Click here to Skip to main content
Click here to Skip to main content

Windows Networking Overview - Part VII Virtual Private Networking

, 10 Aug 2006
Rate this:
Please Sign up or sign in to vote.
Providing a brief discussion for what VPN is and what it isn't as well as how it is used.

Introduction

Based upon the votes and the comments I've been receiving so far I need to address something up front in this series. This entire article series is not source code related and if you are expecting source code you won't find it. Comments so far are suggesting that this article does not belong here. I'd like to address that by saying that if you are developer writing code that will work across networks then these articles might be valuable to you. If your systems are not configured properly the best code in the world won't run right. So consider these articles prerequesite articles that should be read before starting a project where your code is intended to work across networks.

I've written a series of articles to provide developers with a broad amount of information that covers general networking topics. In this series I'll be discussing:

I had originally intended this to be a single article but it has grown to be much to large to be a single article. I also think that breaking it up into topics does a better job of granulating the information and makes it easier for readers to ask specific questions that will flow together in the reader comments area. If it's possible I'd like to have the above bulleted list link to all the articles so that readers may jump around from one topic to the other.

I'll be including this information in each relevant section but right up front I'd like to group this information for the convenience of the reader. I'm going to take the approach that you are brand new to networking and need the information presented in a way that flows smoothly from one topic to the next. Please understand this is not a simple topic. Networking is a black art and I mean that seriously. If you intend to fully understand networks and become proficient in them at a basic-working-level you will invest several hours to do so. Expect to make mistakes and expect it to be slow going at first. That's the nature of the topic.

As you read through this feel free to request an article on other topics in networking or feel free to ask me to add to a current section and drive it a bit deeper. I'm open to improving anything you see here and adding more content will just add value to the entire project.

From the top I'd start by reading TCP/IP Networking in Class C Subnets. I'd read it a few times so that you have the core down. I'd immediately move to Command Line Tools - IPCONFIG as it will provide an extra level of visibility to what was discussed in TCP/IP Networking in Class C Subnets. Even though it's the most difficult topic I've written on so far I'd recommend Adding Wireless Routers to Existing Networks next. It will force you to apply everything else I have discussed and it will do so in such a way that you will utterly understand it all by the time you have done it a few times. Even though many people have no need to know about Internet Connection Sharing (ICS) I think it's the next logical choice in progression. It will help you to understand networking landscapes a bit more and drive depth in your basic knowledge. I save the most practical for closest to the end because Sharing Files, Printers and Other Network Resource plagues almost every network I've ever seen. It's the most necessary aspect of networking for users and it can be one of the hardest to troubleshoot. You will need the knowledge gained from all the other articles to troubleshoot any problems you may have in Sharing Files, Printers and other Resources. As a final topic I'll briefly delve into VPN but it's a bit like trying to fit the ocean into a 1 gallon jug. Virtual Private Networking (VPN) is vast and enormous in scope and the security liability is enormous if you screw up.

That just about covers it. Now it's time to dive in. I hope you enjoy the material and feel free to ask further questions in the comments area.

Prerequisites

I've spent the last 8 years of my life fighting Class C subnets in Windows, Linux and MAC environments. To be honest networking is like black magic. Some people understand it and many never will. I think the reason for this is fear that you can break something. This is a valid fear. If you hose your TCP/IP stack you are in big trouble. If you are reading this article and are new to networking I'd suggest all of the following to guarantee you learn what you need and don't destroy your own PC's and network in the process.

  • If you have an extra PC to play with perfect make sure you are fine to trash it and reload it if necessary.
  • Before getting started I recommend downloading a product like Acronis True Image and making a full backup of your system. (Please verify the backup image.)
  • If you are going to play with a router that currently works please export/download it's firmware settings as a safe backup.
  • Please write down every setting you change and in what order. It's very easy to go backwards when you take good notes as you go.

Virtual Private Networking (VPN)

Virtual Private Networking (VPN) has become one of the biggest buzz words of the last 10 years. It gets thrown around and abused so much by so many people that I'm confident that if you asked 10 people who claim to understand networking what VPN is you'd get at least 5 different answers. In a nutshell a VPN connection is any technology that joins a remote machine to a local network as if that machine was sitting there on the network. In every case I have seen a VPN will be setup where the Remote User will have some type of software based connection settings that will negotiate through a firewall that audits those connections and allows them to join up with the VPN enabled server. A properly configured VPN connection should be using at least 2 forms of encryption and 2 forms of authentication. Most often the encryption will be a DES combined with a SHA and the authentication will be a Pre-Shared-Key (PSK) combined with a username and password. The remote users will not have any knowledge of what the PSK is and they will be required to enter in their username and password each time they connect. Using a mechanism similar to this a remote workstation can be virtually added into a local domain and treated as a local machine assuming that all the rules in the firewall and VPN server allow for it.

VPN is not Remote Desktop, Terminal Services, LogMeIn or Remote Control in *any* form. You can certainly use those things over a VPN negotiated connection but in and of themselves they are not VPN connections. I will not get into the details of the various protocols and combinations that the products I mention use to connect to machines but needless to say it's a thin SSL based Peer-to-Peer connection and that's about as fancy as it will get.

True VPN usually comes in two forms. There is a mobile workforce VPN that is software->hardware->software. Which is to say that a software client will negotiate a secure tunnel with a hardware firewall and then authenticate and join a VPN server (there are a few exceptions but I'm mainly going to stay with the rule). The second form and my favorite is hardware-to-hardware VPN or sometimes called Branch-Office VPN. This VPN tunnel is a permanent tunnel that is created between to physical hardware devices that are usually firewalls and usually in the $1000 range for a premium solution. Each of these firewalls bind to each other using MAC and IP interfaces and they authenticate on a regular basis using some type of PSK authentication. You can configure them to use SSL certificates as well.

If you are interested in VPN there are some great open source free VPN products that work over SSL and I they are fantastic. If you want a several thousand dollar VPN tunnel between two hardware devices that will cost you about $100 bucks Google for the latest Linksys firewall that is compatible with the open source firmware that has been written to run on the Linksys firewalls. From what I understand this will give you some pretty hefty protection and configuration without the price or the service agreements.

If you want a no hassle remote desktop connection system that will work from anywhere in the world and through firewalls. I recommend you check out http://www.logmein.com they offer a few great products and you can have I think up to 5 PC's accessible by their free version. I've been using the products for almost 2 years on almost 200 computers and it's never let me down. So if you are interested check them out and tell them I sent you it may not count for much but then again it might get you a discount to.

Lastly, if you are running Windows 2000/2003 Server or Windows 2000/2003 Small Business Server look through the documentation. These products can be enabled as VPN servers and you can authenticate against them. Windows XP has a built in VPN client and if the demand is high enough I can provide documentation for using the Windows XP VPN Client to establish a VPN tunnel with Windows 2000/2003.

History

August 10th, 2006. First release.

August 11th, 2006. Added links to other articles in the series and information to address comments that these articles do not belong at CodeProject.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

code-frog

United States United States
No Biography provided

Comments and Discussions

 
GeneralConfiguring Windows VPN Client PinmemberVedicAnand25-Feb-07 23:58 
GeneralRe: Configuring Windows VPN Client Pinmembercode-frog26-Feb-07 5:09 
GeneralCongratulations! PinmemberHans Dietrich16-Aug-06 2:37 
GeneralSSL vs IPSec Pinmemberkuduk11-Aug-06 1:22 
GeneralRe: SSL vs IPSec Pinmembercode-frog11-Aug-06 8:17 
GeneralVPN Pinmembernorm .net10-Aug-06 23:04 
GeneralRe: VPN Pinmembercode-frog11-Aug-06 8:22 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web02 | 2.8.140709.1 | Last Updated 11 Aug 2006
Article Copyright 2006 by code-frog
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid