How to Build a Virtual Private Network

VPNs are an excellent cost-effective way to extend local area networks to remote networks and remote computer users over the Internet. Its greatest advantage is that communication between offsite subnets is as secure as if they were within a single subnet, hence the name Virtual Private Network.

The three essential elements of a VPN

1. IP encapsulation

The first essential element of a VPN system is the use of IP encapsulation. If an IP packet contains other IP packets, it is called IP encapsulation. IP encapsulation can make two physically separate network computers appear to be next to each other - separated from each other only by a router - but they are separated by many network routers and gateways, which may also not use the same address space.

For example, if there are two IP networks connected by a RAS (Remote Access Service) server using PPTP (Point-to-Point Tunneling Protocol), one LAN has a network address of 10.1.1 and the other is 10.1.2. Each RAS server on the network provides a connection to the Internet. One RAS server has a LAN IP address of and an ISP-assigned Internet address of, while the other RAS server has a LAN address of and an ISP-assigned Internet address of At this point if a computer in the 10.1.1 network, assumed to be, needs to send an IP packet to a computer in the 10.1.2 network, assumed to be The communication process is as follows.

1) The sender's computer first notices that the network portion of the destination address does not match its own network address.

2) Instead of sending the packet directly to the destination address, the sender sends the packet to the default gateway address of its own subnet,

3) The RAS server on this 10.1.1 network reads this packet.

4) The RAS server on network 10.1.1 determines that this packet should be placed on a subnet of network 10.1.2.

5) The RAS server encrypts this package and encapsulates it in another package.

6) The router sends this encapsulated packet from its network interface (which is connected to the Internet, assuming the address to the Internet address of the RAS server on the 10.1.2 network subnet.

7) 10.1.2 The RAS server of the network subnet reads this encapsulated and encrypted packet from its Internet interface.

8) 10.1.2 The RAS server on the network subnet decrypts this encapsulated IP packet and verifies that it is a valid IP packet, i.e. that it has not been altered and is from a reliable source.

9) The RAS server on the 10.1.2 network subnet sends this packet from its adapter to the destination address on the network subnet.

10) The target computer reads this package.

This is the IP encapsulation process for a simple VPN.

2. Encrypted authentication

Password authentication is used to securely and efficiently authenticate remote users so that the system can determine the appropriate level of security for that user. For example, a VPN may use password authentication to determine whether a user can participate in an encrypted channel.

3. Data payload encryption

Data payload encryption is used to encrypt the data being encapsulated.

Domestic and international VPN products

VPN is an emerging technology. It is cheaper than a dedicated WAN, but slower than a LAN and less secure than a separate LAN or WAN. Many large domestic and foreign network security product companies have launched their own VPN products, most of these VPN products are combined with their own firewall products, but there are some companies' VPN products are separate. Domestic products include the SJW11 network cryptograph (VPN) product from Tianrongxin, and the upcoming NetEye VPN from Dongda Alpine.

1、Big data boom IDC predicts 260 billion in big data and business analytics solutions by 2022
2、Wanye chain value system wealth feast Shenzhen Pingshan station successfully completed
3、Ma says about horses 3
4、Take a quick tenminute introduction to the drawing wizard Matplotlib
5、How exactly does the AI make its decisions Google researchers are studying

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送