Tuesday, July 05, 2005

Notes on VPN

I know almost nothing about VPN before. The following are my notes from various resources.

To be considered a VPN, the technology must perform at least two functions: authenticate the end user and assign the remote node an IP address routable on the local network. A VPN is virtual because it rides atop some real network; it's private because the communication between the client node and the VPN server are encrypted.

There are two VPN types: PPTP and L2TP+IPsec.

  • Used only IP-based networks
  • Uses PPP (MPPE) encryption
  • Allows IP, IPX, and NetBEUI traffic to be encrypted
  • Tunnel authentication
  • Works over NAT
  • Port 1723/tcp and IP protocol 47


  • Support any point-to-point connection, including IP, ATM, and trame relay
  • Encryption is hnadled by IPsec
  • Allows IP traffic to be encrypted
  • No tunnel authentication
  • Both machine-level (IPsec) and user-level (L2TP) authentication are provided
  • IPsec transport mode is used
  • Doesn't work with NAT until Windows Server 2003
  • Windows Server 2003 includes a basic VPN quarantine function
  • Port 1701/udp and IP protocol 50

Unless you have a need to inspect all traffic between VPN clients and the internal network, the best place to locate your VPN server is alongside your firewall.



Post a Comment

<< Home