Do you want to be secure--I mean really secure--when you're on the Internet? If so, then you want a virtual private network.
A VPN creates a secure "tunnel" across the Internet between you and your office, a VPN provider, or your home. Why would you want that? Easy-to-use programs such as Firesheep make it easy for snoops to see what you're writing in your e-mail messages, posting to your Facebook page, or buying online. But with a VPN, you can surf the Web through that virtual tunnel, away from prying eyes, and your Internet traffic is encrypted.
Whether you just want to access Wi-Fi networks on the road without potentially exposing your activities to nosy strangers, or whether you need to enable a team of remote employees to handle business securely on the Internet, you can find a VPN to fit your needs. This guide will walk you through VPN essentials for beginners and power users.
VPN for Beginners
The easiest and least costly way to get a VPN service is to obtain one from your company, school, or organization. Not on the road often? Check with your IT department to see if they offer a VPN to all users. If they do, life is good: Just install the corporate VPN software, set it up, and you're ready to go. The next time you turn on your PC, fire up the VPN application before you start surfing the Web.
What if your IT department doesn't have a VPN--or what if you don't have an IT department? You're not out of luck. Lately, numerous VPN providers, including Banana VPN, Black Logic, LogMeIn Hamachi, and StrongVPN, have started offering their services for a fee, generally from $15 to $20 a month. To learn more, take a look at a comparison of three personal VPN services.
How do you go about picking one? If a service has an online forum, check what their customers have posted. Call or e-mail to see if real people answer. Generally speaking, bigger is better. If they're a tiny company, that may be fine for you as an individual, but they probably can't give you the support a small company needs.
Is the privacy factor alone worth the effort? Yes, but VPNs offer other advantages as well. For example, if you're in Canada, ordinarily you can't watch a U.S. TV show on Hulu. But you can access the show if you use a VPN to obtain a U.S. IP (Internet Protocol) address.
Some VPN providers offer another benefit: anonymous Web browsing, which allows you to roam the Internet without being tracked. If your ISP blocks some applications, such as Skype or other VoIP (Voice over Internet Protocol) applications, you can use a VPN to get around the restrictions.
These VPN services may sound exactly like what you need. Beware, however: Not all services are created equal. If a service doesn't have enough VPN servers--technically, VPN concentrators--to support the number of customers, you may experience poor Internet speeds or be unable to make a connection at all.
So, before subscribing to a VPN service, look into what its customers say about it. Better still, if the company offers a free test period, take advantage of it before paying money for a service that may not meet your needs.
VPN Fundamentals for the Power User
Do you want to lock down your Internet connection when you’re on the road? If so, the best approach is, of course, to use a VPN. You’re set if you work for a company that can provide you with a VPN. But if you run your own small business or home office, you also have options.
You can find several, inexpensive ways to get a VPN of your own. Besides paying $15 to $20 a month to a VPN subscription service, you might be able to install a VPN server into your router using open-source, alternative router firmware such as DD-WRT and OpenWRT. This firmware will allow you to use many, but not all, Wi-Fi routers and access points as VPN endpoints.
VPN on Your Router
Before flashing your Wi-Fi hardware with any alternative firmware, make sure that it's supported. The last thing you want to do is to "brick" your wireless device--rendering it useless--just to set up a small VPN. Be sure to consult the DD-WRT supported-device list or the OpenWRT supported-device list. As these lists are all works in progress, check back often if you buy a brand-new router or access point.
If you'd rather not take your hardware's life into your own hands, some routers, such as Buffalo Technology's WZR-HP-G300NH AirStation Nfiniti Wireless-N High Power Router, come with DD-WRT already installed.
VPN Server Software
Some desktop operating systems, including Windows (from XP to Windows 7) and Mac OS X, include VPN server software. Granted, these are very simple VPNs, but they may be all you need. Of course, the Windows Server family comes with more-sophisticated VPN setups. If you're running all Windows 7 clients and Windows Server 2008 R2, you may also want to consider using DirectAccess, an advanced IPSec VPN that runs over IPv6 on ordinary IPv4-based LANs and the Internet.
If you don't choose to use DirectAccess but opt for Microsoft's older VPN technologies, Windows Server 2008 R2 has a helpful new feature: VPN Reconnect. Just as the name suggests, it will try to connect VPN sessions automatically if they're interrupted by a break in Internet connectivity. This function can be handy for users with spotty Wi-Fi connectivity, since they won't need to manually reconnect with the VPN after they reestablish a network connection.
Another way to add a VPN to your small network is to install VPN server software yourself. The best known of these is OpenVPN, which is open-source. It's available in versions for almost all popular desktop operating systems, including Linux, Mac OS X, and Windows.
If setting up native OpenVPN sounds a little too technical for you or your staff, you can run it as a VMware or Windows Virtual Hard Disk OpenVPN virtual appliance. With this arrangement, you'll have a basic VPN up and running in minutes.
But OpenVPN is far from the only VPN software out there. Other programs worth considering are NeoRouter and Tinc. If you want more than just VPN services and do-it-all network-services software packages, I highly recommend the open-source Vyatta, Core 6.1. Vyatta includes OpenVPN.
VPN Appliances
If you plan on having more than a dozen or so users on the VPN at one time, though, you'll want to use an inexpensive VPN hardware appliance such as the Juniper Networks SA700 SSL VPN Appliance, the SonicWall Secure Remote Access Series, or the Vyatta 514.
No matter which VPN you use, you'll need to set your firewall to allow VPN traffic. On many routers and firewalls, this task can be as simple as setting VPN passthrough to allow VPN traffic. Typically, your choices will be PPTP (Point-to-Point Tunneling Protocol), L2TP (Layer Two Tunneling Protocol), or SSL (Secure Sockets Layer). Allow only those VPN protocols that you'll be using--after all, when in doubt with firewalls, it's safer to forbid than to permit.
Check your VPN’s documentation to see which ports you’ll need to open. As for SSL VPNs, they typically use port 443, the usual port for SSL-protected Web servers, so that port should already be open.
Naturally, no matter what VPN you're running and regardless of your network setup, a VPN in a small business is likely to limit its users’ speeds. For example, in my own home office, my Charter cable Internet connection gives me a 25-megabits-per-second downlink and a 3-mbps uplink. This means that no matter how fast my remote network connection is when I connect to my OpenVPN server, my maximum throughput will be limited to 3 mbps.
I've often seen small businesses flummoxed by slow VPN connections. That usually happens because neither the users nor the in-house IT staffers (often one and the same) realize that the math of Internet connections means that the slowest link along the VPN route will determine the VPN's top speed. If you want a really fast VPN, you'll need to bite the bullet and get a high-end Internet connection from your ISP.