Windows Virtual Hard Disk OpenVPN

I mean as a matter of fact secure--when you're on the Internet? If so, at the time you want a virtual private network.

A VPN creates a secure "tunnel" across the Internet between you and your office, a VPN provider, or your home. Why would you want that? Easy-to-use programs just as Firesheep make it easy for snoops to see what you're writing in your e-mail messages, posting to your Facebook page, or buying online. Nevertheless with a VPN, you can surf the Web through that virtual tunnel, away from prying eyes, and your Internet traffic is encrypted.

Whether you just want to access Wi-Fi networks on the road without potentially exposing your activities to nosy strangers, or whether you need to enable a team of remote employees to handle business securely on the Internet, you can find a VPN to fit your needs. This guide will walk you through VPN essentials for beginners, power users, and IT departments.

The privacy factor alone worth the effort?

Is the privacy factor alone worth the effort? Yes, nevertheless VPNs offer other advantages as so then. For instance, if you're in Canada, ordinarily you can't watch a U.S. TV show on Hulu. Yet you can access the show if you use a VPN to obtain a U.S. IP address.

Some VPN providers offer another benefit: anonymous Web browsing, which allows you to roam the Internet without being tracked. If your ISP blocks some applications, just as Skype or other VoIP (Voice over Internet Protocol) applications, you can use a VPN to get around the restrictions.

What you need

These VPN services may sound specifically like what you need. Beware, nevertheless: Not all services are created equal. If a service doesn't have enough VPN servers--technically, VPN concentrators--to support the number of clients, you may experience poor Internet speeds or be unable to make a connection at all.

Do you want to lock down your Internet connection when you're on the road? If so, the best approach is, clearly, to use a VPN. You're set if you work for a company that can provide you with a VPN. However if you run your own small business or home office, you as well have options.

If you'd in other words not take your hardware's life into your own hands, some routers, just as Buffalo Research's WZR-HP-G300NH AirStation Nfiniti Wireless-N High Power Router, come with DD-WRT already installed.

Some desktop operating systems, including Windows and Mac OS X, include VPN server software. Granted, these are very simple VPNs, nevertheless they may be all you need. Clearly, the Windows Server family comes with more-sophisticated VPN setups. If you're running all Windows 7 customers and Windows Server 2008 R2, you may as well want to consider using DirectAccess, an advanced IPSec VPN that runs over IPv6 on ordinary IPv4-based LANs and the Internet.

If you don't choose to use DirectAccess however opt for Microsoft's older VPN technologies, Windows Server 2008 R2 has a helpful new feature: VPN Reconnect. Such as the name suggests, it will try to connect VPN sessions automatically if they're interrupted by a break in Internet connectivity. This function can be handy for users with spotty Wi-Fi connectivity, since they won't need to manually reconnect with the VPN afterwards they reestablish a network connection.

Another way to add a VPN to your small network is to install VPN server software yourself. The best known of these is OpenVPN, which is open-source. It's available in versions for nearly all popular desktop operating systems, including Linux, Mac OS X, and Windows.

Little too technical for you or your staff

If setting up native OpenVPN sounds a little too technical for you or your staff, you can run it as a VMware or Windows Virtual Hard Disk OpenVPN virtual appliance. With this arrangement, you'll have a basic VPN up and running in minutes.

But OpenVPN is far from the only VPN software out there. Other programs worth considering are NeoRouter and Tinc. If you want more than just VPN services and do-it-all network-services software packages, I highly recommend the open-source Vyatta, Core 6.1. Vyatta includes OpenVPN.

Dozen or so users on the VPN at one time

If you plan on having more than a dozen or so users on the VPN at one time, even though, you'll want to use an inexpensive VPN hardware appliance just as the Juniper Networks SA700 SSL VPN Appliance, the SonicWall Secure Remote Access Series, or the Vyatta 514.

Naturally, no matter what VPN you're running and regardless of your network setup, a VPN in a small business is likely to limit its users' speeds. For instance, in my own home office, my Charter cable Internet connection gives me a 25-megabits-per-second downlink and a 3-mbps uplink. This means that no matter how fast my remote network connection is when I connect to my OpenVPN server, my maximum throughput will be limited to 3 mbps.

I've often seen small businesses flummoxed by slow VPN connections. That by and large happens because neither the users nor the in-house IT staffers realize that the math of Internet connections means that the slowest link along the VPN route will determine the VPN's top speed. If you want a actually fast VPN, you'll need to bite the bullet and get a high-end Internet connection from your ISP.

Serious corporate VPN

If you're running a serious corporate VPN, you already know that neither end-user VPN services nor software-based VPN services can do the job. Sure, you could throw a few dozen OpenVPN or Windows Server 2008 R2 boxes at the problem, nevertheless besides not being fast enough, they'd be a nightmare to manage. When your company needs anything from a few hundred to 10,000-plus active VPN tunnels straightway, you must turn to either top-of-the-line VPN hardware or a national-level VPN service. Traditionally that has meant Cisco, F5 Networks, Juniper Networks, and a handful of other top networking companies.

At this point, too, you might be concerned about the second kind of VPN, circumstances in which you use VPNs to connect different offices and branches securely over the Internet. Here you use technologies just as MPLS, VPLS, and L2VPN to bring at the same time data centers and central and branch offices into one virtual whole.

If you need to start thinking about that kind of VPN, you shouldn't be listening to me. You need to find top network engineers--or better all in all, a qualified network architect--to set up your virtual WAN correctly. A mistake here can cost your company hundreds of thousands of dollars, or foul up your WAN when you least want it to go down. Do you want to explain to the CEO why the companywide videocast went to the great bit-bucket in the sky? I thought not.

Of course, you might want to consider outsourcing to meet your VPN needs. That used to be somewhat chancy, nevertheless in recent years a few major telecoms just as AT&T and Verizon have started offering national and international VPN services. The fees for such services aren't cheap, yet neither is maintaining your own enterprise-level VPNs. Penny-wise and pound-wise network designers will carefully consider VPN outsourcing options.

PPTP: This protocol was first used in Windows, however it comes without any built-in security. It's broadly speaking teamed with the MPPE protocol to create a secure VPN. I say "secure," yet PPTP, aka PP2P, has long had a bad security reputation. Fortunately, PPTP is slowly dying away and being replaced by more secure protocols.

L2TP: Microsoft, working by common consent with Cisco, did better the second time around. L2TP, combined with IPSec security, is much more secure, and it's used in all modern versions of Windows. L2TP is as well supported on Mac OS X and on Linux with programs just as Openswan.