uVPN

A virtual private network (VPN) is programming that creates a safe, encrypted connection over a less secure network, such as the public internet. A VPN uses tunneling protocols to encrypt data at the sending end and decrypt it at the receiving end. To provide additional security, the originating and receiving network addresses are also encrypted.

VPN protocols

VPN protocols ensure an appropriate level of security to connected systems when the underlying network infrastructure alone cannot provide it. There are several different protocols used to secure and encrypt users and corporate data. They include:

IP security (IPsec)

Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

Point-To-Point Tunneling Protocol (PPTP)

Layer 2 Tunneling Protocol (L2TP)

OpenVPN

Types of VPNs

Network administrators have several options when it comes to deploying a VPN. They include:

Remote access VPN

Remote access VPN clients connect to a VPN gateway server on the organization's network. The gateway requires the device to authenticate its identity before granting access to internal network resources such as file servers, printers and intranets. This type of VPN usually relies on either IP Security (IPsec) or Secure Sockets Layer (SSL) to secure the connection.

Site-to-site VPN

In contrast, a site-to-site VPN uses a gateway device to connect an entire network in one location to a network in another location. End-node devices in the remote location do not need VPN clients because the gateway handles the connection. Most site-to-site VPNs connecting over the internet use IPsec. It is also common for them to use carrier MPLS clouds rather than the public internet as the transport for site-to-site VPNs. Here, too, it is possible to have either Layer 3 connectivity (MPLS IP VPN) or Layer 2 (virtual private LAN service) running across the base transport.

Mobile VPN

In a mobile VPN, a VPN server still sits at the edge of the company network, enabling secure tunneled access by authenticated, authorized VPN clients. Mobile VPN tunnels are not tied to physical IP addresses, however. Instead, each tunnel is bound to a logical IP address. That logical IP address sticks to the mobile device no matter where it may roam. An effective mobile VPN provides continuous service to users and can seamlessly switch across access technologies and multiple public and private networks.

Hardware VPN

Hardware VPNs offer a number of advantages over the software-based VPN. In addition to enhanced security, hardware VPNs can provide load balancing to handle large client loads. Administration is managed through a Web browser interface. A hardware VPN is more expensive than a software VPN. Because of the cost, hardware VPNs are a more realistic option for large businesses than for small businesses or branch offices. Several vendors, including Irish vendor InvizBox, offer devices that can function as hardware VPNs.

VPN appliance

Dynamic multipoint virtual private network (DMVPN)

虚拟专用网（VPN）是一种编程，可通过安全性较低的网络（例如公共Internet）创建安全的加密连接。 VPN使用隧道协议在发送端加密数据，并在接收端解密数据。为了提供额外的安全性，还对原始和接收网络地址进行了加密。

VPN协议

当底层的网络基础架构无法单独提供VPN协议时，VPN协议可以为连接的系统提供适当级别的安全性。有几种不同的协议可用于保护和加密用户和公司数据。他们包括：

IP安全性（IPsec）

安全套接字层（SSL）和传输层安全性（TLS）

点对点隧道协议（PPTP）

第2层隧道协议（L2TP）

开放VPN

VPN的类型

网络管理员在部署VPN时有多种选择。他们包括：

远程访问VPN

远程访问VPN客户端连接到组织网络上的VPN网关服务器。网关要求设备在授予对内部网络资源（如文件服务器，打印机和Intranet）的访问权限之前，先对其身份验证。这种类型的VPN通常依赖IP安全性（IPsec）或安全套接字层（SSL）来保护连接。

站点间VPN

相反，站点到站点VPN使用网关设备将一个位置的整个网络连接到另一位置的网络。远程位置的终端节点设备不需要VPN客户端，因为网关可以处理连接。通过Internet连接的大多数站点到站点VPN都使用IPsec。对于他们来说，使用运营商的MPLS云而不是公共互联网作为站点到站点VPN的传输也是很常见的。在这里，也有可能在基本传输中运行第3层连接（MPLS IP VPN）或第2层（虚拟专用LAN服务）。

移动VPN

在移动VPN中，VPN服务器仍位于公司网络的边缘，可通过经过身份验证的授权VPN客户端进行安全的隧道访问。但是，移动VPN隧道不与物理IP地址绑定。相反，每个隧道都绑定到一个逻辑IP地址。该逻辑IP地址无论在何处漫游都将粘在移动设备上。有效的移动VPN可为用户提供连续的服务，并可在接入技术和多个公共和专用网络之间无缝切换。

硬件VPN

与基于软件的VPN相比，硬件VPN具有许多优势。除了增强的安全性外，硬件VPN还可以提供负载平衡以处理大型客户端负载。通过Web浏览器界面管理管理。硬件VPN比软件VPN更昂贵。由于成本高昂，与小型企业或分支机构相比，对于大型企业而言，硬件VPN是更现实的选择。包括爱尔兰供应商InvizBox在内的多家供应商提供了可以充当硬件VPN的设备。

VPN设备

动态多点虚拟专用网（DMVPN）