed to accept only a certain number of connections at a time.)
If you are using a Windows server and RRAS service on the server, and some
version of Windows 95 or later on the remote computer, you can take advantage of the
VPN software included for free with those network operating systems. However, this
software must still be set up on each client computer.
VPN Protocols
The three most popular tunneling protocols used for VPNs are Point-to-Point Tunneling
Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Protocol Security
(IPSec). PPTP is a Microsoft-designed protocol that can handle IP, IPX, NetBEUI, and
AppleTalk packets. PPTP is included with Windows, starting with Windows 95, and
is also supported by Windows RRAS (a free upgrade to RAS) and by later versions of
Windows servers. For a Windows-oriented network, PPTP is the way to go.
L2TP is a newer protocol that is an Internet Engineering Task Force standard. It will
probably become the most widely supported tunneling protocol because it operates at
layer 2 of the OSI model, and thus can handle all layer 3 protocols, such as IP, IPX, and
AppleTalk.
IPSec, while probably the most secure tunneling protocol, seems to be most popular
for LAN-to-LAN VPNs and for UNIX-oriented VPNs, due to its reliance on IP. IPSec is
a layer 3 protocol and is limited to handling only IP traffic.
TIP
While IPSec works only with IP packets, an L2TP VPN can also carry the resulting IPSec
packets, because they can be handled like the other major layer 3 packets, such as IP, IPX, and
AppleTalk packets.
Types of VPNs
Four major types of VPNs are in use today. One type uses a router with added VPN
capabilities. VPN routers not only can handle normal routing duties, but they can
also be configured to form VPNs over the Internet to other similar routers, located on
remote networks. This method is used to create VPN WAN links over the Internet,
usually between multiple company locations.