Technology Integrator January/February 2015 : Page 16

IPIQ BY MARTIN BOULTER Martin Boulter is customer services manager with Luxul, a provider of Wi-Fi and wired networking products. Remote Network Access: Which VPN Protocol Should I Use? The three most common VPN types are PPTP, L2TP and IPsec. Each offers different advantages. s we try to find a balance among home, work and recreational activities, there comes an increased need to manage data and systems from anywhere, and using any device (phone, tablet, laptop). But how to securely access and manage the network remotely, without worrying about who has access to the data? The Internet can be a dangerous place for those who don’t carefully consider data security. While there are many options for connecting remotely, my preferred method is using a Virtual Private Network (VPN). A What is the difference between Port Forwarding and a VPN? While Port Forwarding is common-ly used for remote access, it has some major drawbacks in terms of security. VPNs offer better security by encrypt-ing the data transferred between the client device and the private network. What are the different VPN Types? The three most common VPN types are PPTP, L2TP and IPsec. Each offers differ-ent advantages. • PPTP (Point-to-Point Tunneling Protocol) uses a TCP-based control chan-nel to initiate and control a GRE (Generic Routing Encapsulation) tunnel that encrypts packets using PPP (Point-to-Point Protocol). This type of VPN typically runs at 128-bit encryption and is relatively easy to set up, only requiring a username and password combination to connect. PPTP only operates at Layer 3, which What is a VPN? A VPN is a virtual network that uses a public network connection (the Internet) to provide a remote client with a secure connection to a private network. VPNs provide an encrypted connection to a pri-vate network—not just securing the initial login, but also protecting the data passed over the connection. means that the user must know the IP addresses of private network resources in order to gain access to those resources. • L2TP (Layer 2 Tunneling Protocol) is an extension of PPTP that combines the ease of management inherent in PPTP with the Layer 2 traffic capabilities of Cisco’s L2F protocol. This type of VPN requires a secondary encryption method such as SSL or IPsec. Depending on the type of encryption used with L2TP, a range of 128 to 1,024 bits of encryption is available. (With our Luxul routers, for example, L2TP runs over IPsec at 1,024-bit encryption). • IPsec (IP Security) is an end-to-end security protocol that operates at the Internet Layer of the IP suite. The most secure VPN type of the three, it requires a username, password and share secret to allow connection. IPsec typically runs at 1,024-bit encryption and rekeys every few hours. It also offers a Layer 2 connection to the remote private network. When selecting the type of VPN to implement, there are a few considerations. Will the user know the IP addresses of the resources in the private network? If not, L2TP or IPsec are recommended. Also, certain types of data (i.e., WINS, AppleTalk and Bonjour) are only acces-sible via Layer 2 connections. Is the application on the remote connec-tion latency-sensitive? If using VoIP or other latency-sensitive applications, PPTP is recommended as it has the fastest encryption/decryption rate. Will the remote user be passing sensitive data (e.g. proprietary information, product designs, legal documents, financial data)? If the data is of a sensitive nature, IPsec is L 16 January/February 2015

Remote Network Access: Which VPN Protocol Should I Use?

Martin Boulter


The three most common VPN types are PPTP, L2TP and IPsec. Each offers different advantages.

As we try to find a balance among home, work and recreational activities, there comes an increased need to manage data and systems from anywhere, and using any device (phone, tablet, laptop). But how to securely access and manage the network remotely, without worrying about who has access to the data?

The Internet can be a dangerous place for those who don’t carefully consider data security. While there are many options for connecting remotely, my preferred method is using a Virtual Private Network (VPN).

What is a VPN?
A VPN is a virtual network that uses a public network connection (the Internet) to provide a remote client with a secure connection to a private network. VPNs provide an encrypted connection to a private network—not just securing the initial login, but also protecting the data passed over the connection.

What is the difference between Port Forwarding and a VPN?
While Port Forwarding is commonly used for remote access, it has some major drawbacks in terms of security. VPNs offer better security by encrypting the data transferred between the client device and the private network.

What are the different VPN Types?
The three most common VPN types are PPTP, L2TP and IPsec. Each offers different advantages.

• PPTP (Point-to-Point Tunneling Protocol) uses a TCP-based control channel to initiate and control a GRE (Generic Routing Encapsulation) tunnel that encrypts packets using PPP (Point-to-Point Protocol). This type of VPN typically runs at 128-bit encryption and is relatively easy to set up, only requiring a username and password combination to connect.

PPTP only operates at Layer 3, which means that the user must know the IP addresses of private network resources in order to gain access to those resources.

• L2TP (Layer 2 Tunneling Protocol) is an extension of PPTP that combines the ease of management inherent in PPTP with the Layer 2 traffic capabilities of Cisco’s L2F protocol.

This type of VPN requires a secondary encryption method such as SSL or IPsec. Depending on the type of encryption used with L2TP, a range of 128 to 1,024 bits of encryption is available. (With our Luxul routers, for example, L2TP runs over IPsec at 1,024-bit encryption).

• IPsec (IP Security) is an end-to-end security protocol that operates at the Internet Layer of the IP suite. The most secure VPN type of the three, it requires a username, password and share secret to allow connection. IPsec typically runs at 1,024-bit encryption and rekeys every few hours. It also offers a Layer 2 connection to the remote private network.

When selecting the type of VPN to implement, there are a few considerations.

Will the user know the IP addresses of the resources in the private network?
If not, L2TP or IPsec are recommended. Also, certain types of data (i.e., WINS, AppleTalk and Bonjour) are only accessible via Layer 2 connections.

Is the application on the remote connection latency-sensitive?
If using VoIP or other latency-sensitive applications, PPTP is recommended as it has the fastest encryption/decryption rate.

Will the remote user be passing sensitive data (e.g. proprietary information, product designs, legal documents, financial data)?
If the data is of a sensitive nature, IPsec is recommended, as it is the most secure with the highest level of encryption.

What types of client devices will be connecting to the VPN?
PPTP and L2TP clients are built into Mac OSX, iOS, Android, Windows and Windows Mobile operating systems. IPsec clients are built into Mac OSX, iOS and Android. However, IPsec is not built into Windows or Windows Mobile; these platforms will require a third-party client application.

Does the internet provider block or otherwise not allow my VPN choice?
In some areas, the type of VPN permitted is an issue, and all options may not be available. Check with the ISP to see if there are any VPN types prohibited on its network.

Because the VPN type really is dependent upon the application and/or other factors, many commercial-grade routers typically offer multiple VPN choices. Prior to setting up the VPN, carefully consider which will work best in your application and environment.

How do I set up a VPN?
VPN connections consist of two device types: the VPN Server and the VPN Client. The VPN Server is the system with an open port on the internet, listening for client connections. It’s typically run on a router, firewall or internet server that is connected to the private network.

The VPN Client application runs on the device configured to connect to the private network via the desired VPN Server. These can be mobile devices (laptop, phone, tablet) or fixed devices such as a home office desktop, server or even another router or firewall.

Regardless of which VPN type you select, setup is fairly straightforward:
1. Determine what types of VPN your VPN Server will support.
2. Configure the VPN Server on the router, firewall or internet server.
3. Create usernames and set passwords for all desired users. If you are using IPsec, you will also be required to generate a Shared Secret or obtain a certificate with a Public and Private Key.
4. Configure the VPN Client by providing the VPN Server’s internet-accessible IP address or domain name, username, password and shared secret/certificate and private key.
5. Now each time remote access is needed, simply start the VPN Client. As long as the device has an active internet connection, you can connect from anywhere.

A VPN is a reliable option for anyone needing a secure remote connection to a private network. For installers, VPNs can also be used as a fantastic service tool to access the customer’s network and resolve issues without a truck roll.

For more information about setting up a VPN, and other installer tips, check out the “how-to” videos and documents located at Luxul.com.

Martin Boulter is customer services manager with Luxul, a provider of Wi-fi and wired networking products.

Read the full article at http://digitaleditions.napco.com/article/Remote+Network+Access%3A+Which+VPN+Protocol+Should+I+Use%3F/1931237/246344/article.html.

Previous Page  Next Page


Publication List
Using a screen reader? Click Here