Virtual private network is a technology that allows users to remotely access a private network. It basically creates a private connection on a public network. VPN allows you to virtually connect to your private network while being logged on from a local area network or LAN. Usually, VPN services are utilized for official purposes. Such as, employees can access their workplace network for performing tasks like file sharing or using internal web portal without physically being in the office.
Virtual private network is like a group or combination of two or more computer devices usually connected to a private network via public network. The network is created by an organization solely for its own usage and therefore, allows limited public-network access.
VPN generates an exclusive network connection which securely transforms a public connection into a private one. VPN services may exist between a machine and a private network, which is termed as Client-to-server. Alternately, it can be between a remote local area network and a private network, which is called server-to-server. VPN services comprise of three different mechanisms namely:
•Secure Sockets Layer (SSL) VPN
•Split Tunneling VPN
Client to LAN VPN:
In Split Tunneling VPN, users can access a website while a session is activated. This means the users are directly connected to the gateway VPN appliance. Client-to-LAN VPN is a very beneficial feature of Split Tunneling VPN mechanism.
Client to LAN VPN swaps the conventional dial-in remote access through enabling the remote user to directly connect to the state intranet via a secure encrypted tunnel. It makes the users capable of accessing the state intranet by creating the tunnel from the user’s own remote network device, that is, desktop or laptop. The tunnel is linked to the VPN gateway appliance.
For availing the VPN service, the end-user necessarily needs to have access to the Internet via an ISP (internet service provider). Another requirement is that users must download the client software and digital certificate of this VPN and install it on the PC for using it as remote VPN. Thus, in Client-to-LAN VPN, the network connection already exists which provides routing of compressed payloads to the specific LAN tunnel server.
In this mechanism, every user is issued an access policy which may be for individual user or an entire user group. Permission for access is configured as either individual user or group access policy in the VPN gateway appliance. It is important that the access policy is provisioned in the VPN gateway and the client VPN software before the VPN session is initiated.
This provisioning of policy also includes the digital certificate. However, in a policy when the users administer subnet(s), network(s) or any particular host server(s), access permission is granted to the end-user. In such a scenario, other irrelevant IP traffic is denied access.
Client to LAN tunneling mechanism is a bit more advanced specifically if there is one computer device connected to the server and the user wants to access all the computers connected to the server’s LAN. This is why users need to create a route after the tunnel starts. In this mechanism, the data packets for both the web server and the mail are sent into the tunnel. However, those packets that are addressed to the tunnel directly will use the same interface route that existed before tunnel was initiated.