First of all, if you are asking the question, “What is a VPN?”, chances are, you are a beginner, novice, or enthusiast –not an experienced network “techy.” I’ve seen hundreds of publications where the author carelessly forgets who their audience is. They dive straight into “tech talk,” leaving their audience more confused than when they arrived. My objective is cover the basics in a digestible fashion. I hope my efforts serve you well.
If you already know what a VPN is and just need a little help getting started, have a look at the tutorial on how to download, install, and setup OpenVPN with Tomato.
What is a VPN?
A VPN is a “virtual private network” that operates using a secure “tunnel” from one network to another network. This is also known as a Site-to-Site VPN. This “tunnel” makes it possible for you to browse your network, access computers, and work with files from anywhere in the World –just as if you were physically located in that building. Pretty cool, huh? However, that is just one way people use it.
A VPN also allows you to “spoof” your public IP address. In fact, many people use a private VPN as a proxy to make it appear as if they are in one country, while they are actually in another. Generally, those types of VPN’s require a 3rd party monthly service fees. That’s not what we’re doing here, although the logic is the same. We’ll continue on the premise of a VPN tunnel that will allow us to connect to our home network from anywhere.
How does a VPN work?
VPN tunneling utilizes the Internet infrastructure itself. And since the Internet is nearly everywhere these days, connecting one site location to another site location (Site-to-Site), simply requires that both locations have access to the Internet.
A VPN operates on the client/server architecture. One peer is designated as the VPN server, the other as the VPN client. In the image above, the VPN server is our Tomato router, and the VPN client is a laptop computer. The client can be anything; a tablet, smart phone, etc.
Let’s suppose that you are at work but you forgot an important project file on your home computer. Fire up your VPN client application, browse your ‘Network’ folder, and voila! You’ll enjoy access to all of your files, folders, and computers, just as if you were at home.
Another example where you might employ a VPN is to cut expenses. For example, say you have a business with five store locations. It could become very expensive to setup data storage and maintenance for all five stores. With a VPN network, you only need to maintain your data at one store location. The four remaining stores can use the VPN network to connect to the primary location.
Is a VPN Secure?
That’s a great question. And I’ll elaborate more about VPN security as we move forward. In the meantime, say you are traveling but you need to access the Internet to check email, make a purchase, etc. The moment you connect to a public WiFi hotspot, you are putting yourself at risk. You don’t know who else is connected to that network, or what their intentions are. The moment you initialize your VPN connection, you can route your browsing activity through the VPN (which is a secure, encrypted tunnel). In short, whatever you do online remains private and secure. Just by using your VPN, you greatly decrease your vulnerability.
What are the different types of VPN’s?
In a nutshell, there are basically 4 types of VPN tunnel protocols.
We’ll be working with SSL (Secure Socket Layer) which is based on a free, open-source solution known as OpenVPN. OpenVPN provides the best security and overall performance. It’s also used by millions of IT professionals around the globe.
What is required to setup a VPN?
Historically, a VPN required expensive hardware and software. These days, open-source solutions like OpenVPN make things much easier and less expensive to implement. OpenVPN has been integrated into the routing firmware of many open-source firmware projects such as OpenWRT, DD-WRT and of course, Tomato. When paired with a router powered by Tomato firmware, OpenVPN offers the ultimate zero-cost VPN solution.
With OpenVPN, you have two options:
- Static Key Authentication
- TLS (Transport Layer Security)
The static method works great if you want to keep things simple. The TLS method requires a little more management on your part, but provides the flexibility of multi-user access.
A Static Key VPN connection uses one identical pre-shared key which is shared between the VPN server and the VPN client. A Static Key is ideal if you only need to provide access to one device. Since there is only one key, it can only be utilized by one client at any given time.
TLS uses SSL (Secure Socket Layer) certificates and keys. This method renews the keys and authenticates each peer using certificates. This method allows multiple clients to connect to the VPN server simultaneously. Although it is slightly more difficult to setup, this is the most secure method for VPN tunneling.
What are the limitations of a VPN?
VPN’s are subject to a few things you should be aware of; mainly, performance and security. Performance can be affected by various things such as hardware, upload speed and encryption type. Therefore, you’ll want:
- Minimum of 128-bit encryption
- Upload speed of at least 3Mbps
- A quality router with at least 128MB RAM and 32MB Flash Memory
Yes, technically you can use a router with less RAM and less flash memory, but if you’re using it as a VPN server, it’s not a good idea. Why? Because VPN connections create some complex routing and bridging functions that require a little more horsepower from your router’s hardware.
ISP’s like to boast about their download speeds. But with a VPN, upload capacity is more important. Why? Because most Internet service is asymmetrical (not equal). That basically means that your upload speed is much slower than your download speed. And so, when you are downloading with the VPN client, the VPN Server (Tomato router) is uploading data remotely to your client computer over a WAN Internet connection. Therefore, the speed at which you can access data from a client device, is largely dependent upon the upload speed at the servers location.
Also, more security, means more strain on your Tomato VPN Server. I won’t go on a tangent here, but basically 128-bit is very strong security. If you are paranoid, use 256-bit. Just be aware that it requires more CPU resources to decipher the encryption. If you’re looking for a good, secure connection with acceptable performance, 128-bit is more than sufficient. No one has ever cracked the ciphertext of AES 128-bit encryption. Heck, I don’t know anyone who has lived to be 100 Billion years old. And that’s about how long it would take to crack it.
Regardless of the scenario, security is always a concern when connecting to your VPN via public networks such as a coffee shops and hotels. Regardless of what you hear, it’s never a good idea to let your guard down by disabling the Windows Firewall. With Windows PC’s, there are times when a Windows client will not connect unless you’ve made exceptions for the VPN to pass through the Firewall. This is done in your firewall settings. If you need to enable or disable the firewall temporarily for troubleshooting purposes, here’s how you do it:
In Windows 7, navigate to:
Control panel > System and Security > Windows Firewall
Click ‘Allow a program through Windows Firewall’
Never let your guard down by permanently disabling your firewall. You will find posts and comments online suggesting that this is okay, but please, never completely disable your firewall.
The firewall in your router protects your LAN. But what if a virus makes it’s way into your LAN? It can affect every machine on your network. So, your computers firewall is can help from spreading the virus from one machine to another.