What is VPN
19.06.2012 15:12 in technical-notes
A Virtual Private Network (VPN) is a private network whose data packets are encapsulated and sent over the public internet.
Contents
What is a VPN?
What is a VPN tunnel?
What are the different kinds of VPNs?
What is SSL VPN?
What is encryption?
What is an encryption key?
What is symmetric key cryptography?
What is public key cryptography?
What is a keypair?
What is the best VPN?
What is X509 PKI?
What is Perfect Forward Secrecy (PFS)?
What is Pre-Shared Key (PSK)?
What is AES256?
Why is Microsoft PPTP a bad idea?
Why do I need a VPN?
What is the best VPN server?
What is Rayservers VPN?
How to install OpenVPN for Rayservers?
How to use Exit Proxies on Rayservers VPN?
Where can I buy a Rayservers VPN?
A VPN tunnel is a visualization of how the encapsulated packet stream 'tunnels' the data over the internet.
What are the different kinds of VPNs?
There are many technologies that tunnel private network data over a public network including GRE, IPSEC, GRE over IPSEC, OpenVPN, Microsoft PPTP, SSH TCP port forwarding, SSH IP tunnels, PPPoE (PPP over Ethernet), Cisco VPN, etc.
An SSL VPN is the same as OpenVPN - this technology uses the cryptographic infrastructure that protects secure web pages.
Encryption is the use of mathematical formulas that render 'cleartext' data indistinguishable from white noise.
(Above image is an illustration of the effect)
An encryption key is similar to a combination on a combination lock that locks and unlocks the scrambled data.
What is symmetric key cryptography?
When only one secret combination is used as the secret to convert data to scrambled data and then back again, it is called symmetric key cryptography.
What is public key cryptography?
When two combinations are used in the mathematical combination lock of encryption where data scrambled by one of the combinations can only be descrambled by the other combination, this results in the ability to send secrets without the need to pre-share a secret combination.
When Alice desires to receive secret messages, she publishes one of the keys - her public key. Bob can then send her a secret message which only she can decrypt as she has the secret key. The two keys together are called a keypair.
The best VPN for mobile and personal computers is X509 full PKI OpenVPN. The best VPN for long lived inter-data-centre VPNs is GRE over IPSEC.
PKI stands for Public Key Infrastructure. Each node identifies itself by a Private/Public keypair and uses public key cryptography to create a symmetric session key that features Perfect Forward Secrecy.
What is Perfect Forward Secrecy (PFS)?
Perfect Forward Secrecy means that encrypted data cannot be recovered in the future. Perfect Forward Secrecy is the concept that random ephemeral keys are generated, exchanged via a Private/Public keypair and automatically replaced with a new session key within a short time. Since there is no record of the session keys, capturing the data stream means that the data stream cannot be decrypted even if the end points are captured at a future date.
Pre-Shared Key VPNs, including OpenVPN and IPSEC using PSK use a fixed shared secret key to encrypt VPN traffic. This means that the compromise of either node in the future will result in all captured data being decryptable.
AES256 is an algorithm where a combination lock using 1 in 2256 combinations encrypts the message - it is like picking one atom in the known universe.
AES is the American Encryption Standard, chosen after a public competition between competing algorithms. When AES256 is used together with a Public Key Infrastructure and Perfect Forward Secrecy, this is the best guarantee that your data remains protected for all time to come.
Why is Microsoft PPTP a bad idea?
Microsoft PPTP tunnels do not implement encryption.
A VPN protects all your internet traffic from snooping.
OpenBSD VPN servers running OpenVPN, OSPFD and OpenBGPD are the best VPN servers.
Rayservers VPN service, implemented on OpenBSD with OpenVPN is a full X509 PKI Public/Private keypair using AES256 ephemeral keys for Perfect Forward Secrecy (PFS). Rayservers uses the open source OpenVPN technology. Open source VPN technology allows experts to verify that the data is mathematically secure.
Rayservers VPN features exit proxies in several countries for your convenience and is designed for business and corporate users.
Rayservers IPSEC VPNs feature inter-data-centre or inter-corporate networks using dedicated OpenBSD GRE over IPSEC routers, Open Shortest Path First (OSPF) based automatic VPN routing and multihomed BGP to multiple carriers using OpenBGPD. Contact Rayservers for a quote.
How to install OpenVPN for Rayservers?
How to use Exit Proxies on Rayservers VPN?
Where can I buy a Rayservers VPN?
You can buy a Rayservers VPN directly from us or use one of our resellers who can provide you local support
French: Rayservers FR, Toonux
Permission is given under the Rayservers license to use the text and images on this page.
A link back to this page is requested.