Network Infrastructure VPN and IPV6

VPN

Virtual Private Network (VPN) allows private network (LAN) to be extended outside the network. Users of VPNs access resources as if they are present locally though actually they are located remotely. A VPN connection is created through A WAN (ink such as the Internet but appears as a private link to the end-users hence the name Virtual Private Network. Though accessed through the internet in most cases, high level of security is maintained between the host computer and the network through use of tunneling protocols and encryption.

For example, look at the following scenario where an employee is allowed to access their office network from a remote location:

  1. Employee connects to the ISP to gain access to the Internet.
  2. ISP assigns a public IP address to the employee’s computer.
  3. Employee connects to the office using VPN.
  4. VPN server validates, authorizes and allows employee to connect to office network. At this stage, a private IP address from the VPN DHCP is issued to the employee’s computer and a secure tunnel between the VPN cilent software and server is established.
  5. Employee uses the resources available at office network as if it is available locally.
  6. Information is sent and received using encryption mechanisms as defined by the administrator.

VPN uses one of the following two protocols:

  • PPTP or Point to Point Tunneling Protocol operates using TCP (port 1723) encapsulate PPP packets and can work with variety of other protocols such a IP, IPX & NetBEUI. PPTP relies on authentication protocols such as PAP, SPA CHAP, MS-CHAP, EAP for secure authentication and MPPE to create the VPN tunnel. Support for PPTP is widely available in most client operating systems making it easier to implement. However, PPTP has many security flaws and is considered insecure.
  • L2TP or Layer 2 Tunneling protocol operates using UDP (port 1701) and uses IPSec for security and is considered more secure than PPTP. Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. L2TP also supports multiple protocols but as compared to PPTP, uses strong encryption algorithms.

Server Operating Systems usually include support for setting up VPN connections.

VPN Client

When you want to connect to a VPN, you need to set up a VPN connection on the client computer. You can either use the VPN client software built-in with the operating system or use 3rd party VPN software.

Some client operating systems include support for setting up the computer as VPN Servers typically for Home or Small Office Solutions that is affordable. Lab: Setup VPN on Client Operating System (Accepting incoming VPN Connection)

IPv6

Internet Protocol version 6 (IPv6) is the latest revision of the Internet Protocol (IP), intended to replace IPv4. IPv6 was developed by IETF to address the IPv4 issue of address exhaustion. IPv6 uses a 128-bit address, allowing for 2¹, or approximately 3.4×100 addresses, or more than 7.9×10 times more than IPv4.

IPv6 addresses consist of eight groups of four hexadecimal digits separated by colons, for example: 2001:0db8:85a3:0042: 1000:8a2e:0370:7334.

Majority of the Operating systems support both IPv4 and IPv6, though use of IPv4 is popular.

IPv4 to IPv6 Tunneling

In situations when you want to connect IPv4 networks using IPv6, IPv6 packets can be encapsulated in IPv4 packets, a process referred to as IPv4 to IPv6 Tunneling.

This is useful in situations when routers between the networks do not understre IPv6.

Stateless address auto-configuration (SLAAC) One major advantage of IPv6 is the ability to configure itself on an IPv6 network though IPv6 can be assigned manually by the administrator.

NETSH

NETSH is a command line utility that is used for viewing and modifying network configurations of a local or remote computer.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.