What is a VPN and why would I wa

What is a VPN and why would I want one?

A VPN (Virtual Private Network) is a method that uses the open, distributed infrastructure of the Internet to transmit data between sites. A VPN supports at least three different modes of use:

Remote access client connections
Controlled access within an intranet
LAN-to-LAN internetworking

I will be discussing the first two uses of a VPN in this article. First of all it is important to understand that VPN's by themselves do not provide an internet connection from the source to the destination. You must already have a connection to the internet through an ISP (Internet Service Provider) whether you are using Dial-Up, Cable Modem, Wireless, DSL, or LAN. What VPN's do provide is a means of encrypting data and "tunneling" through the existing internet connection to make it appear you are directly connected to a subnet on the VPN server's network and your username and password is authenticated so you have access to all of your authorized network resources. The technology behind the VPN client we have implemented now is based on the PPTP (Point to Point Tunneling Protocol) network protocol on a Microsoft Windows 2000 server. A newer and more secure network protocol called L2TP (Layer Two Tunneling Protocol) can also be used if we find it necessary in the future. These protocols make use of authentication and encryption to make VPN more secure. Authentication allows the server to establish the identity of the person using the VPN and encryption hides sensitive data from the internet at large.

Remote access client connections

Using a VPN means you will be able to connect to your shares, telnet to restricted servers, map network drives, use your remote Outlook client to get Exchange e-mail, or any other network resource you would normally have access to. Keep in mind however that if you are going through a Dial-Up connection applications that require a lot of bandwidth such as the Banner client will work very slow. VPN's are ideal for employees that want to telecommute or travel and need to stay "connected" to the campus network.

Controlled access within an intranet

In order to better secure some servers that have sensitive data it has become necessary to restrict access to these servers to a specific subnet or range of IP's. A VPN will allow people from outside that range to be able to connect and manage those servers through an encrypted and secure authenticated remote location within the intranet.

Which ports do you need to open on a firewall to allow PPTP and L2TP over IPsec VPN tunnels?

To enable VPN tunnels between individual host computers or entire networks that have a firewall between them, you must open the following
ports:

PPTP
- To allow PPTP tunnel maintenance traffic, open TCP 1723.
- To allow PPTP tunneled data to pass through router, open Protocol ID 47.
L2TP over IPSec
- To allow Internet Key Exchange (IKE), open UDP 500.
- To allow IPsec Network Address Translation (NAT-T) open UDP 5500.
- To allow L2TP traffic, open UDP 1701.

Installing the VPN Client on Windows

If you think this is something you want to use I have some instructions on the web to help you install the VPN client on Windows 9.X and Windows XP. Windows 2000 is very similar and you should be able to use the Windows XP instructions to install the VPN client. The link can be found at http://www2.montana.edu/desktop/vpn.htm.

Installing the VPN Client on Macintosh OS 10.3 or newer

http://www2.montana.edu/desktop/macvpn.htm

Dan Marsh
ITC Support Services Supervisor
dmarsh@montana.edu