2.7.1. Virtual Private Networks (VPNs)

Virtual Private Networks or VPNs allow two networks to connect directly to each other over another network such as the Internet. All data is transmitted securely over an encrypted tunnel, hidden from prying eyes. Similarly, a single computer can also connect to another network using the same facilities. One of the protocols used to create VPNs is known as IPsec. Another is SSL/TLS as used by OpenVPN.

IPCop can easily establish VPNs between other IPCop servers. IPCop can also inter-operate with just about any VPN product that uses IPsec or OpenVPN. VPN connections in IPCop are defined as Net-to-Net or Host-to-Net. This is 100% optional, so you may safely ignore this section if you do not wish to make use of this feature. IPCop can use both IPsec and OpenVPN at the same time.

Most modern operating systems have support for IPsec and/or OpenVPN. This includes Windows, Macintosh OSX, Linux and most Unix variants. Unfortunately, the tools needed to provide this support vary greatly and may be difficult to set up.

Note

The clocks and timezones on either end of a VPN tunnel must be up to date before configuring or starting a VPN.

2.7.1.1. Net-to-Net

Net-to-net VPNs link two or more private networks across the Internet, by creating an IPsec tunnel. In a net-to-net VPN, at least one of the networks involved must be connected to the Internet with an IPCop firewall. The other network can be connected to an IPCop firewall, or another IPsec enabled router or firewall. These router/firewalls have public IP addresses assigned by an ISP and are most likely to be using Network Address Translation, hence the term Net-to-Net.

Note

Net-to-Net VPNs can only be created using IPsec. OpenVPN Net-to-Net is not yet implemented.

2.7.1.2. Host-to-Net

A Host-to-Net connection is where IPCop is at one end of the VPN tunnel and a remote or mobile user is on the other end. The mobile user is most likely to be a laptop user with a dynamic public IP address assigned by an ISP, hence the terms Host-to-Net or Roadwarrior.

If desired, a VPN can be created between wireless machines on your BLUE network and an IPCop firewall. This ensures that traffic on your BLUE network cannot be intercepted with wireless sniffers.