What is a VPN ? How does it work ?Ripunjay Tiwari
Ans. A VPS is a mechanism of employing encryption, authentication and integrity protection so that we can use a public network (such as the Internet) like a private network (i.e., a physical network created and controlled by you). VPS offers a high amount of security, and yet does not require any special cabling to be laid by the organization that wants to use it. Thus, a VPS combines the advantages of a public network (cheap and easily available) with those of a private network (secure and reliable).
A VPS can connect distant networks of an organization, or it can be used to allow travelling users to remotely access a private network (e.g., the organization’s intranet) securely over the Internet.
A VPS is thus a mechanism to simulate a private network over a public network, such as the Internet. The term virtual signifies that it depends on the use of virtual connections. These connection are temporary, and do not have any physical presence. They are made up of packets.
The idea of a VPS is actually quite simple to understand. Suppose an organization has two networks, Network 1 and Network 2, which are physically apart from each other, and we want to connect them using the VPS approach. In such a case, we set up two firewalls, firewalls. The architectural overview is shown in fig. 5.37.
Network 1 connects to the Internet via a firewall named Firewall 1. Similarly, Network 2 connects to the Internet with its own firewall, Firewall 2. We shall not worry about the configuration of the firewall here, and shall assume that the best possible configuration is selected by the organization. However, the key point to note here is that the two firewalls are virtually connected to each other via the Internet. We have shown this with the help of a VPS tunnel between the two firewalls.
With this configuration in mind, bet us understand how the VS protects the traffic passing between any two hosts on the two different networks. For this, let us assume that host X on network 1 wants to send a data packet to host Y on Network @. This transmission works as follows –
- Host X creates the packet, inserts its own IP address as the source address, and the IP address of host Y as the destination address. This is shown in fig. 38 It sends the packet using the appropriate mechanism.
- The packet reaches Firewall 1. As we know, Firewall 1 now adds new headers to the packet. In these new headers, it changes the source IP address of the packet from that of host X to its own address (i.e., the IP address of Firewall 1, say F1). It also changes the destination IP address of the packet from that of host Y to the IP address of Firewall 1, say F2). This is shown in fig. 39. It also performs the packet encryption and authentication, depending on the settings, and sends the modified packet over the Internet.
- The packet reaches Firewall 2 over the Internet, via one or more routers, as usual. Firewall 2 discards the outer header and performs the appropriate decryption and other cryptographic functions as necessary. This yields the original packet, as was created by host X in step 1. This is shown in fig. 5.40. It then takes a look at the plain text contents of the packet, and realizes that the packet is meant for host Y. therefore, it delivers the packet to host Y.