VPN question
Results 1 to 5 of 5

Thread: VPN question

  1. #1
    Banned
    Join Date
    Aug 2004
    Posts
    534

    VPN question

    In this thread "http://www.antionline.com/showthread.php?s=&threadid=273101" It seems that It is accepted that the clients somehow have anything to do w/ VPN connection. I thought that the VPN enabled routers negotiate encrypted VPN connection, which is transparent to the clients. So which is it and what do clients have to do w/ it?


    look at the pic... this is how it should be right???

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    The answer is, "It depends."

    1) Do you have the routers configured to have a site-to-site tunnel? If so, the clients are not involved at all. This means that the data that flows across the internet is encrypted but when it dumps into the WAN/LAN on either end it is in the clear unless there are other mechanisms protecting the data external from the VPN tunnel.

    2) Are you using point-to-point tunnels? This is typically associated with VPN client software on your clients and also the target host. Obviously in this mode of operation, the data is protected the entire path. In this case, the client is involved.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    TH13 already answered the basics of your question...

    A prime example of a client being involved in a VPN is a company member who is travelling. They're staying in a hotel (think public internet access) but you want them to be able to access internal resources (securely)... They would dial in to a VPN Server... There is then a tunnel between the client and the VPN server and the client is considered to be inside the intranet...

    I wrote a tutorial on PPTP VPN operation with a cilent dialing in to a server.. it may provide you with more information.

    http://www.antionline.com/showthread...hreadid=269784

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Banned
    Join Date
    Aug 2004
    Posts
    534
    i'm almost leaving so i will read your TUT when I get home but...

    doesn't VPN imply that the IP address on the remote network/host should be consistent w/ the "base" internal network

    wouldn't clinets dialing/accesing via net be called "remote access"...

    couldn't clients just access via ssh

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    doesn't VPN imply that the IP address on the remote network/host should be consistent w/ the "base" internal network
    Not always. Some VPN solutions use NAT, others use NAT pools and so on. Routing capabilities are pretty standard in most VPNs so the need to have IP addresses that are for the same network range are not necessary. However, certain IPSec VPNs will allow for the scheme you're talking about. I happen to manage one such deployment.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •