The Concept of VPN. Part 2
Another important thing to emphasize is that VPN is a client-server technology. This has already been mentioned. Client-Server technology means you have one server that provides a service, and then there is Client trying to connect to the Server to get the service. So whatever you are doing with VPN technology, you will always have a VPN server. This VPN server will be sitting in your office of wherever it is that you are going to be trying to connect to. Then, you have a VPN client generally installed on a computer that you are using to connect to this office.
If you use a laptop computer, you may use a VPN client already installed on the computer. So, you turn on a VPN client on your computer or laptop, and it will say “Where are we trying to connect to?” Generally, you provide it an IP address, external IP address where you are trying to connect to. So this office has an IP address, say, 10.1.10.1., so in VPN address you will put this IP address and your username and password.
As you are trying to connect to the VPN server and the office, your connection goes all the way through the Internet, zigzags through the Internet and will come to the target VPN server, which then looks at the credentials you provided, the username and passwords, and say whether this person is allowed to the network or not. If you have right credentials, it will allow you to be on the network. If you do not have the right credentials, it will shut you out, so you will not be able to use the network. So, this is the basic system of how VPN communication happens.
You need to note there’s lots of different VPN software and hardware out there. Microsoft has VPN software, Cisco has VPN software, there is Open VPN, etc. The main thing to remember is that whatever VPN server you are using you have to use VPN client that will work with it. So, Cisco VPN will not necessarily work with Microsoft VPN, Microsoft VPN will not necessarily work with Open VPN, etc. This is a client-server technology.
We have gone over the basics of what VPN is: it is when we create a tunnel to go through the Internet so that you can securely connect to your office. The tunnel protects your data, the data sent through the tunnel is encrypted, and if somebody penetrates that tunnel, the entire tunnel shuts down and then tries to recreate itself in order to keep hackers that try to get into it off.
Another thing to note is that as we are doing VPN we are doing client-server technology. You have a VPN server in your office, the building you are trying to connect to, and then there is a VPN client that connects to that VPN server on your laptop computer or Smartphone, whatever. You will connect using external IP address, giving your username and password that will all be sent to VPN server. If it is correct, you will be allowed to be on the network; if it is not correct, obviously, you will not be allowed to be on the network.
This is the essence of what virtual private networking is.
In the Real World
So, VPN allows you to connect securely to your office or organization over the network from wherever you are in the world. For instance, you are in Dubai, and you are connecting to your office in D.C. You use this VPN tunnel to connect to your office in D.C., and, say you have a little laptop right here, as far as your computer is concerned, you are actually connected inside this office.
Thus, if you hit the Print button in Dubai, you can send print job to printer installed in Washington D.C. If you need to get to a shared file sitting in the office in Washington D.C., you can get to it; you do not need to open any extra ports , do not need to do anything fancy with your firewall, port forwarding, etc. If you have this VPN connection, as soon as you have set this up, your PC thinks it is inside the building. And the computer inside the building thinks that it is inside the building, so basically it allows you to act as a local, even if you are off in the Internet somewhere.
So there are a couple of things to think about here. It is very important, if you are going to use VPN in the real world.
First thing that causes a lot of problems is that a computer outside the office is going to think it is inside the office, and computer inside the office is going to think that the outside computer is inside. Please remember you are not on the local area network (LAN) that has a speed of 100mbps or 1gbps. Your speed on your computer as you go through the Internet is whatever the speed of the Internet connection is, or actually the speed of the lowest connection of the Internet.
Say, you are in Dubai and have fiber optic connection, because Dubai is cool, but your office only has DSL connection (probably you remember that in DSL the upload speed is 756kbps, right?), so if you are trying to add a very big file, e.g. a 100Mb file, that file has to be pushed out over 756Kbps connection to you in Dubai; that is going to make everything very, very slow.
The first thing to remember as you are going to use VPN in your office or organization or your client’s organization, is that the upload speed that that organization has will dramatically affect the user of that VPN. Most people do not think of it.
If you go out to get Comcast Internet or Verizon Internet they always talk about download speed, they always talk about 10Mb, 100, 3Mb per second downloads. They always talk about download, but very rarely do they talk about upload speed. But please note, with VPN connection the upload speed is going to be as important as download speed. If you only have 756kbps upload connection, VPN is going to be pretty pissed poor. That might be good enough for people that are going to check a couple of emails, send print job or something. If they are going to be pushing and pulling a lot of data back and forth, that is going to be absolute garbage.
And I have a client there right now, they have ten users all trying to use VPN, and they call me in saying: “What should we do? Should we buy a new server, all that networking equipment?” And I looked at that and said “No.” That is, you need to pay $100 a month for this 100 Mb down, 50 Mb up connection . Well, you do that, everything will be OK for you. Why? Because they have 10 users all trying to pull data out of the server installed in their building, but they gave sucky little 756kbps connection, so, that is very, very bad.
Now, let’s move on to the next thing to remember with this VPN technology. This is a real-world problem observed in the wild, not a pure theory. Here in Baltimore we have a lot of old buildings, and a lot of old buildings have a lot of really old wiring. Really old wiring is bad for transmitting data, so, you know, for DSL connection, cable connection, etc. The problem with this is that, say, someone is out here in Baltimore trying to connect to the D.C. office going through all those routers. Remember, one of the things the VPN does is it says that if a hacker is trying to penetrate the tunnel, it will drop the tunnel and try to recreate it using a new path. The question always is what does a hack attack look like, you know, the VPN, the people that program this VPN technology, how do they say what a hacking attack looks like?
And the hacking attack generally looks like this: if the data signal is unsteady, if data stream gets slowed down for some reason, if there are many dropped packets – that will look like a hack attack.
The point is that really old wiring drops a lot of packets, slows things down, and makes a mess of things. So, a lot of times, like in Baltimore, I have seen VPN connection being very bad and almost completely unusable. That is because the old wiring in the building is so bad that there are a lot of packets lost.
VPN technology considers the packets lost due to a hacker trying to penetrate the tunnel. Therefore VPN keeps dropping the connection and then recreating the connection. Well, since that is not hacker, it is wiring, basically what happens is that VPN simply keeps dropping and recreating the connection all the time. So nothing ever gets around to happen.
That is, in the wild you need to realize that as long as you have really bad wiring in the building your VPN connection may keep bouncing up and down because VPN thinks somebody is trying to hack, to penetrate that connection.
These are the things to consider in the real world. And again, as I have said, the upload speed is a very important thing, most people do not think about it. As stated before, if you have 756kbps connection, you don’t have to be using VPN. You need a fiber optic, you need cable Internet, T1 (a fiber optic line that can carry roughly 60 times more data than a normal residential modem), the latter is old school though, like, 15 years old technology, T1 and VPN is still OK, adequate, but not very good.
The final thing to say is that you should not run into this, as I am an old-timer sometimes I see some really old equipment in the field. VPN was once a wow-new technology (a long time ago, twelve years ago), but there were routers created before VPN technology, and before VPN technology was used by a lot of people that did not allow for something called VPN pass-through. This VPN pass-through allows for VPN tunnel to pass through the router. That is, every router built for the past ten years has this built into it. An eleven-year-old router may not have it built-in.
So, if you have really old networking equipment and you cannot not figure out why VPN is not working, it may be that the router does not allow VPN pass-through. If that is the case, basically just throw it out and buy a new one. Frankly, if you are dealing with eleven-year-old router you basically need to throw it out and buy a new one anyway.
So, that is VPN in the real world.
Posted in: KnowledgeBaseLeave a Comment (0) ↓