VPN Routing Basics
Typically,VPNs are set up through a firewall rather than a router. However, because we’re using Linux we’ve got the flexibility to combine the two. Alternatively, you could still use Linux for the router and firewall/VPN but build them on separate boxes for security purposes.Whatever you want to do, Linux is flexible enough for you to do it.
A VPN is an alternative to expensive leased lines that are closed to other network traffic. By making use of the Internet as a bridge between networks, companies can save a lot of money and still be secure by utilizing a VPN.
A Little More About VPNs
As you probably already know,VPN stands for Virtual Private Network. Because the Internet is hideously insecure, you wouldn’t want to transmit any important data over the Internet unencrypted. For folks doing commerce, we have HTTPS. For people who just want to run a shell or X sessions, there’s SSH. But what if you want to join two far-flung networks together securely and share all the common resources across the Internet? That’s where VPNs come in.
The metaphor most often used to describe the method of connecting two networks securely is a tunnel. You think of the communications taking place between the two networks as being inside a few layers of outer coating. You’re still using TCP/IP to transmit your data, but instead of unencrypted data being transmitted, the data is encrypted so that even if a potential attacker can intercept your packets—something you have no control over on an unsecured shared network—they shouldn’t be able to make any sense out of the packets themselves. Your data is (theoretically) safe from prying eyes, and your network is safe from intruders.
So it’s considered a private network even though the transmissions take place over a public network. It’s not always as convenient as a WAN, but VPNs can prove a very useful substitute where budget and resource constraints make WANs impractical or when time and mobility are factors. For instance, you might wish to implement a VPN to allow Linux-based Point-of-Sale terminals to operate over a dial-up to interact with a central credit-card processing machine for your company while doing sales at trade shows.
One of the most common protocols for VPNs is the Point-to-Point Tunneling Protocol. As the name suggests, PPTP is based on the Point-to-Point Protocol.There are several implementations of PPTP for Linux that are interoperable with other operating systems such as Windows (and Linux, of course!) that you can utilize to create your own VPN. We cover VPNs extensively in Chapter 8, “Kernel 2.4.x Routing Daemons.”