This article will help you understand VPN

News 2024-01-09 04:45:44 views: null

This article will help you understand VPN

01.Definition

Virtual Private Network (VPN) refers to the technology of establishing a [ private network ] on a [ public network ] . The reason why it is called [ Virtual Network ] is mainly because the connection between any two [ nodes] of the entire [ VPN network ] does not have the [end-to-end ] physical link required by the traditional private network, but is structured on a public network. [ Logical network ] on the network platform (such as Internet, ATM, Frame Relay, etc.) provided by the network service provider , user data is transmitted in the logical link. For example, an employee of a company is on a business trip and wants to access the server resources of the enterprise [ intranet ]. This kind of access is remote access .

In a VPN, dedicated router settings are placed on sites that connect them to each other, and they are interconnected via public lines . At this time, on public lines, there is a dedicated communication network that cannot read the external content of the communication. If encryption is built, there is no need to worry about eavesdropping on the communication content.

02. Working principle

VPN如何工作,对于更深入地理解这一功能十分有用。VPN背后的工作原理如下:
当您连接到虚拟专用网络服务(即VPN)时,它将通过VPN服务器对客户端进行验证。之后,服务器将对您收发的所有数据,应用一种加密协议。VPN服务会在互联网上创建一个加密“隧道”。该隧道将保护你与目的地之间的传输数据。为了确保每个数据包的安全性,VPN将其打包在外部数据包中,然后通过封装进行加密。外部数据包是VPN隧道中的核心元素,它将确保数据在传输过程中的安全。当数据到达服务器时,通过解密过程,外部数据包将被移除。
  1. Normally, [ VPN gateway ] adopts a dual network card structure, and the external network card uses the public IP to access the network.
  2. Terminal A on network one (assumed to be the public network Internet) accesses terminal B on network two (assumed to be the company's intranet ). The destination address of the access data packet it sends is the internal IP address of terminal B.
  3. When the VPN gateway of network one receives the access data packet sent by terminal A, it checks its target address . If the target address belongs to the address of network two, it encapsulates the data packet. The encapsulation method depends on the VPN technology used. Differently, at the same time, the VPN gateway will construct a new VPN data packet and use the encapsulated original data packet as the payload of the VPN data packet. The destination address of the VPN data packet is the external address of the VPN gateway on network two.
  4. The VPN gateway of network one sends the VPN packet to the network. Since the destination address of the VPN packet is the external address of the VPN gateway of network two, the packet will be correctly sent to the VPN gateway of network two by the route in the Internet .
  5. The VPN gateway of network two checks the received data packet. If it is found that the data packet is sent from the VPN gateway of network one, it can determine that the data packet is a VPN data packet and unpack the data packet. The unpacking process mainly involves first stripping off the header of the VPN data packet, and then reverse processing the data packet to restore it to the original data packet.
  6. The VPN gateway of network two sends the restored original data packet to target terminal B. Since the target address of the original data packet is the IP of terminal B, the data packet can be sent to terminal B correctly. From the perspective of terminal B, the data packets it receives are the same as those sent directly from terminal A.
  7. The processing process of the data packet returned from terminal B to terminal A is the same as the above process, so that the terminals in the two networks can communicate with each other.

From the above description, we can find that when the VPN gateway processes data packets , there are two parameters that are very important for VPN communication: the destination address of the original data packet (VPN destination address) and the remote VPN gateway address. Based on the VPN destination address, the VPN gateway can determine which data packets to perform VPN processing. Data packets that do not need to be processed can usually be forwarded directly to the upper-level routing; the remote VPN gateway address specifies the destination for the processed VPN data packets to be sent. Address, that is, the VPN gateway address at the other end of the VPN tunnel. Since network communication is bidirectional, when conducting VPN communication, the VPN gateways at both ends of the tunnel must know the VPN destination address and the corresponding remote VPN gateway address.

03.Classification standards

Classification by connection method

  • site to site approach

    A site-to-site VPN connection is a way to connect two or more local area networks through a public network . By establishing an encrypted tunnel , data between sites can be transmitted securely to achieve network interoperability between different geographical locations. It is generally used in intranets of the same company but in different locations. It can also be applied to extranets in different companies.

    img

    When a data packet is sent to a VPN hub, the source address of the data packet will be changed to the address of the current VPN hub, and the destination address will be changed to the address of the destination VPN hub. **At this time, the data packet will be encrypted, thus hiding the actual original address and destination address.

    • Client-to-Site VPN ( Remote Access VPN )

      img

      This type is more suitable for home office scenarios. The site-to-site addresses mentioned above are relatively fixed, but each employee's home address is in a different location. If an employee works in another location, the IP address will change. The client-to-site VPN type can solve this problem,** compared to site-to-site VPN, it is very flexible.

Classification by VPN protocol

There are three main types of VPN [ tunnel protocols ], PPTP , L2TP and IPSec . The PPTP and L2TP protocols work on the second layer of the OSI model, also known as the second layer tunnel protocol; IPSec is the third layer tunnel protocol.

Classification by VPN application

  • Access VPN ( remote access VPN): client to gateway, using the public network as the backbone network to transmit VPN data traffic between devices;
  • Intranet VPN : Gateway to gateway, connecting resources from the same company through the company's network architecture;
  • Extranet VPN ( Extranet VPN): forms an Extranet with a partner enterprise network to connect the resources of one company with another company.

Classification by type of equipment used

Network equipment providers have developed different VPN network equipment based on the needs of different customers, mainly switches, routers and firewalls:

  • Router-based VPN: Router-based VPN is easier to deploy, as long as you add a VPN service to the router;
  • Switch VPN: Mainly used to connect VPN networks with fewer users;

04. Implementation method

There are many ways to implement VPN, and the following four are commonly used:

  1. VPN server: In large LANs, VPN can be implemented by building a VPN server in the network center.
  2. Software VPN: VPN can be implemented through dedicated software.
  3. Hardware VPN: VPN can be implemented through dedicated hardware.
  4. Integrated VPN: Some hardware devices, such as routers, firewalls, etc., include VPN functions, but generally hardware devices with VPN functions are usually more expensive than those without this function.

05. Advantages and Disadvantages:

advantage:

  1. VPNs enable mobile workers, remote workers, business partners and others to connect to corporate networks using locally available high-speed broadband connections such as [DSL], cable TV or WiFi networks . In addition, high-speed broadband connections provide a cost-effective way to connect remote offices.
  2. A well-designed broadband VPN is modular and upgradeable. VPNs allow users to use an Internet infrastructure that is easy to set up, allowing new users to be added to the network quickly and easily. This capability means that enterprises can provide large amounts of capacity and applications without adding additional infrastructure.
  3. VPNs provide a high level of security , using advanced encryption and identification protocols to protect data from prying eyes and prevent data thieves and other unauthorized users from accessing this data.
  4. Full control , a VPN allows users to take advantage of their ISP's facilities and services while maintaining full control of their own network. Users only use the network resources provided by the ISP, and can manage other security settings and network management changes by themselves. You can also build a virtual private network within the enterprise.

shortcoming:

  1. Enterprises have no direct control over the reliability and performance of Internet-based VPNs. Organizations must rely on Internet service providers offering VPNs to keep services running. This factor makes it very important for enterprises to sign a service level agreement with their Internet service provider, one that guarantees various performance indicators.
  2. It's not easy for enterprises to create and deploy VPN circuits. This technology requires a high level of understanding of network and security issues and requires careful planning and configuration. Therefore, it’s a good idea to choose an internet service provider that takes care of most things about running your VPN.
  3. VPN products and solutions from different manufacturers are always incompatible because many manufacturers are unwilling or unable to comply with VPN technical standards. Therefore, technical problems may arise when mixing products from different manufacturers. On the other hand, using equipment from one supplier may increase costs.
  4. VPNs pose security risks when using wireless devices. Roaming between access points is particularly problematic. Any solution that uses advanced encryption technology can be compromised as users roam between access points.

06.Application scenarios

  • Encrypted transmission on public networks
    When using public Wi-Fi networks, you are vulnerable to eavesdropping and data tampering by hackers. By connecting to a VPN, users can establish an encrypted connection on a public Wi-Fi network , protecting personal privacy and sensitive data.

  • Breaking geographical restrictions
    . Some websites and online services are restricted based on the user's geographical location. Through VPN, users can choose to connect to servers in other countries or regions, gain access to the corresponding regions, break geographical restrictions, and make long-distance communication no longer a problem. .

  • Encrypted Communication
    For industries that need to protect privacy and sensitive information, such as finance, medical, etc., VPN can provide a secure channel for encrypted communication to prevent data leakage and illegal access.

  • Anonymous surfing the Internet
    Using VPN can hide the user's real IP address and browsing history to achieve anonymous surfing . This is important to protect personal privacy and resist online tracking.

Guess you like

Origin blog.csdn.net/H931053/article/details/131946716
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com