CompTIA A_ Certification All-In-One Exam Guide, Seventh Edition - Michael Meyers [452]
Virtual Private Networks
Remote connections have been around for a long time, long before the Internet existed. The biggest drawback about remote connections was the cost to connect. If you were on one side of the continent and had to connect to your LAN on the other side of the continent, the only connection option was a telephone. Or, if you needed to connect two LANs across the continent, you ended up paying outrageous monthly charges for a private connection. The introduction of the Internet gave people wishing to connect to their home networks a very cheap connection option, but with one problem: the whole Internet is open to the public. People wanted to stop using dial-up and expensive private connections and use the Internet instead, but they wanted to do it securely.
Those clever network engineers worked long and hard and came up with several solutions to this problem. Standards have been created that use encrypted tunnels between a computer (or a remote network) to create a private network through the Internet (Figure 25-49), resulting in what is called a Virtual Private Network (VPN).
An encrypted tunnel requires endpoints—the ends of the tunnel where the data is encrypted and decrypted. In the SSH tunnel you’ve seen thus far, the client for the application sits on one end and the server sits on the other. VPNs do the same thing. Either some software running on a computer or, in some cases, a dedicated box must act as an endpoint for a VPN (Figure 25-50).
To make VPNs work requires a protocol that uses one of the many tunneling protocols available and adds the capability to ask for an IP address from a local DHCP server to give the tunnel an IP address that matches the subnet of the local LAN. The connection keeps the IP address to connect to the Internet, but the tunnel endpoints must act like NICs (Figure 25-51). Let’s look at one of the protocols, PPTP.
Figure 25-49 VPN connecting computers across the United States
Figure 25-50 Typical tunnel
Figure 25-51 Endpoints must have their own IP addresses.
PPTP VPNs
So how do we make IP addresses appear out of thin air? Microsoft got the ball rolling with the Point-to-Point Tunneling Protocol (PPTP), an advanced version of a protocol used for dial-up Internet called PPP that handles all of this right out of the box. The only trick is the endpoints. In Microsoft’s view, a VPN is intended for individual clients (think employees on the road) to connect back to the office network, so Microsoft places the PPTP endpoints on the client and a special remote access server program called Routing and Remote Access Service (RRAS), originally only available on Windows Server, on the server (see Figure 25-52).
Figure 25-52 RRAS in action
On the Windows client side, you right-click on My Network Places and click on Create a New Connection (Windows 2000–XP) or right-click on Network and select Set up a connection or network (Windows Vista) from the Network and Sharing Center. This presents you with a dialog where you can enter all your VPN server information. Your network administrator will most likely provide this to you. The result is a virtual network card that, like any other NIC, gets an IP address from the DHCP server back at the office (Figure 25-53).
Figure 25-53 VPN connection in Windows
* * *
EXAM TIP A system connected to a VPN looks as though it’s on the local network, but performs much slower than if the system were connected directly back at the office.
When your computer connects to the RRAS server on the private network, PPTP creates a secure tunnel through the Internet back to the private LAN. Your client takes on an IP address of that network, as if your computer were plugged into the LAN back at the office. Even your Internet traffic will go through your office first. If you open