Confused with different type of VPN's

[chrt30]

Hi all

Started doing a project on VPN's but im getting a little bit confused with information I read from different sources so far.

From my understanding there is Site-to-Site VPNs and Remote Access VPNs. Site-to-Site VPNs are configured on routers also called Router-to-Router VPN. Its normally used in companies to connect their different offices to eachother worldwide and uses IPsec and Macsec protocols on the network layer for encryption.

Remote Access VPNs is from my understanding the best solution for mobile users to gain access to company ressources and is normally used with IPsec and installed software on client and host.

There is also Remote Access SSL VPNs with no need to install any software on the client side since the VPN connection is established through the webbrowser with SSL.

And here is what got me confused, I found this whitepaper from Juniper Networks

http://www.juniper.net/us/en/local/pdf/whitepapers/2000232-en.pdf

They talk about application layer VPN and network layer VPNs, and what is best to use in different situations. Is SSL VPNs strictly used in the webbrowser and not by any use of software and can't filed be accessed on a network with a SSL VPN, only webapplications ?

What type of VPN is a software VPN such a ExpressVPN, application layer or network layer since it can use both SSL and IPsec ? And is it considered a SSL VPN or a IPsec VPN ?

Thank you for your help

 

[maitrex]

hey
Why dont you do a research on why do people wana create a vpn themselves http://www.tomshardware.com/answers/id-3382462/modem-cellular-vpn-gateway-gateway.html

 

[chrt30]

hey
Why dont you do a research on why do people wana create a vpn themselves http://www.tomshardware.com/answers/id-3382462/modem-cellular-vpn-gateway-gateway.html

Hi Maitrex, I can't since the project is not scoped that way

 

[boosted1g]

We do not do people's homework here.

Now you are not asking for a copy and paste solution, just some clarifiication so I can guide you towards what you are asking.

First and foremost you should be familiar with the 7 layer OSI model and 4 layer TCP/IP model, if not then learn it.

It seems like you are getting confused because the two examples of SSL VPNs are completley different.

You can setup OpenVPN, which uses SSL as its encryption,to run at the same layer as IPSec or PPTP. My connection with PIA vpn is OpenVPN. You can configure a router or a PC as a client for this connection type.

Then there is SSL in the browser, just like how you create an encrypted tunnel with your bank or gmail.

 

[chrt30]

We do not do people's homework here.

Now you are not asking for a copy and paste solution, just some clarifiication so I can guide you towards what you are asking.

First and foremost you should be familiar with the 7 layer OSI model and 4 layer TCP/IP model, if not then learn it.

It seems like you are getting confused because the two examples of SSL VPNs are completley different.

You can setup OpenVPN, which uses SSL as its encryption,to run at the same layer as IPSec or PPTP. My connection with PIA vpn is OpenVPN. You can configure a router or a PC as a client for this connection type.

Then there is SSL in the browser, just like how you create an encrypted tunnel with your bank or gmail.

Hi boosted1g, thank you for your answer

Im in no way trying to get you to do my homework, it is only a clarification as you said. I am familiar with the TCP/IP model and OSI model, less with the OSI though. What would you clarify ExpressVPN (I am familar with this software that is why i use it as an example) as since it uses OpenVPN as the standard protocol but can also use L2TP/IPsec and others, is that a SSL VPN or IPsec VPN ?

SSL encryption in the browser i fully understand, but it is the term SSL VPN that I need to understand, and when something is an SSL VPN and a IPsec VPN.

 

[boosted1g]

It is an SSL VPN when it uses SSL and IPSec when it uses IPSec protocal.
PIA can use OpenVPN, IPSec and also believe PPtP (least secure), wouldnt really classify it by its connection protocal, just clasify it as a network layer VPN
I am frankly amazed that any homework question would care about this sort of classificaiton vs being concerned about what layer it falls under.

 

[chrt30]

It is an SSL VPN when it uses SSL and IPSec when it uses IPSec protocal.
PIA can use OpenVPN, IPSec and also believe PPtP (least secure), wouldnt really classify it by its connection protocal, just clasify it as a network layer VPN
I am frankly amazed that any homework question would care about this sort of classificaiton vs being concerned about what layer it falls under.

Thank you for your quick reply

It is for my own knowledge, there are no homework related questions to the clarification. I choose to do a project that has a small part of VPN in it and I have to know the different terms for me to make a qualified decision on what type of VPN I want to use for my virtual company, there are no specific questions for me to answer.

So for my understanding a SSL VPN could be a webbrowser using SSL connecting to a company network giving employees access to webapplications like their mail and this type of SSL VPN works on the application layer and Session layer, which makes it a Application layer VPN ?

While PIA which I know nothing about but what you told me, could be classified both as a IPsec VPN and also a SSL VPN since it can use both protocols but it is a Network layer VPN since it works on that layer ?

 

[bill001g]

I would not get too deep into the nit picky terms. SSL VPN does not use a browser. It can run on a router if you want. It is called SSL vpn because it uses the ssl to form the vpn. This just happens to be the same as https. Now if you really want to be confused the most common so called SSLVPN is openvpn BUT it actually does not use SSL it just runs on the same ports as SSL. This is how it can be detected as determined to not be HTTPS traffic by say the Chinese government.

The closest to a actual application vpn would be the VPN built into the opera browser. That vpn only works with that browser unlike most other things called vpn that accept traffic from any programs.

 

[chrt30]

I would not get too deep into the nit picky terms. SSL VPN does not use a browser. It can run on a router if you want. It is called SSL vpn because it uses the ssl to form the vpn. This just happens to be the same as https. Now if you really want to be confused the most common so called SSLVPN is openvpn BUT it actually does not use SSL it just runs on the same ports as SSL. This is how it can be detected as determined to not be HTTPS traffic by say the Chinese government.

The closest to a actual application vpn would be the VPN built into the opera browser. That vpn only works with that browser unlike most other things called vpn that accept traffic from any programs.

Hi bill001g thank you

Seems like im getting more confused. In this Techtarget article it talks about the differences between SSL VPN and SSL VPN. This quote is from Techtarget

http://searchsecurity.techtarget.com/feature/Tunnel-vision-Choosing-a-VPN-SSL-VPN-vs-IPSec-VPN

In choosing an SSL VPN over IPSec, Torre wanted to avoid the overhead of installing client software and to leverage one of SSL's strengths--access to specific applications, rather than entire subnets.

In this whitepaper from Juniper Networks it mentions SSL VPNS as a application layer VPN, and it says there is no need for aditional software other than the webbrowser which makes me confused.

http://www.juniper.net/us/en/local/pdf/whitepapers/2000232-en.pdf

SSL VPNs use a different methodology to transport private data across the public Internet. Instead of relying upon
the end user to have a configured client on a company laptop, SSL VPNs use HTTPS which is available in all standard
Web browsers as a secure transport mechanism, with no need for additional software. With an SSL VPN, the
connection between the mobile user and the internal resource happens via a Web connection at the application layer,
as opposed to IPsec VPNs’ open “tunnel” at the network layer.

And in this Techtarget article also:

http://searchsecurity.techtarget.com/definition/SSL-VPN

An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections.

 

[boosted1g]

Your articles are confusing because they are using the wrong label, basing it off of the protocol and not the OSI layer. The first article says IPSec vs SSL but in reality what they are comparing is a network layer type VPN (which could be IPSec, PPtP, OpenVPN (on SSL port) or other protocals), vs a session layer VPN like SSL/TLS like in https.

With a network layer VPN you have to configure a bunch of settings in each client PC, train the user how to connect to the VPN, how to disconnect from that VPN, etc.
With a session layer, even more so if you have certificates and trust authorities, then there is nothing to require custom configuration or special training on the client end to make the connection. The user simply goes to the URL, inputs their credentials using whatever authentication method(s) the company uses and then uses the web applications.

 

[chrt30]

Your articles are confusing because they are using the wrong label, basing it off of the protocol and not the OSI layer. The first article says IPSec vs SSL but in reality what they are comparing is a network layer type VPN (which could be IPSec, PPtP, OpenVPN (on SSL port) or other protocals), vs a session layer VPN like SSL/TLS like in https.

With a network layer VPN you have to configure a bunch of settings in each client PC, train the user how to connect to the VPN, how to disconnect from that VPN, etc.
With a session layer, even more so if you have certificates and trust authorities, then there is nothing to require custom configuration or special training on the client end to make the connection. The user simply goes to the URL, inputs their credentials using whatever authentication method(s) the company uses and then uses the web applications.

Thanks boosted1g for trying to explain it.

Is it correct that almost all downloadable Remote Access software VPNs for private use are network layer VPNs then ? (involves configuration to some degree, download software, adjust which protocol you want to use and which server you want to connect to)

And sessions layer (SSL/TLS) VPNs are primarily used in the browser, for a employee to access company webapplications, like their mail etc. ? Which requires no configuration on the client side if used with certificates which SSL always does.

 

[bill001g]

You also have to be careful when you talk SSLVPN. The vast majority of what your end consumer talks about is not what you are talking about.

Almost all things your average person talks about when they say vpn requires a client to be installed. Now when you look at enterprise level companies that can pay a huge amount of money for a vpn solution you can get other stuff. Things like juniper and cisco appliance systems dynamical download clients. Most are activex based but some are java based. I forget but there are some things that do not work and you must install a actual client. Most work fine though so I forget the few that don't

Still this form of vpn is not commonly seen outside of very large enterprise.

 

[chrt30]

You also have to be careful when you talk SSLVPN. The vast majority of what your end consumer talks about is not what you are talking about.

Almost all things your average person talks about when they say vpn requires a client to be installed. Now when you look at enterprise level companies that can pay a huge amount of money for a vpn solution you can get other stuff. Things like juniper and cisco appliance systems dynamical download clients. Most are activex based but some are java based. I forget but there are some things that do not work and you must install a actual client. Most work fine though so I forget the few that don't

Still this form of vpn is not commonly seen outside of very large enterprise.

So I should see SSL VPNs the same way I think of IPsec VPNs which requires client and host software to be installed and configured for it to work ?

If so then I can't see why the SSL VPN would be eaiser for the employee to use since both requires configuration of client software, and not running VPN through the webbrowser.

 

[bill001g]

This is why the big manufactures can charge a fortune for those self installing sslvpn. They charge for the appliance as well as a yearly fee per client you run.

That is why things like opera is popular. If you only need web browser protected via vpn it is easy. When you need thinks like microsoft shares or other things then you need some kinda of client it only matters if it was manually installed or if it uses some special activex installer.

 

[chrt30]

This is why the big manufactures can charge a fortune for those self installing sslvpn. They charge for the appliance as well as a yearly fee per client you run.

That is why things like opera is popular. If you only need web browser protected via vpn it is easy. When you need thinks like microsoft shares or other things then you need some kinda of client it only matters if it was manually installed or if it uses some special activex installer.

True, its nice and easier for the employee, but the confusing thing is when the articles mentions SSL VPNs they mention it with the use of a webbrowser and not addationel software and thats why im gonna just see it as that.