Introduction to VPN
VPN enables users to access the public internet in a protected way through a private tunnel and it provides a secured environment equivalent to their own network.
Three applications of VPN are:
- Corporate users access their Organization servers remotely through the internet from Home or Outside while on tour.
- Servers in Business units are connected to their head office servers through the internet.
- Individuals accessing the internet need to
- be protected from hackers in an unsecured Wi-Fi environment
- overcome location-based restrictions
- keep Anonymity
- to do prudent shopping
In this article let us analyze the installation of VPN for all the above applications.
How to Install VPN?
Installation of VPN is given below:
For Corporate Users (Client-based VPN)
Employees who are on tour or working from home will have to log into their organization’s servers for information access and online transaction.
For doing so they need to install, VPN Client software and certificate generated by Organization’s VPN gateway server for authentication, in their device. This certificate will have to be renewed periodically. Thus they get connected to their organization’s server via a secured tunnel thru a VPN gateway server and exchange the data in an encrypted way.
Installation VPN Gateway Server
- This VPN server should have a strong user management function
- Should authenticate the users and allow them to pass thru to file servers and intranet
- Generate VPN certificates periodically for the users
- Manage validity details of the individual certificates and deny permission post maturity period
- Should support IP security (IPsec), Secure sockets layer (SSL) protocol for ensuring secured connection
- There should be a backup server to maintain business continuity in case of hardware failure
Installation VPN Client Software
Business users can install third-party generic client software (e.g. OpenVPN client or Anyconnect by Cisco) or custom software or built in VPN client. There is so much custom software available in the market. It’s organizations’ call to select the right VPN client compatible with their VPN server and certificates generated by it.
The following steps should be used to install client software
- VPN client software still has to be downloaded from a central repository.
- Users will have to be given permission to download this software or Administrators can support this activity.
- The downloaded Client software to be invoked
- Connection name, Domain name, Server name, server IP details, and type of connection will have to be provided.
- User name and password details will have to be filled.
- Option to select a protocol during run time from multiple lists can be provided as per the IT policy of the organization
Installation of Certificates
Certificates authenticate the user’s identity and allow them to enter the organization’s network. It replaces the need for the generation of public and private keys for individual transactions. Certificates have a life period and will automatically become invalid post maturity date. A certificate is mandatory in these kinds of corporate networks. VPN gateway server generates the certificates for the users and manages it also. Users will either be allowed to download the certificates and install or administrators will support the work remotely.
Steps followed in the installation of certificates
- Open the client software configuration and get into the certificate section
- Download the certificate
- Enable appropriate policies wherever required
- Activate the certificate
- Login with username and password and test the access to intranet resources
For renewing the certificate on a periodical basis similar steps have to be followed
Site to Site Connectivity (Network-Based VPN)
A network is connected to another network in a different location over the public internet, through a VPN connection. Unlike the client VPN, individual users do not require VPN clients to be installed on their PCs. Routers and VPN gateway manage the secured connection through a VPN tunnel. A typical example is a network of branch offices located in different cities connect to a Corporate data center thru VPN based WAN network.
Three main types of network-based VPN are
- Policy-based and route-based IPsec tunnels
- Dynamic multipoint VPN
- L3VPNs (MPLS based)
IPsec Tunnels: A simple network architecture, similar to client-based VPN, transmits data between networks thru a secured tunnel. Client VPN transmits data to a single end-user device. A device in each network will be designated as endpoint and the data will flow between endpoints and the VPN certificates installed in the end devices provide the secured channel. Crypto access list as part of policy-based VPN, defines the source and destination networks that can talk to each other and this list needs to be updated whenever a new network is added. Route-based VPNs allow free connection between any two networks.
Dynamic multipoint VPN: DMVPN provides a connection between any networks by providing dynamic IPs to the devices and connecting them in a secured way. Dynamic IPs are maintained in DMVPN’s Hub. This VPN enables Business organizations to connect their multiple offices through the public internet.
L3 VPN MPLS Based: Multi-protocol label switched network offers robust connectivity between branch office networks within a country as well as outside. It provides guaranteed services and consumes less internet bandwidth. Data from one branch office is passed through a router in that network to MPLS which takes over the rest of the activities till the data is delivered to the router of the receiving branch. Data transfer thru the public network is managed by MPLS
Steps in Installation of VPN in these routers
- Connect to Router’s network thru an internet browser in a computer. (Use Ipconfig to get the IP address of Router)
- Login to the router as admin
- Configure the VPN setting
- Complete the policy settings
- Set other parameters as per the types of VPN options adopted
- Download the certificates
- Install the certificates
- Check the connectivity between the network before releasing it to production
VPNs for Individuals
Individuals willing to access the internet in a secured way will have to
- Choose the VPN services and be very specific about the country where the services are hosted from
- Register with a VPN service provider
- Decide on the VPN Client software between in-built, third party, and custom-built.
- Download client software and login to the VPN services site and install it.
- Check the connection and start using it.
We had seen how to install VPN in major use cases involving different types of VPNs. VPN offers the best of both the world experience for the online users by providing them the security of the local network while accessing thru public internet.
This is a guide to Install VPN. Here we also discuss the definition and how to install VPN? along with a detailed explanation. You may also have a look at the following articles to learn more –