Introduction
VPN technology builds a virtual private network without any change in the network topology. Compared with leased lines, VPN is a more cost-effective solution to build a private network.
The SecoClient that supports this version has no longer evolved and cannot be downloaded from the Huawei Support website. The downloaded SecoClient can still be used. SecoClient configuration examples and common configuration problems are retained in the document. When users need to use the SSL VPN function through client access, see : VPN Client Download Description.
Background
Without VPN, data transmission on the Internet, which is a shared physical infrastructure, is insecure.
As shown in Figure 1, the headquarters and branch reside in different areas (countries or cities). Employees at the branch access servers at the headquarters over the Internet. The data transmitted over the Internet can be easily monitored or tampered with by a hacker.
A dedicated physical line between the headquarters and the branch can prevent information leaks, but the cost is high.
A cost-effective way to provide privacy is to use VPN. VPNs encapsulate and encrypt data to ensure that the data cannot be monitored or tampered with. Building VPNs does not change the existing network topology or incur additional costs.
Definition
The VPN technology allows users to create virtual private networks over the public network. A VPN is a secure logical network created from a physical network.
- Private: A VPN is a dedicated network for internal VPN users and protects data from external threats. VPN is independent from its bearer network (generally an IP network) to prevent unauthorized access.
- Virtual: VPN users communicate over a public network (also called a VPN backbone) that can be shared by non-VPN users.
Encapsulation Mechanism
VPN uses tunneling technologies to establish private tunnels on a VPN backbone to secure data transmission.
Tunneling technologies use one protocol to encapsulate the packets of another protocol, and can be encapsulated by another protocol, too. A tunnel is a logical link and has the same benefits as a private physical link.
If a VPN tunnel is established on the network shown in Figure 1, data transmission is shown in Figure 2. When an employee at the branch accesses the server at the headquarters, the transmission process is as follows:
- After an employee sends packets to Gateway 1, Gateway 1 identifies that the employee is a VPN user and initiates a tunnel connection to Gateway 2 at the headquarters. A VPN tunnel is established between Gateway 1 and Gateway 2.
- Gateway 1 encapsulates packets and tunnels the packets to Gateway 2.
- Gateway 2 decapsulates the received packets and sends the decrypted packets to the server.
VPN gateways can encrypt the packets during the encapsulation so that unauthorized users on the Internet cannot monitor or tamper with data in the packets.
Advantages
Compared with traditional private networks, VPNs have the following advantages:
Secure: Secure connections are established between the headquarters and teleworkers, branches, partners, or suppliers to ensure confidentiality. This is particularly important for e-commerce and the integration of financial networks and communications networks.
Low-cost: VPN uses the shared public network, saving the cost of leasing private lines.
Support for mobile services: VPN users can access the headquarters anytime and anywhere.
- Scalable: VPNs are logical networks and are not affected by the adding or change of physical network nodes.
In conclusion, VPNs are secure, reliable, easy to management, and highly scalable and flexible.