|
The main reasons to use VPN based data transfers are the ability to encrypt all your
data and the simplicity to route many data streams of any kind (ie. UDP/TCP) through
a few streams (in the case of OpenVPN there is only one TCP stream) - Figure 1.
Nowadays there are a lot of VPN solutions on the market. The main difference between
these solutions is their implementation - a VPN package could be built directly into the
operating system (like IPsec) or it could be implemented as an application, for which
you need no special support in the OS (ie. PPTP or OpenVPN). And that’s a big
advantage for a software based VPN, so it is easily ported to another platform. That’s
the reason, that there are so many operating systems supported under OpenVPN - like:
Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and
Solaris.
But OpenVPN has another advantage - it uses only one stream and only one protocol to
its destination. For example: PPTP is using one TCP stream for the data and another
stream for authentication purposes - which is handled through the GRE protocol.
If you are a network administrator you’ll see how easy it will be to route an incoming
OpenVPN connection to the desired destination in your inner network. In Figure 1 you
see an example of a complex connection from a driver client to its destinated NetCom.
If you want to route all the network traffic, which is needed to fully support a NetCom
four port device, you have to route two TCP ports (control/data) for each serial port,
two TCP ports for the configuration (telnet/web) and one UDP port for the external
configuration from a snmp client (ie. NetCom Manager). If you add these numbers
together, you will come to a sum of 11 streams which you have to route - on a 16 port
device you’ll have to route 35 streams through your network!
So if you want to use such a solution, it will be an immense effort to configure this. And
that’s the point where OpenVPN comes into play: If you’ll pack all the needed streams
into one with OpenVPN, your configuration task reduces to minimum.
If we think about the encryption methods which could be used to secure your data, in
these days AES (Advanced Encryption Standard) should be the encryption algorithm
of your choice. It has replaced the formerly used but insecure DES (Data Encryption
Standard). Also OpenVPN is using AES as its main encryption algorithm - not only
because AES is very strong and safe, the other reason is that it is also very fast.
After all we can say, that any network data which is transfered over OpenVPN, is secure
and very easy to handle.
|
|