The Tunneling classification is based on the origin of the connection. And through that, there are 2 main types: Compulsory and Voluntary Tunneling.
- Compulsory Tunneling is usually initialized by the Network Access Server without requesting information from the user. Besides, VPN clients are not allowed to access information on VPN servers , since they are not responsible for controlling newly created connections. Compulsory Tunneling will work immediately between server and VPN client, taking the main function in confirming the legality of client account with VPN server.
- Voluntary Tunneling is different, is created, monitored and managed by users. Unlike Compulsory Tunneling - usually managed by service providers, this model requires users to directly initiate connection with ISP units by running the clien VPN application. We can use many different VPN client software to create highly secure tunnels for each private VPN server. When the VPN client program establishes a connection, it will proceed to determine the VPN server or user-specified. Voluntary Tunneling does not require too much, except installing additional tunneling protocols on the user's system.
- PPTP (Point-to-Point Tunneling Protocol) VPN is the simplest VPN technology, using Internet connection provided by ISP to create security tunnel between client and server or client and client. PPTP is a VPN- based application, you probably know that Windows has built-in PPTP functionality, and all that is needed to connect to the VPN system is just a VPN support software. client. Although PPTP does not have a number of security mechanisms to secure the flow of information and data ( Point to Point Protocol takes care of this with PPTP ), Windows, basically, has carried out validation and encryption with PPTP to previously encoded packages. The advantage of this model is that it does not require additional external support hardware to deploy, and the client system can use the software provided to connect to the VPN server. However, the disadvantage of this type of system is based on Point to Point protocol to increase the security of data packets, so before these packages start to "pass" the tunnel, they can still compromised from external sources.
- SSH (Secure Shell) Tunneling uses secure shell protocols to create separate tunnels to transfer data from one point to another. The biggest advantage of using tunneling on SSH is that it is easy to 'bypass' the bypass Internet firewall system. Typically, organizations (who need to force employees to use a fixed proxy server to access websites and private documents) use the SSH protocol to navigate the entire traffic from the dedicate server . There is a slight difference from SSL- based VPN , where HTTPS protocol starts taking effect on applications, management systems, web browsers . to secure data transmission between devices. Outside to the established VPN network, only two HTTPS protocols are required to initiate the connection between the two endpoints.
Developed by IETF, IPSec is primarily responsible for securing IP connectivity between the endpoint of the system and VPN tunnels. Data packets 'going through' IPSec will be encrypted by AES, DES or 3DES . Besides, it also provides additional data compression function and account confirmation for different network layers. IPsec VPN technique uses instead of transport tunnel mode. Before sending data, the system will proceed to 'pack' the IP package into a new IP package, then assign an additional IP header layer, accompanied by ESP - Encapsulated Security Payload header to improve security. In addition to ESP , this model also uses AH - Authentication Header as a support protocol to apply the security layer to the original information and data.
Microsoft has partnered with Cisco and developed an alternative protocol for PPTP, L2TP - Layer to Tunneling Protocol to integrate more data. However, it should be noted that L2TP , like PPTP, does not provide additional information encryption mechanisms based on PPP - Point to Point Protocol to encode different data layers. L2TP tunneling will add L2TP header data to the original payload layer, then move to the last point in the UDP diagram. Besides the Point to Point protocol, security and account authentication can be done by applying IPSec in the network layer.
In fact, there are many ways to create and set up VPN systems for customers, clients and company branches in different parts of the world, so they can be easily shared. Personal information, providing gateway to communicate with external networks.
Like previous Windows operating systems, Windows 7 already has a basic way to connect to a VPN server. If the user intends to connect to the office, PPTP / L2TP VPN network, you can use the VPN client program to start at the connection.
Before starting to proceed, please make sure that you have configured it, set up the device according to the instructions of the system administrator. Next, open the Network & Sharing Center, select the Set up a new connection or network link , the Connection Wizard window will appear , and select Connect to a workplace and Next :
Next, select the connection type to use:
Here we choose Use my Internet connection (VPN)
At the following screen, you need to enter the corresponding information provided by Admin, namely IP address, domain, or via smart card device:
After clicking Next is the last step of this setup process, you need to enter the Username and Password provided by Admin :
Then, click Connect to begin the process of connecting to the VPN . When done, you can check the details of the IP address from the Network and Sharing Center or type ipconfig command in the Command Prompt.
With some of the above technical features, we can see that Virtual Private Network is one of the best solutions for securing personal or corporate data when it must be transmitted to many other locations. each other, easily meet the security and security needs of the model. Compared to other paid systems with similar functions, VPN technology deserves one of the hardest to beat in creating and managing data processing centers.