Virtual Private Network

Abstract -This research is on the implementation of Virtual Private Network (VPN). Owing to the demand at the present time to connect to internal networks from distant locations, the significant of establishing safe links across the network became paramount. Workers frequently require connecting to internal private networks over the Internet which is by nature insecure; accordingly, security becomes a chief thought. Virtual Private Network (VPN) technology provides a way of protecting information being transmitted over the Internet, by allowing users to set up a virtual private to securely enter an internal network, accessing resources, data and communications via an insecure network such as the Internet. This involves a combination of some or all of these features namely: encryption, encapsulation, authorization, authentication, accounting, and spoofing.

VPN (Virtual Private Network) is a technology to connect two or more local networks of different locations across the public network (the Internet) is encrypted. Therefore many SP (Service Provider) to provide VPN services to meet the needs of its customers, to connect the local network from the center with branches in some areas while in the SP range, so customers do not need to build an independent infrastructure to connect centers with a branch network, simply by subscribing to a VPN service on the selected SP. VPN technology continues to evolve to provide benefits to the SP and the customer. The technology that is now being implemented by the SP is Layer 3 MPLS VPN, the VPN service delivery across MPLS networks owned by SP. Layer 3 MPLS VPN SP makes it easy to develop its network, because if the customer increases, configuration and setup is done on the physical connection between the customer's enterprise network with the device in front of him and will not affect other customers. Then, when viewed from a business standpoint SP, Layer 3 MPLS VPN technology also provides an advantage because SP is possible to make every customers different virtual paths, and can serve a lot of customers in virtually all PE routers (Provider Edge), so no need to buy a router to PE serve one customer. Virtual Services was created by Cisco as the Multi-VRF (Virtual Routing Forwarding) is a service or feature on a Cisco router to make a VPN routing in

The authentication logs on a network can provide a trove of information for discovering potential anomalies in login attempts. Using such logs collected by a production Vir- tual Private Network device over a period of 15 months, we generate a diurnal model of network accesses. These models are used to detect anomalous authentications, which merit further investigation by a security analyst. We intend that this work will dramatically reduce the amount time spent by analysts identifying anomalous events and allow them to focus on in-depth analysis of these anomalies. Our work makes two contributions: a novel approach of mining au- thentication data, and the use of geographic distance as a metric to evaluate Virtual Private Network connections. We demonstrate the success of our model using real-world case analysis.

The CAD models will be exchanged and integrated at Naka for JT-60SA, a common computer network efficiently connected between Naka site and the Garching site is needed to be established. Virtual Private Network (VPN) was introduced with LAN on computer network physically-separated from JAEA intranet area and firewall. In July 2009, a new VPN connection between the Naka and Garching sites has been successfully demonstrated using IPSec-VPN

The expansion of communication systems is the undeniable advantage of the most contemporary digital technologies. However, when a specialist user such as an inventor or an idea owner communicates through a communication system, their intellects are exposed to theft. Upon the analysis of the requirements of such users, it became evident that in order to implement a global, reliable, yet secure system for specialist users, designing a network architecture that provides centralized private connectivity is crucial. This paper proposes a network architecture that provides centralized private connectivity and accommodates the requirements of the network infrastructure of such a system. The proposed virtual private network (VPN) architecture is designed to provide a trusted environment with centralized control and distributed networking, which is different from existing VPN models. It is entitled as Inventor-Investor Network (IINet) and the name is derived from its significant benefits for inventor and investor sets of users. The real experimental IINet prototype is implemented using OpenVPN. For the purpose of evaluation, round trip time (RTT) is measured and reported as the performance metric based on the different encryption ciphers and digest ciphers as the network metrics.

Virtual Private Network (VPN) is a technology that provides secure communication for data as it transits through insecure regions of information technology infrastructure. With prolific development of the Internet, businesses nowadays implement VPN tunnels using different protocols that guarantee data authenticity and security between multiple sites connected using public telecommunication infrastructure. VPN provides a low-cost alternative to leasing a line to establish communication between sites. In this research we empirically evaluate performance difference between three commonly used VPN protocols, namely Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP) and Secure Socket Layer (SSL). We compare performance differences in these protocols by implementing each using different algorithms in a Windows Server 2003 environment. Results obtained indicate that throughput in a VPN tunnel can range from approximately 40 to 90Mbps depending on the choice of protocol, algorithm and window size. These three attributes also govern CPU utilization of VPN servers.

In 2007 Muhammad Aamir1, Mustafa Zaidi and HusnainMansoor [3],presented the concept of Performance Analysis of Diff Serve based Quality of Service in a Multimedia Wired Network and VPN effect using OPNET . Thenetwork includes Internet based communication and VPN was configured to allow the access of „Data Server‟ to the external user for Database service. It was observed when the server was accessed internally as well as by the external user, average data rate of Database traffic received by internal network users (bytes/sec) decreased due to external load. In 2009 H. Bourdoucen, A. Al Naamany and A. Al Kalbani [4],presented simulation of wireless LAN for IEEE802.11g protocol has been done, and analyzes impact of integrating Virtual Private Network technology to secure the flow of traffic between the client and the server farm using OPNET WLAN utility has been carried out. Two Wireless LAN scenarios have been considered and the results compared. These are Normal Extension to a wired network and VPN over Extension to a wired network. The results collected from the two scenarios, indicate the impact of performance, mainly Response Time and Load, of Virtual Private Network over wireless LAN.

VPN (Virtual Private Network) is a logical connection that connects two points via the public network. Logical connection can be a layer 2 or layer 3 in the OSI Layer base. Likewise with VPN technology can be classified on the Layer 2 VPN or Layer 3 VPN. In concept, both Layer 2 VPN or Layer 3 VPN is the same, each adding "delivery header" in the data packets towards the destination address. For Layer 2 VPN, delivery is in Layer 2 header. As for the Layer 3, delivery is on the Layer 3 header. ATM and Frame Relay is an example of a Layer 2 VPN. GRE, L2TP, MPLS and IPSec are examples of Layer 3 VPN. Now many kinds of modern services-based VPN IP address of the VPN replaces traditional ATM or Frame Relay offered by the SP [1]. Starting from the "do-it-yourself IPSec-over-internet" that offer MPLS VPNs, pseudo wire (VPWS) to VPLS services. Details of the implementation of these services and the protocol used (MPLS, AToM, L2TPv3, etc.) It must be considered by the designers of the network. It is important to understand the key concepts of the network needed to be made, the interaction between the routers and switches on the network, the impact of what would happen to the company, whether the network is reliable and always available services [2].

Abstract: With the emergence of Internet Protocol (IP) as the networking technology for efficient and cost- effective convergent transmission of voice, data and video services, service providers have been transforming their legacy networks and building new ones. A major concern of most organizations is to interconnect their dispersed sites and remote workers through secure links while using the public Internet. Virtual Private Network (VPN) has evolved as one of the growing technologies that enable organizations to achieve this goal and additional service requirements benefits such as speed, cost-efficiency and scalability. Due to concerns of its efficacy for IP networks, various studies are being conducted for different scenarios and types of VPN applications using different approaches and tools. In this paper, a state-of-the-art network simulator, Riverbed Modeler, which comprises of a wide range of networking technologies and protocols is used to design and simulate a Site-to-Site VPN for a large enterprise. Firstly, an IP network comprising of three widely dispersed sites of the enterprise was designed without VPN. Then the network was configured with Site-to-Site VPN and simulation was carried out. The simulation results revealed some positive effects of VPN on the performance of the network.

But now there’s Nomad Vault! Thanks to a very smart thumb drive, users can enjoy a highly effective solution designed, developed and managed in France. The aim: to create your own 100% secure virtual private network in just a few seconds, that you can access anywhere, any time.

technique MultiProtocol Label Switching (MPLS) and virtual private network (VPN) to internet service provider domain. It reduces IP routing path promoting traffic engineering and guaranteed quality of service to the customer. With the help of autonomous system boundary router (ASBR) the private customer are connected to the service network. In this method the ASBR use MP-eBGP (MultiProtocol –Exterior Border gateway protocol) to exchange the routing information between autonomous system. The Virtual Routing and Forwarding (VRF) maintains the routing information of the neighboring customer sites and delivers the IP packets with unique addressing format . We came up with an idea of designing an upgraded Inter-provider service network (ie) connecting multiple ISP with the private network mechanism which provide global reachability. The simulations that are done in Graphical Network Simulator software (GNS3) are well suited for emulation of the real network environment. The resultant networks are obtained by verification command for check of the end to end connectivity and monitor the traffic flows.

VPN implementation in a network, which was initially configured for fulfilling the demands for mainly voip services.The MPLS network has the important advantage of highest degree of security with better transmission speed which was seeked by many organization all over the world.The network was built in simulator software called GNS3.Intially preliminary configuration are done in all routers with their corresponding ip address with enabling sop protocol in service provider routers to find the shortest path to find the destination routers. Then label distributive protocol (LDP) is enabled with in service provider routers in which routers capable of Multiprotocol Label Switching (MPLS) exchange label mapping information. The Border Gateway Protocol (BGP) is enabled between edge routers and customers to build a virtual private network to enhance voice over ip using MPLS-VPN network. The simulation for this network is verified by using GNS 3 simulator.

A Virtual Private Network (VPN) allows the provisioning of private network services for an organization over a public network such as the Internet. In other words a VPN can transform the characteristics of a public which may be non-secure network into those of a private secure network through using encrypted tunnels. This work customized a standard VPN to a newly one called EEVPN (Effective Extensive VPN). It transmits a small data size in through a web based system in a reasonable time without affecting the security level. The proposed EEVPN is more effective where it takes small data transmission time with achieving high level of security. Also, the proposed EEVPN is more extensive because it is not built for a specific environment.

The VPN connection allows users working at home or on the road to connect in a secure fashion to a remote corporate server using the routing infrastructure provided by public internetworks (such as the Internet). From the user’s perspective, the VPN connection is a point-to-point connection between the user’s computer & a corporate server. The nature of the intermediate internetworks is irrelevant to the user because it appears as if the data is being sent over a dedicated private link. VPN connection also allows a corporation to connect to branch offices or to other companies over a public internetwork (such as the Internet), while maintaining secure communications. The VPN connection across the Internet logically operates as a wide area network (WAN) link between the sites. In both these cases, the secure connection across the internetwork appears to the user as a private network communication— despite the fact that this communication occurs over a public internetwork. Hence, the name - virtual private network.

forwarded to the LAN at its new Internet connection. The home agent accepts the inbound traffic for the LAN and routes it through an IP tunnel (4) using an encapsulation mechanism, with the destination address at the new Internet connection of the mobile router. The outbound traffic of the LAN can be routed normally through the foreign network connection to the Internet (if the foreign network allows this) or through another IP tunnel from the mobile router to the home agent. In brief, to maintain Internet connectivity when the LAN is away from its home network, the network traffic of the LAN is redirected through IP tunnels whose end nodes are the home agent and the mobile router. The Mobile IP LAN protocol is implemented based on this concept. It requires two special nodes (a home agent and a mobile router) equipped with network routing software, tunneling software, and an IP address on the foreign network. Hence, when IP mobile, a mobile LAN’s tunneled network traffic must traverse one or more foreign networks that may not be trusted. This traffic could be subject to eavesdropping, interception, modification, or redirection by malicious nodes in these foreign networks. To protect network traffic passing through the tunnels, we use the port-forwarding feature provided by OpenSSH to provide a secure, bi-directional tunnel to carry the mobile LAN network traffic between the mobile router and the home agent. Port forwarding inherently takes advantage of the data encryption and data integrity features of OpenSSH to safeguard data flowing through the tunnel. OpenSSH also provides authentication that allows the mobile router and home agent to safely validate one another. Since OpenSSH software is found in the public domain, is available for most current operating systems, and is commonly used to provide secure network

One type of remote access VPN is a Virtual Private Dialup Network (VPDN). This term can be used to describe remote access VPNs (L2F, PPTP, and L2TP) in which remote users connect over a PSTN or Integrated Services Digital Network (ISDN) to a dial NAS. User data traffic is then tunneled to a VPN gateway. With so many remote users now connecting over cable, Digital Subscriber Line (DSL), and other high-speed connections, rather than via dial connections, this term is slightly outdated.

MPLS is likely used in VPNs due to the distinguished merits, e.g., fast forwarding, tunneling etc. MPLS VPN networks provide full address and traffic separation, and hide addressing structure of the core network and the VPNs. It is not possible from the outside to intrude into the core network or VPNs by abusing the MPLS mechanisms. Neither is it possible to intrude into a properly secured MPLS core. There is, in fact, one significant difference between VPNs based on MPLS and those based on Frame Relay or ATM. That is, the control structure of the core is on Layer 3. This initially raised concerns that the architecture could be open to DoS attacks from other VPNs or the Internet. This paper has demonstrated that it is possible to secure an MPLS infrastructure as that of ATM or Frame Relay services. It is also possible to offer Internet connectivity to MPLS-based VPNs in a secure manner.

Initial works in the field of virtual networking on top of overlay networks for grid computing include solutions like Violin [11], VNET [18], ViNe [19], and IPoP [8]. The pri- mary feature found in all virtual networking software is the support for all to all communication amongst peers in the virtual network, though their mechanisms for supporting this are different. Table 1 summarizes key differences among these approaches, which have been motivated by different assumptions about the target environment and use. In gen- eral, all these approaches share a common feature, namely native support for IP traffic, which imposes no changes to legacy applications. While each configuration may have had software requirements that imposed significant limitations, Table 1 presents only the concepts and ignores software spe- cific dependencies. The contributions of this paper largely stem from and extends upon initial work done in the IPoP overlay described in in [8, 10], which is described in more depth in the following section.

In this idea paper, we present the design and architecture of an inter­cloud virtual  private network (ICVPN), which provides secure communication as a service to end  users,  service  providers  (SP)  and  cloud  brokers  (CB)  over  multiple  cloud  infrastructure providers. At its core, it provides the ability to automatically establish  peer­to­peer  overlay  networks  comprising  of  the  virtual  machines  and  other  infrastructure resources constituting a cloud service. Using the same P2P techniques,  we  also  offer  a  distributed  key  management  service  which  facilitates  the  automatic  discovery  of  the  peers  participating  in  a  service  and  the  binding  of  cryptographic  constructs  like  keys,  certificates  and  fingerprints  to  their  identities.  In  all  of  this  undertaking,  the  only  configuration  required  from  the  users  of  the  system  is  the  creation  and  management  of  the  service  deployed  on  the  infrastructure  of  multiple  cloud  providers,  which  falls  under  the  scope  of  companion  components  of  the  OPTIMIS  toolkit  [1].  The  configuration  and  maintenance  of  the  VPN  connections  over the P2P overlay is autonomous and transparent to the consumers of this service.  The  ICVPN  overlay  is  managed  without  bothering  the  users  with  the  complicated  configurations  typically  required  to  set  up  the  key  management  and  virtual  networking  infrastructures  in  similar  problem  spaces.  To  achieve  this  goal,  our  overlay architecture offers following unique features:­ 

• AIM-VPN/Enhanced Performance (EP II) combines DES/3DES/AES (optimized for AES128 only) and Layer 3 (IPPCP) compression for Cisco 2691 and Cisco 3735—This advanced interface module (AIM) VPN Module can be added to current Cisco 2691, and Cisco 3725. This Module offers DES/3DES and new AES (Advanced Encryption standard) from the National Institute for Standards (http://csrc.nist.gov/encryption/aes/). This VPN module is optimized for AES128 key only and is ideal for network that require only AES128 encryption. In addition these VPN Modules support hardware-assisted Layer 3 (IPPCP) compression services where bandwidth conservation may lower network connection costs. This module can provide hardware-based encryption services up to 80-Mbps 3DES/AES128 performance in Cisco 2691 and 150-Mbps 3DES/AES128 performance in Cisco 3725 (max based on 1400 byte packet size).