5.2 Virtual Private Networks

Imagine you are out of the office and need to access a printer or file server on the office network. Unless you dial in to the company's server, it isn't possible for you to access the network resources in the office. Even if you can overlook the slow speed in using a dial-up line, it is not a cheap alternative, especially if you are overseas.

A Virtual Private Network (VPN) allows you to establish a secure, encrypted connection to the office's network, all through a public network such as the Internet. Using a VPN, you can work as though you are connected to your company's network?even if you're out of the office. There are two main types of VPNs:


User-to-Network

This type allows a client to use a VPN to connect to a secure network, such as a corporate intranet. Your Mac communicates with the network as if it were present at that site or on the same network segment.


Network-to-Network

This type connects two networks via a VPN connection. This method effectively combines two disparate networks into one, eliminating the need for a Wide Area Network (WAN). It also reduces the need for the user to do anything to securely access the other network. It's often transparent, and acts as an encrypted bridge between two networks.

5.2.1 Tunneling

Tunneling is the process of encapsulating packets within other packets to protect their integrity and privacy during transit. A tunnel performs such tasks as encryption, authentication, packet forwarding, and masking of IP private addresses. Figure 5-1 shows a tunnel established between two computers through the Internet. Think of a tunnel as a private link between the two computers: whatever one sends is only visible to the other, even though it is sent through a public network like the Internet.

Figure 5-1. A tunnel established between two computers in a VPN
figs/xuw_0501.gif

The following section discusses some tunneling protocols available for VPNs.

5.2.2 Accessing a VPN Server

In this section, we will show you how you can connect your Mac securely to your corporate VPN server.

  1. Double-click the Internet Connect application located in the /Applications folder.

  2. Select File New VPN Connection, or click on the VPN icon (see Figure 5-2).

Figure 5-2. Locating the VPN icon in Internet Connect
figs/xuw_0502.gif
  1. Select the kind of VPN connection supported by your host (as shown in Figure 5-3) and click Continue.

Figure 5-3. Selecting the type of VPN connection supported by your company
figs/xuw_0503.gif
  1. Enter the server address (check with your administrator for the VPN server address), as well as the account name and password that you use to log on to the VPN server. Enable the "Show VPN status in menu bar" checkbox to display the VPN icon in the menu bar (see Figure 5-4; the icon is located on the left side of the menu bar). Click Connect to connect to the VPN server.

Figure 5-4. Supplying the login information for the VPN server
figs/xuw_0504.gif
  1. To configure multiple VPN connections, go to File New VPN Connection . . . .

  2. You can find the newly created VPN connections in System Preferences Network (see Figure 5-5).

Figure 5-5. The VPN connections as listed in System Preferences
figs/xuw_0505.gif

If your company or institution requires the use of a proxy server for Internet access, you'll need to configure your Mac for it, since all Internet traffic will go through the VPN while you are connected (if the remote network does not allow direct connections to the Internet, the only way out is through the proxy). To configure a proxy server, double-click on the VPN connection shown in Figure 5-5, and select the Proxies tab to configure that connection's Proxy server settings.